Sunday, March 2, 2014

Can Recent Enforcement Actions Provide Guidance On The CFPB’s Position On UDAAPs?



           The Dodd-Frank Act gave the Consumer Financial Protection Bureau (“CFPB”) sweeping authority to prohibit the use of “unfair, deceptive or abusive” acts or practices (“UDAAPs”) in connection with the collection of consumer debts.  These terms are broadly defined to provide the CFPB with maximum flexibility when carrying out its consumer protection mission.  But how can a collector know exactly what the CFPB will consider to be an “unfair” or “deceptive” or “abusive” collection practice?   The CFPB has provided some guidance on UDAAPs in the bulletin it released in July 2013 and in the Examination Manual that it published in 2012.  Beyond this, debt buyers and other collectors can read the UDAAP tea leaves by examining the recent enforcement activity of the CFPB and other regulators.


            First, we should start with the UDAAP definitions.  An act or practice will be considered “unfair” if the CFPB finds that it “causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers” and “such substantial injury is not outweighed by countervailing benefits to consumers or to competition.”  See 12 U.S.C. § 5531(c)(1).  To determine if an act or practice is “unfair” the CFPB “may consider established public policies” but they “may not serve as a primary basis for such determination.”  Id. at § 5531(c)(2).


            An act or practice will be considered “abusive” if the CFPB finds that it “materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service” or it “takes unreasonable advantage of a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service” or “the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service” or “the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.”  Id. at § 5531(d).


            An act or practice will be deemed “deceptive” if the CFPB find that it “(1) misleads or is likely to mislead the consumer; (2) the consumer’s interpretation is reasonable under the circumstances; and (3) the misleading act or practice is material.”  See CFPB Bulletin 2013-07, July 10, 2013, Prohibition of Unfair, Deceptive, or Abusive Acts or Practices In The Collection Of Consumer Debts, at p. 3.  The CFBP will consider “the totality of the circumstances” when determining if an act or practice has actually misled or is likely to mislead a consumer, and it will look at implied representations as well as omissions.  Id.  The standard for “deceptive” used by the CFPB under the Dodd-Frank Act will be “informed by the standards for the same terms under Section 5 of the FTC Act.”  Id. at n.16.  If a representation conveys more than one reasonable meaning to consumers, one of which is false, then it may be misleading.  Id. at p. 4. “Material” information is that which is “likely important to consumers” and that “is likely to affect a consumer’s choice of, or conduct regarding, the product or service.” Id. 


             With definitions this broad, it can be difficult for collectors to anticipate what conduct might be considered to be a UDAAP.  One method for identifying areas of potential concern, however, is to analyze the recent enforcement actions by the CFPB and other regulators filed against debt buyers and original creditors.  


             The most comprehensive enforcement action against a debt buyer in recent years was brought by the FTC, not the CFPB.  On January 30, 2012, the FTC entered into a Consent Decree with Asset Acceptance, LLC (“Asset”) relating to its allegedly false, deceptive and misleading debt collection and credit reporting practices. 


             A major focus of the Asset Consent Decree was the concern over the accuracy and reliability of the data underlying Asset’s accounts.  Asset agreed that it would not to make any material representation that a consumer owed any debt unless it had a reasonable basis for making the representation.  Asset agreed that it could reasonably rely on the information provided by original creditors, unless there was a “reasonable indication” – after taking into account the reliability and source of the information – that the information is incomplete, inaccurate, unreliable or that it does not substantiate the claim.  Should Asset discover that the information regarding a specific portfolio of accounts may be unreliable or inaccurate or missing material information, it agreed to terminate collection efforts on the entire portfolio until it conducts a reasonable investigation.  Factors that may call into question the accuracy of a portfolio of accounts include a disproportionately high rate of consumer disputes, lack of availability of documentation, a disproportionately high rate of missing data relating to the accounts in the portfolio, or any other information learned about the credit originator or its methods of doing business that calls into question the accuracy or completeness of the account data.


             Consumer complaints were also a major focus of the Asset Consent Decree.  If a consumer, at any time, questions, disputes or challenges the accuracy or completeness of the information that Asset is relying on, Asset agreed either to close the account permanently and request deletion of the tradeline, or to report the account as disputed and conduct a complete and reasonable investigation into the dispute. 


