Last Week, This Morning

July 21, 2025

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

CFPB Settles Allegations that Pawn Loans Violated MLA

On July 11, the Consumer Financial Protection Bureau announced that it obtained a stipulated final judgment and proposed order with the owner and operator of over 1,000 retail pawnshops in the U.S. that offered pawn loans through its wholly owned corporate subsidiaries, which are also subject to the order. The CFPB alleged that, since October 2016, the defendants made pawn loans to consumers with annual percentage rates of 200% or more, exceeding the Military Lending Act's maximum allowable APR of 36%. The CFPB also alleged that the defendants violated the MLA by making pawn loan borrowers sign contracts requiring them to submit to arbitration in the case of a dispute and by failing to make all required loan disclosures. Finally, the defendants were charged with violating the Consumer Financial Protection Act because the current alleged violations of the MLA were also allegedly in violation of a 2013 CFPB order against a predecessor entity.

The proposed settlement order requires the defendants to, among other things:

  • set aside $5 million for the purpose of providing redress to affected borrowers;
  • pay a $4 million fine to the CFPB's victims relief fund; and
  • comply with the MLA and either offer an MLA-compliant loan product or comply with a regulatory safe harbor meant to screen for MLA-protected borrowers.
Amicus Brief(ly): The defendants and the CFPB have been at odds for years, but this stipulated settlement should be the end of their disputes for a while. The financial penalties are not as significant as they would have been under previous leadership, but they are still material. MLA compliance is critical, and, as providers that focus on offering services to the military, the defendants have an interest in getting this investigation finalized and getting MLA compliance right. The defendants neither admitted nor denied the allegations in the complaint, which is standard for this kind of stipulated judgment and order but noteworthy because the defendants preserved their legal arguments about the applicability of the MLA to their pawn transactions for other litigation. As part of this settlement, the defendants announced that they will offer a new MLA-compliant pawn product for servicemembers and their families going forward. So ends one of the few cases left on the CFPB's docket.
OCC Discontinues Examining Banks for Disparate Impact Liability

On July 14, the Office of the Comptroller of the Currency issued Bulletin 2025-16 to announce that the agency's supervisory process for fair lending compliance no longer includes examining banks for disparate impact liability. The discontinuation of examining for disparate impact is in response to President Trump's Executive Order 14281, Restoring Equality of Opportunity and Meritocracy, which directs agencies to eliminate the use of disparate impact liability in all contexts. The bulletin states that OCC examiners will continue to regularly conduct fair lending risk assessments, analyze Home Mortgage Disclosure Act data for evidence of disparate treatment, conduct risk-based fair lending examinations, and take appropriate action if evidence of disparate treatment is found.

Amicus Brief(ly): Disparate impact - we hardly knew ye. For the unfamiliar, the disparate impact fair lending theory says that discrimination can occur when a facially neutral factor in underwriting or pricing credit affects protected consumers adversely (e.g., applications are denied more frequently or finance charge/interest rates are more frequently higher than those of consumers not protected against discrimination). While the theory is specifically recognized in some laws like the Fair Housing Act, it does not appear explicitly in the Equal Credit Opportunity Act, though the CFPB and other regulators have cited the theory to identify fair lending risk in examinations and investigations. The OCC's de-emphasis of the disparate impact theory is consistent with the directives in the April executive order that instructed agencies to avoid pursuit of disparate impact theories in examinations and investigations, even under statutes like the FHA that specifically recognize the theory. For the short term, it is clear that the federal government will not pursue creditors on disparate impact claims. Longer term, we'll have to wait and see.
Federal District Court Vacates CFPB's Medical Debt Rule

On July 11, the U.S. District Court for the Eastern District of Texas set aside and vacated the Consumer Financial Protection Bureau's medical debt rule - Prohibition on Creditors and Consumer Reporting Agencies Concerning Medical Information (Regulation V) - that was finalized on January 14, 2025.

The Fair Credit Reporting Act permits consumer reporting agencies to include information about consumers' medical debts in consumer reports when properly coded to conceal the consumer's underlying health condition, the name of the medical provider, and the nature of the medical services. The FCRA also authorizes creditors to consider such information to determine a consumer's credit eligibility. However, the medical debt rule amended Reg. V, which implements the FCRA, to prohibit consumer reporting agencies from including medical debt information - coded or otherwise - in consumer reports and to prohibit creditors from obtaining or using medical debt information - coded or otherwise - when making credit decisions.

Two trade associations sued the CFPB, alleging that the medical debt rule exceeded the Bureau's authority, in violation of the FCRA and the Administrative Procedure Act. After the trade associations moved for a preliminary injunction, the CFPB, under new leadership, requested a 3-month stay to consider its position. The court granted the stay and postponed the effective date of the rule, which was originally effective on March 17, 2025. The trade associations and the CFPB later filed a joint motion for consent judgment in which they agreed that the medical debt rule was unlawful and should be vacated. The court granted the joint motion for consent judgment, finding it fair, adequate, and reasonable. The court concluded that the medical debt rule unlawfully prohibited the reporting and use of properly coded medical debt information and, therefore, exceeded the CFPB's statutory authority.

