Last Week, This Morning

January 27, 2025

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

President Trump Signs Executive Order Imposing Regulatory Freeze

On January 20, President Trump signed an Executive Order imposing a regulatory freeze. The EO orders all federal executive departments and agencies to take the following steps:

"(1) Do not propose or issue any rule in any manner, including by sending a rule to the Office of the Federal Register (the "OFR"), until a department or agency head appointed or designated by the President ... reviews and approves the rule. ... The Director or Acting Director of the Office of Management and Budget may exempt any rule that he deems necessary to address emergency situations or other urgent circumstances....

(2) Immediately withdraw any rules that have been sent to the OFR but not published in the Federal Register, so that they can be reviewed and approved as described in paragraph 1....

(3) ... [C]onsider postponing for 60 days from the date of this memorandum the effective date for any rules that have been published in the Federal Register or any rules that have been issued in any manner but have not taken effect, for the purpose of reviewing any questions of fact, law, and policy that the rules may raise. During this 60-day period, where appropriate and consistent with applicable law, consider opening a comment period to allow interested parties to provide comments about issues of fact, law, and policy raised by the rules postponed under this memorandum, and consider reevaluating pending petitions involving such rules. As appropriate and consistent with applicable law, and where necessary to continue to review these questions of fact, law, and policy, consider further delaying, or publishing for notice and comment, proposed rules further delaying such rules beyond the 60-day period.

(4) Following the postponement described in paragraph 3, no further action needs to be taken for those rules that raise no substantial questions of fact, law, or policy. For those rules that raise substantial questions of fact, law, or policy, agencies should notify and take further appropriate action in consultation with the OMB Director."

Amicus brief(ly): This move by the new administration was foreseeable, at least in part because the incoming administration previewed it for us while the Consumer Financial Protection Bureau was so busy over the past few months. Final rules tied up in litigation with the industry, like the medical debt reporting rule and the rule limiting overdraft fees to $5, may see their effective dates delayed to allow a new director (Director Chopra has not yet been fired as of the time of this writing) to seek additional public comment (the litigation has numerous potential outcomes as well). Proposed rules, like the Fair Credit Reporting Act data broker rule, face an uncertain future. If they survive internal review at the CFPB under a new director, they may look materially different when (and if) finalized. Stay tuned because the next several months will be eventful.

DOJ and Bank Resolve Allegations that Bank's Student Loan Refinance Program Violated ECOA

On January 18, the U.S. Department of Justice entered into a $1.5 million consent order with a state-chartered community bank to resolve allegations that it discriminated based on race in connection with its student loan refinance program, in violation of the Equal Credit Opportunity Act and its implementing Regulation B. The refinance program required applicants to graduate from an "eligible school" to qualify. The bank defined an eligible school, in part, as one that fell below the Cohort Default Rate ("CDR") threshold that the bank's management periodically established based on annual, national CDR averages. The CDR is a number calculated by the U.S. Department of Education for institutions of higher education that represents the percentage of that institution's students who default on certain federal student loans within three years of starting repayment. Under this CDR policy, the bank automatically denied graduates of schools with CDRs above its established thresholds the ability to qualify for its refinance program.

The DOJ alleged that the bank's CDR policy disproportionately excluded Black and American Indian/Alaska Native bachelor's degree recipients as compared to similarly situated graduates of other demographic groups. According to the DOJ's complaint, Black bachelor's degree recipients were as much as 4.31 times more likely to be denied than bachelor's degree recipients who were not Black; American Indian/Alaska Native bachelor's degree recipients were as much as 2.98 times more likely to be denied than comparable degree recipients who were not American Indian/Alaska Native. In contrast, and with limited exception, bachelor's degree recipients of other races and national origins were more likely to be included in than excluded from the refinance program under the CDR policy. In addition, the DOJ alleged that the bank's CDR policy disproportionately excluded graduates from majority-Black post-secondary institutions.

The DOJ's complaint went on to allege that the bank failed to provide applicants with proper notification of their denial of eligibility for the refinance program.