             The Asset Consent Decree also reflects the FTC’s hostility to collecting time-barred debts.  If Asset knows or should know the debt has passed the applicable statute of limitations for litigation, it agreed to provide the consumer with a new notice stating:  “The law limits how long you can be sued on a debt.  Because of the age of your debt, we will not sue you for it.  If you do not pay the debt, we may continue to report it to the credit reporting agencies as unpaid.”  If the obsolescence period for reporting the debt to consumer reporting agencies has also expired, Asset will provide a notice stating:  “The law limits how long you can be sued on a debt.  Because of the age of your debt, we will not sue you for it, and we will not report it to any credit reporting agency.”  In addition to these notices, Asset agreed to provide consumers with a lengthy new notice on each written communication that summarizes their rights under the FDCPA.  Finally, the Consent Decree provides that Asset will pay a civil penalty of $2.5 million to the FTC.


             Enforcement actions filed against original creditors can also provide guidance to debt buyers and other collectors about areas of CFPB concern.  For example, service provider practices were a major focus of the July 18, 2012 Stipulation and Consent Order between the CFPB and Capital One Bank, (USA) N.A. (“CapOne”) which related to allegedly deceptive practices in the sale of payment protection and credit monitoring products made by CapOne’s service providers during the card activation process.  The CFPB charged that CapOne violated section 5536 of the Dodd-Frank Act when call center representatives employed by CapOne’s service providers deviated from the call scripts, or misinterpreted them, while explaining the products to consumers, and that ‘ineffective oversight” by CapOne had resulted in the failure to detect and prevent these improper sales practices.  Among other things, CapOne agreed to implement a new “Bank Service Provider Management Policy” which, at a minimum, will require: 1) that CapOne assess, before entering into any contract, whether a service provider has the capacity to comply with all consumer protection laws, 2) that CapOne have contracts that require service providers to train their employees on CapOne’s policies and applicable consumer protection laws, and that allow CapOne to terminate the agreement for noncompliance, and 3) that CapOne conduct periodic onsite reviews of the service providers’ controls, performance and information systems.  CapOne agreed to reimburse approximately $140 million to its customers and to pay a $25 million penalty to the CFPB.


             Credit reporting practices, service provider oversight and time-barred debts were a focus of the October 2012 Consent Order between the CFPB and American Express Centurion Bank, Salt Lake City, Utah and American Express Bank, FSB (“Amex”) which related to allegedly unfair, deceptive and abusive practices engaged in by Amex in violation of sections 5531 and 5536 of the Dodd-Frank Act.  The CFPB claimed that Amex had misrepresented to certain consumers that the payment of their debts could improve their credit scores, despite the fact that Amex was not reporting those debts to the consumer reporting agencies.  Amex also allegedly failed to report certain consumer disputes to the consumer reporting agencies.  The CFPB claimed that Amex had failed to implement an effective employee training program regarding applicable consumer protection laws, and had failed to adequately monitor consumer complaints.  According to the CFPB, Amex had failed to properly manage its service providers, who had committed the alleged violations.


             Amex agreed to “continue to provide disclosures concerning the expiration of the Bank's litigation rights when collecting debt that is barred by applicable state statutes of limitations.”  In addition, when collecting on obsolete debt, Amex agreed to provide a new disclosure which states: “The law limits how long a debt can be reported to a consumer reporting agency.  Because of the age of your debt, we cannot report it to a consumer reporting agency.  Payment or non-payment of this debt will not affect your credit score.”  If Amex sells any time-barred or obsolete debt, it must require the buyer to provide consumers with the same disclosures.  Amex agreed to pay $85 million of restitution to cardholders, $14.1 million of civil penalties to the CFPB, and to substantially revise its Compliance Risk Management Program. 


             Telephone harassment, consumer disputes and voice mail messages were a focus of the July 9, 2013 Stipulated Order For Permanent Injunction and Monetary Judgment between the FTC and Expert Global Solutions, Inc., f/k/a NCO Group, Inc. (“NCO”).  NCO agreed that there would be a rebuttable presumption that it intended to annoy, abuse or harass a person if it placed more than one call to any person about a debt after that person had notified NCO “either orally or in writing” that the person refused to pay or wanted NCO to cease further communication.  NCO also agreed not place calls to any telephone number about a particular account if NCO had already been informed by anyone at that number that the debtor cannot be reached at that number or the person does not have location information about the debtor.