Amicus Brief(ly): Did haste make waste with this CFPB rule? That may be the case, though cynics will argue that no matter what happened with the rule, it was going to get reversed under the new administration. When the CFPB took the aggressive step to finalize this rule early this year, staff may not have had a chance to run the traps and figure out whether prohibiting the reporting of accurately furnished information was permissible under the FCRA, especially after the Supreme Court's Loper-Bright decision last year that ended deference to agencies' interpretations of their statutes. The new-look CFPB was content to have the court undo the rule, agreeing with the trade groups that the agency had gone too far based on its statutory authority. But in a running theme for 2025, some states have stepped in to address concerns about the impact of medical debt on consumers, and several states (e.g., Colorado, Maine, and Oregon) have prohibited the furnishing of medical debt data to consumer reporting agencies. Others (e.g., California, Illinois, and New Jersey) have imposed restrictions that limit the ability of users of consumer reports (e.g., creditors) to rely on furnished medical debt information in their credit decision-making. More states have considered similar legislation, so this story is not yet fully told.
Missouri AG Sues Used Car Dealership for Failing to Deliver Titles to Buyers

The Missouri attorney general recently filed a lawsuit against a used car dealership, alleging that it sold vehicles to consumers without providing certificates of title in a timely manner, in violation of Section 310.210 of the Missouri Annotated Statutes, which concerns the assignment of a certificate of ownership upon the sale or transfer of a motor vehicle, and that such a violation is also a violation of the Missouri Merchandising Practices Act, which prohibits deceptive, fraudulent, and unfair business practices. The AG's complaint states that, in connection with each sale of a used vehicle to nine consumers, the dealership executed a written Agreement for Delayed Delivery of Certificate of Ownership expressly affirming delivery of the certificate of ownership within 30 days but then failed to deliver the certificates to any of the consumers. According to the AG's press release, the AG is seeking the following remedies:

  • a court order recognizing the affected consumers as the true and lawful owners of the vehicles they purchased from the dealership and directing the Missouri Department of Revenue to issue certificates of title to these consumers;
  • an injunction to prohibit the dealership from selling any additional vehicles in Missouri until it complies with state law by providing valid, timely titles;
  • restitution for affected consumers;
  • civil penalties; and
  • recovery of the state's legal costs, including all court, investigative, and litigation expenses.
Amicus Brief(ly): Failure by dealers to deliver titles to consumers or their creditors is a scourge to both, so good for the Missouri AG for taking this action to do something about it in the state. When title paperwork disappears, consumers do not have clear evidence of their ownership of the vehicles they purchased. And the absence of a new certificate of title reflecting a creditor's lien can impact the creditor's lien priority, as well as its standing as a secured party if a consumer should file for bankruptcy protection. The complaint does not include a lot of detail about the alleged "pattern and practice of deceptive conduct" on the part of the dealership, but the suit tells the dealership that the Missouri AG is paying attention. That should result in better focus on the title paperwork details at dealerships. That is a good consumer protection result.

Massachusetts AG Settles Claims Against Student Lender that Used AI Models in Underwriting

The Massachusetts attorney general recently announced a $2.5 million settlement with a Delaware-based student loan company that originates and refinances student loans and originates personal loans, resolving allegations that the company's use of artificial intelligence models in its underwriting practices violated the state's Consumer Protection Act and that it failed to take reasonable measures to mitigate fair lending risks while using its AI models to assist underwriting.

Specifically, the Massachusetts AG alleged that the company's use of AI models to underwrite a consumer's application for a loan led to disparate impact harm to non-white and non-citizen applicants, including affecting an applicant's eligibility for a loan or the loan terms and pricing for approved applicants. The AG also alleged that the company used a "Cohort Default Rate" variable - an average rate of loan defaults associated with a particular educational institution - in its AI underwriting models, resulting in discrimination against applicants based on race with respect to approval rates and loan terms. In addition, the AG alleged that the company used arbitrary human-based assessments in its underwriting of loan applicants, including providing underwriters with discretion to override the AI models' recommendations on approvals/denials and pricing with no written policy for how exceptions to the AI models' recommendations would be made or a practice for how to record these discretionary decisions when they were made. The AG also alleged that the company used a "Knockout Rule" that automatically denied loan applications based on an applicant's immigration status, specifically those applicants without a green card, purportedly creating a risk of disparate impact against applicants on the basis of national origin. Finally, the AG alleged that the company sent adverse action notices to applicants that were incorrect or failed to identify specific reasons for declining the applicant.

The settlement requires the company to develop, implement, and maintain a written corporate governance system of fair lending testing, internal controls, and risk assessments for the use of AI models and to discontinue the use of both the "Cohort Default Rate" variable and "Knockout Rule" based on immigration status in its underwriting.

Amicus Brief(ly): Speaking of disparate impact claims, you can count on Massachusetts to step in and stay active on consumer protection matters, whether or not the federal government is focused on the same issues. Lenders will tell you that AI can be very helpful in underwriting and credit pricing, while regulators like the CFPB (prior administration) and the Massachusetts AG (in 2024) have identified concerns that although AI programs are designed to automate underwriting and eliminate human biases, they can actually reflect embedded biases and lead to discriminatory outcomes. The Massachusetts AG's allegations against the student lender in this settlement include claims of disparate treatment of certain credit applicants and disparate impact affecting others. Despite the federal government's disavowal of the disparate impact theory, it appears that at least some states consider it a viable claim. That should not surprise or upset compliance professionals focused on fair lending at their companies who are used to looking for ways to improve underwriting processes in recognition of the financial gain that comes from approving creditworthy consumers regardless of their demographics, while avoiding discrimination that could turn away good applicants. Their focus remains the same.
1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.