Amicus brief(ly): All the way back in 2012, a young Consumer Financial Protection Bureau identified fair lending risk for lenders that use the CDR to help make student loan underwriting decisions because Black and Hispanic students were materially more likely to attend schools with higher CDRs. Using the CDR as a "hard-cut" eligibility criterion can prevent an otherwise creditworthy student from being considered for a loan in a lending program that relies on CDR for eligibility, which has a disparate impact on those minority students. The DOJ's announcement cited that concern as a reason for its pursuit of the bank subject to the consent order, stating that the bank's underwriting policy "denied and discouraged Black, American Indian and Alaska Native graduates seeking to refinance student loans for reasons that were wholly unrelated to their personal merit or ability to repay their loans." This was not a terribly expensive settlement given the allegations, but it serves as a reminder for student lenders to review underwriting and scoring models to ensure that the models do not focus too much on the historical loan performance of a school's graduates when evaluating an applicant's individual creditworthiness profile.

CFPB's Special Edition of Supervisory Highlights Focuses on Use of Credit Scoring Models

The Consumer Financial Protection Bureau recently issued a special edition of its Supervisory Highlights that focuses on supervisory examinations of financial institutions that use credit scoring models, including models built with artificial intelligence and machine learning technology, when making credit decisions. The examinations looked at whether an institution's use of its credit scoring model complied with the Equal Credit Opportunity Act and its implementing Regulation B, evaluating models for disparate treatment (such as whether models used prohibited basis variables or variables that may be proxies for prohibited bases) and disparate impact.

Specifically, the report highlights supervisory examinations of credit card lenders and vehicle finance companies with respect to their use of credit scoring models. During its examination of certain credit card lenders, the CFPB reviewed the lenders' use of credit scoring models in the underwriting and pricing of credit card applications. Examiners found disparities in underwriting and pricing outcomes for Black and Hispanic applicants when compared to White applicants and suggested that the way the lenders developed or implemented their credit scoring models contributed to some of those disparities. Examiners also found deficient fair lending compliance management systems.

During its examination of certain vehicle finance companies' use of credit scoring models, the CFPB found that some models used more than a thousand input variables, including many not traditionally used in credit scoring that may be considered "alternative data." The CFPB noted that, "[a]s explained in an Interagency Statement on the Use of Alternative Data in Credit Underwriting, data not directly related to consumers' finances and how consumers manage their financial commitments may present great consumer protection risks and warrant more robust compliance management." Examiners also "identified risks associated with the use of such a large number of input variables, including difficulties in being able to effectively monitor whether any variables, individually or in combination, acted as a proxy for prohibited bases under ECOA." "Additionally, when evaluating models for disparate impact, institutions did not meaningfully identify and consider comparably accurate inputs with less discriminatory effects, nor did they adequately document the business need for the model inputs the institutions identified as contributing to prohibited basis disparities." Finally, examiners found that "the institutions did not sufficiently ensure compliance with adverse action notice requirements, including how they selected the reasons given in adverse action notices when the adverse action was based on the model score. Examiners also found that the institutions had not validated that their processes for selecting reasons produced accurate results."

The CFPB has directed institutions to consider alternative credit scoring models, where appropriate, and implement them to address the risk of unlawful discrimination.

Amicus brief(ly): The CFPB used this special edition of its Supervisory Highlights to let lenders know that its concerns about the potential for algorithmic bias in the use of AI in scoring models played out in examinations. For the past couple of years, as lenders have increasingly relied on AI to help design scoring models that incorporate alternative data for the stated purpose of identifying potentially creditworthy customers, the CFPB has cautioned those lenders not to rely too heavily on alternative data that do not appear facially to bear on creditworthiness because that can lead to discrimination. The CFPB evidently saw evidence of that discrimination in its recent examinations. It also noted that lenders had trouble complying with adverse action notice requirements to identify the specific denial reasons, which can be obscured when lenders use complex, multi-factor underwriting models. The CFPB points out that the underlying anti-discrimination laws have not changed, notwithstanding new decision-making technologies that can streamline originations. As they change and update scoring models, lenders should be conducting statistical analyses of their underwriting (and pricing) data to look for potentially disparate adverse impacts on protected consumers.