             If at any time any person “denies, disputes or challenges” NCO’s claim that they owe a debt, NCO must, within fourteen (14) days, report the debt as disputed to the consumer reporting agencies, or request deletion of the reporting concerning the account.  In addition, following any such dispute, NCO must commence and complete an investigation within thirty (30) days.  If NCO concludes that the consumer owes the debt, it must within fifteen (15) days provide the consumer with verification of the debt, and inform the consumer of NCO’s conclusion and the basis for it.  If NCO concludes that the consumer does not owe the debt, it must within fifteen (15) days inform the consumer of this conclusion, request deletion of the tradeline, cease collection efforts and not sell or transfer the debt.


             Regarding voicemails, NCO agreed that it would not leave any voicemail message that states the first or last name of the debtor and that NCO is a debt collector attempting to collect a debt, or that the debtor owes any debt, unless 1) the greeting on the voicemail includes a first and last name that is the same as the debtor, or 2) NCO has already spoken to the debtor using the phone number associated with voicemail.


             NCO also agreed to provide a new notice to consumers on each written communication sent to collect a debt, as follows: “Federal and state law prohibit certain methods of debt collection, and require that we treat you fairly.  If you have a complaint about the way we are collecting your debt, please visit our website at www.ncogroup.com or contact the FTC online at www.FTC.gov; by phone at 1-877-FTC-HELP; or by mail at 600 Pennsylvania Ave, NW, Washington, DC 20580.  If you want information about your rights when you are contacted by a debt collector, please contact the FTC online at www.ftc.gov.”  NCO also agreed to judgment for a civil penalty totaling $3.2 million.


             Collection litigation practices were the focus of the September 18, 2013 Consent Order between the Office of the Comptroller of the Currency (“OCC”) and JPMorgan Chase Bank, N.A., JPMorgan Bank and Trust Company, N.A., and Chase Bank USA, N.A. (“Chase”).  The OCC alleged that Chase had engaged in “unsafe or unsound banking practices” by, among other things, 1) filing affidavits where the affiant made claims that were not based upon personal knowledge or a review of relevant business records, 2) obtaining judgments based on false affidavits with financial errors in favor of Chase, 3) filing documents that were not properly notarized, and 4) failing to implement policies and procedures to properly oversee internal and external collection litigation processes.  Chase agreed to implement a new Collections Litigation Plan to address the deficiencies in the Bank’s internal collection litigation practices.  When using any third party providers in connection with collection litigation, including law firms, Chase agreed to implement policies and procedures to ensure that the third parties comply with all legal requirements and OCC guidance.  In addition, when selling debt, Chase agreed to ensure that it complies with the OCC’s guidance on debt sales, including conducting due diligence on all debt buyers to evaluate their past and future performance in complying with consumer protection and debt collection laws.


             Robo-signing was a focus of the November 20, 2013 Consent Order between the CFPB and Cash America International, Inc. (“Cash America”).  The Consent Order related in part to the allegedly unfair, deceptive or abusive debt collection practices in violation of section 5531 and 5536 of the Dodd-Frank Act by its Ohio-based subsidiary, Cashland Financial Services, Inc. (“Cashland”).  According to the CFPB, between January 2008 and September 2012, legal assistants employed by Cashland were manually stamping the signatures of managers or attorneys on debt collection affidavits or pleadings without prior review of those affidavits or pleadings by the manager or attorney.  In addition, legal assistants were allegedly notarizing certain debt collection documents without following the procedures required by applicable notary law.  The CFPB found these practices were “unfair” because they “could potentially cause consumers to pay incorrect debts or legal costs and court fees to defend against invalid or excessive claims” and that they were “deceptive” because they were likely to mislead consumers “into believing that the affidavits or other court filings were reviewed, executed, and notarized in compliance with applicable law and this information was material to consumers subject to debt collection litigation.”  According to the CFPB, Cash America had failed to conduct adequate internal compliance audits and had therefore failed to prevent or detect the improper conduct in a timely manner.  Cash America paid $8 million to affected consumers, a $5 million civil penalty to the CFPB, and agreed to implement a comprehensive Compliance Plan designed to ensure compliance with applicable consumer financial laws.


             While it is impossible to predict what the CFPB might consider to be a UDAAP in the future, these recent enforcement actions – which have focused on data integrity, consumer disputes, service provider oversight, time-barred and obsolete debt, telephone harassment, voice mail messages and robo-signing practices – can provide guidance on areas of potential concern.