July 21, 2025
Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.
On July 11, the Consumer Financial Protection Bureau announced that it obtained a stipulated final judgment and proposed order with the owner and operator of over 1,000 retail pawnshops in the U.S. that offered pawn loans through its wholly owned corporate subsidiaries, which are also subject to the order. The CFPB alleged that, since October 2016, the defendants made pawn loans to consumers with annual percentage rates of 200% or more, exceeding the Military Lending Act's maximum allowable APR of 36%. The CFPB also alleged that the defendants violated the MLA by making pawn loan borrowers sign contracts requiring them to submit to arbitration in the case of a dispute and by failing to make all required loan disclosures. Finally, the defendants were charged with violating the Consumer Financial Protection Act because the current alleged violations of the MLA were also allegedly in violation of a 2013 CFPB order against a predecessor entity.
The proposed settlement order requires the defendants to, among other things:
|
On July 14, the Office of the Comptroller of the Currency issued Bulletin 2025-16 to announce that the agency's supervisory process for fair lending compliance no longer includes examining banks for disparate impact liability. The discontinuation of examining for disparate impact is in response to President Trump's Executive Order 14281, Restoring Equality of Opportunity and Meritocracy, which directs agencies to eliminate the use of disparate impact liability in all contexts. The bulletin states that OCC examiners will continue to regularly conduct fair lending risk assessments, analyze Home Mortgage Disclosure Act data for evidence of disparate treatment, conduct risk-based fair lending examinations, and take appropriate action if evidence of disparate treatment is found.
|
On July 11, the U.S. District Court for the Eastern District of Texas set aside and vacated the Consumer Financial Protection Bureau's medical debt rule - Prohibition on Creditors and Consumer Reporting Agencies Concerning Medical Information (Regulation V) - that was finalized on January 14, 2025.
The Fair Credit Reporting Act permits consumer reporting agencies to include information about consumers' medical debts in consumer reports when properly coded to conceal the consumer's underlying health condition, the name of the medical provider, and the nature of the medical services. The FCRA also authorizes creditors to consider such information to determine a consumer's credit eligibility. However, the medical debt rule amended Reg. V, which implements the FCRA, to prohibit consumer reporting agencies from including medical debt information - coded or otherwise - in consumer reports and to prohibit creditors from obtaining or using medical debt information - coded or otherwise - when making credit decisions.
Two trade associations sued the CFPB, alleging that the medical debt rule exceeded the Bureau's authority, in violation of the FCRA and the Administrative Procedure Act. After the trade associations moved for a preliminary injunction, the CFPB, under new leadership, requested a 3-month stay to consider its position. The court granted the stay and postponed the effective date of the rule, which was originally effective on March 17, 2025. The trade associations and the CFPB later filed a joint motion for consent judgment in which they agreed that the medical debt rule was unlawful and should be vacated. The court granted the joint motion for consent judgment, finding it fair, adequate, and reasonable. The court concluded that the medical debt rule unlawfully prohibited the reporting and use of properly coded medical debt information and, therefore, exceeded the CFPB's statutory authority.
|
The Missouri attorney general recently filed a lawsuit against a used car dealership, alleging that it sold vehicles to consumers without providing certificates of title in a timely manner, in violation of Section 310.210 of the Missouri Annotated Statutes, which concerns the assignment of a certificate of ownership upon the sale or transfer of a motor vehicle, and that such a violation is also a violation of the Missouri Merchandising Practices Act, which prohibits deceptive, fraudulent, and unfair business practices. The AG's complaint states that, in connection with each sale of a used vehicle to nine consumers, the dealership executed a written Agreement for Delayed Delivery of Certificate of Ownership expressly affirming delivery of the certificate of ownership within 30 days but then failed to deliver the certificates to any of the consumers. According to the AG's press release, the AG is seeking the following remedies:
|
The Massachusetts attorney general recently announced a $2.5 million settlement with a Delaware-based student loan company that originates and refinances student loans and originates personal loans, resolving allegations that the company's use of artificial intelligence models in its underwriting practices violated the state's Consumer Protection Act and that it failed to take reasonable measures to mitigate fair lending risks while using its AI models to assist underwriting.
Specifically, the Massachusetts AG alleged that the company's use of AI models to underwrite a consumer's application for a loan led to disparate impact harm to non-white and non-citizen applicants, including affecting an applicant's eligibility for a loan or the loan terms and pricing for approved applicants. The AG also alleged that the company used a "Cohort Default Rate" variable - an average rate of loan defaults associated with a particular educational institution - in its AI underwriting models, resulting in discrimination against applicants based on race with respect to approval rates and loan terms. In addition, the AG alleged that the company used arbitrary human-based assessments in its underwriting of loan applicants, including providing underwriters with discretion to override the AI models' recommendations on approvals/denials and pricing with no written policy for how exceptions to the AI models' recommendations would be made or a practice for how to record these discretionary decisions when they were made. The AG also alleged that the company used a "Knockout Rule" that automatically denied loan applications based on an applicant's immigration status, specifically those applicants without a green card, purportedly creating a risk of disparate impact against applicants on the basis of national origin. Finally, the AG alleged that the company sent adverse action notices to applicants that were incorrect or failed to identify specific reasons for declining the applicant.
The settlement requires the company to develop, implement, and maintain a written corporate governance system of fair lending testing, internal controls, and risk assessments for the use of AI models and to discontinue the use of both the "Cohort Default Rate" variable and "Knockout Rule" based on immigration status in its underwriting.
|