Provider of Merchant Cash Advances Settles Lawsuit with New York AG

On January 22, New York Attorney General Letitia James announced an approximately $1 billion proposed settlement with a provider of merchant cash advances and other entities, along with two of the provider's officers, resolving allegations that the provider and the other entities violated New York law by extending usurious loans to small businesses and disguising them as sales-based financing transactions (or "merchant cash advances," as the proposed settlement refers to them). The settlement ends the AG's case against most of the defendants in the lawsuit, leaving only two entities and eight individuals with claims against them.

Under the terms of the settlement, the defendants are permanently barred from the sales-based financing business. All outstanding debts owed to the settling defendants under financing agreements are cancelled, and the settling defendants represent that they have not assigned any of those debts to third parties. The settling defendants must dismiss all actions to collect outstanding debts and vacate all associated Uniform Commercial Code liens. For the cancelled debts, the settling defendants will receive about $534 million worth of credit against a $1.065 billion judgment. They also agreed to pay $3.4 million directly to the AG's office. The individual officers agreed to pay another $12.7 million. With these credits and payments, the remaining unsatisfied judgment will be about $514 million. The settlement does not indicate how the defendants will satisfy that part of the judgment. The money will go toward restitution, penalties, the AG's costs of investigation, and the AG's administrative costs.

The settling defendants also agreed to cooperate in the AG's case against the remaining defendants and retain all relevant records for three years or until the conclusion of the case, whichever is longer. One of the individual officers will guarantee the obligations of the settling defendants and will be subject to a $30 million penalty if he fails to comply with the terms of the proposed settlement.

According to the AG's news release, the AG will continue to pursue her case against the defendants that are not part of the settlement.

Amicus brief(ly): That's gonna leave a mark (footnote to the late Chris Farley for that line of classic understatement, which seems appropriate here). New York's AG makes some strong statements in the news release, but when the value of the settlement exceeds $1 billion, it is probably best that we not focus on the wording of the news release. Instead, the real issue appears to be the claims in the complaint filed in March of last year, which alleged that the defendants' sales-based financing transactions were really usurious loans in large part because the defendants did not reconcile merchant payments to reflect fluctuations in receipts - a must for a sales-based financing transaction. Providers in the industry would do well to take a moment and review agreements, as well as servicing practices, to ensure that their programs are not vulnerable to the kinds of claims made in this complaint and settlement.

Vehicle Finance Company Resolves Allegations that It Inaccurately Reported Individuals as Delinquent During COVID-19 Payment Deferral Period

The Consumer Financial Protection Bureau recently entered into a consent order with a vehicle finance company, resolving allegations that it violated the Fair Credit Reporting Act and its implementing Regulation V and engaged in unfair, deceptive, or abusive acts or practices in violation of the Consumer Financial Protection Act.

Specifically, the CFPB alleged that, during the COVID-19 pandemic, the vehicle finance company allowed individuals to defer payments on their financing contracts and promised to continue reporting those individuals as current to credit reporting agencies. Instead, according to the complaint, the finance company reported those individuals as delinquent when they did not make payments that were not required during the deferral period.

The CFPB also alleged that the finance company failed to promptly update and correct information it furnished to CRAs that it determined was not complete or accurate; failed to complete indirect dispute investigations and report the results to CRAs within the prescribed time period; failed to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of the information about individuals it furnished to CRAs; and failed to conduct and complete investigations of individuals' direct disputes and report the results to individuals within the prescribed time period.

The consent order requires the finance company to pay $10.3 million in redress to affected individuals, take steps to correct its prior reporting, and pay a $2.5 million penalty to the CFPB's victims relief fund.

Amicus brief(ly): This CFPB consent order raises a valuable point for data furnishers in credit programs that allow payment deferrals, hardship accommodations, and other consumer-friendly efforts that recognize that life can be challenging. Specifically, if you agree with a consumer to amend the terms of the original credit agreement, your furnishing has to reflect the amended terms. Allowing a consumer to defer a payment means that the payment is not late. Allowing reduced payments for a period means that the originally scheduled payments are not due and are not late (or short) when paid at the level the consumer's accommodation allows. Accurate data furnishing is a handful even under ordinary circumstances. The substance of a strong data accuracy and integrity policy and - if separate - FCRA compliance policy should be very clear about how to furnish data that reflects then-current consumer obligations at any time, and furnishers would do well to monitor and test furnished data to ensure that their procedures reflect good policy.


1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.