Compliance Insights - July 2020 Download In your monthly compliance news roundup, you will read about: Implications of Class Action Suit Alleging Misleading Autopay Options Recapping Regulatory Responses to COVID-19 DOJ Updates Guidance on Evaluating Corporate Compliance Programs Regulators Aim to Provide Financial Institutions Clear Guidance and Improve Compliance Download Implications of Class Action Suit Alleging Misleading Autopay Options A complaint was filed on behalf of a financial institution customer in a New Jersey federal court on June 3, 2020, alleging that a large national bank intentionally deceived customers into accruing credit card debt by offering misleading automatic payment options online. The complaint states that the bank engaged in conduct that violated multiple North Carolina state laws, including the North Carolina Unfair and Deceptive Trade Practices Act and the North Carolina Debt Collection Act, as well as laws against unjust enrichment, and breached the implied covenant of good faith and fair dealing. Automatic payment, also known as autopay, allows customers to schedule recurring payments in various amounts in advance. According to the Consumer Finance Protection Bureau’s 2019 Consumer Credit Card Market report, the most common automatic payment options offered by card issuers are to pay 1) the statement or account balance, 2) the minimum payment amount, or 3) a different fixed payment amount that the customer selects. Choosing to pay the statement balance every month usually results in avoiding interest accrual or fees on the credit card balance. If the customer chooses to pay the minimum payment or a fixed payment that is less than the full balance, then the remaining balance will carry over to the next month and accrue interest in accordance with the cardholder’s agreement with the issuer. According to the complaint, in addition to the standard options of paying the minimum amount due, the account balance and a fixed amount, the bank offered a fourth payment option, titled Amount Due. The complaint states that there is no difference between the Amount Due and Minimum Amount options, as both will result in paying the minimum amount due on the account, resulting in fees or finance charges. Further, there is no disclosure or explanation that would indicate that there is no difference between these options, the complaint states, adding that a reasonable customer would conclude that by choosing Amount Due, he or she would be paying an amount other than the minimum amount, as these options exist independently. The plaintiff alleges that this option exists to mislead customers who had intended to pay their balance to make the minimum payment instead and accrue interest, thereby increasing the bank’s profits. In addition to the option being duplicative of the minimum payment option, Amount Due is the default option and listed first in the list of drop-down options. The class action was filed on behalf of all persons with the bank’s credit card who selected the Amount Due payment option when enabling automatic payments on the bank’s website. While the merits of this lawsuit will be decided in the courtroom, the case raises several cautionary implications for financial institutions. For example, when introducing new products, features or services, financial institutions should fully consider their intended use and benefit and a reasonable consumer’s interpretation, especially when the feature deviates from industry norms and standards. To avoid allegations of deceptive acts or practices, financial institutions should evaluate their products, features and services to determine whether: The representation, omission, act or practice misleads or is likely to mislead the consumer The consumer’s interpretation of the representation, omission, act or practice is reasonable under the circumstances The misleading representation, omission, act or practice is material. Additionally, financial institutions should regularly monitor and analyze consumer complaints to help identify any potential deceptive practices related to misleading or false statements, or missing disclosure information. Recapping Regulatory Responses to COVID-19 Regulators have responded with myriad programs in attempts to stave off consumer harm and financial institution violations due to the COVID-19 pandemic and its rippling effects. Over the first half of 2020, these measures have included guidance from the Consumer Financial Protection Bureau (CFPB) on industry forbearance, Regulation Z electronic credit card disclosures, Regulation E remittance transfers, Regulation V and the Fair Credit Reporting Act, and expectations for financial institutions. Industry Forbearance The CARES Act provides protections for borrowers with federally backed mortgages. Servicers of federally backed mortgages must provide forbearance as follows: Forbearance is granted upon receiving a forbearance request from a borrower and attestation to a financial hardship caused by the COVID-19 emergency. Forbearance can last as long as two consecutive 180-day periods. No additional interest, fees or penalties can be charged beyond the amounts scheduled or calculated if the borrower made all contractual payments under the terms of the mortgage contract. Servicers can grant CARES Act forbearance periods for less than 180 days at the borrower’s request or consent; however, they must default to the term requested by the borrower (not to exceed 180 days). In addition, servicers may not request documentation of the need for forbearance. Attestation of hardship due to COVID-19 is the exclusive requirement established by the CARES Act for forbearance. Regulation Z Electronic Credit Card Disclosures Regulation Z generally requires that credit card issuers provide disclosures to consumers in writing, while the consumer consent provisions of the E-Sign Act allow the disclosure to be provided electronically if certain stipulations are followed. One component requires the consumer to consent electronically that they are able to access information in an electronic form. Additionally, an E-Sign Act provision states that oral communications are not electronic and should not preclude entities such as card issuers from obtaining a consumer’s consent orally to electronic delivery of written disclosures. The E-Sign requirements may make it harder for consumers to obtain relief quickly where the CFPB’s rules require written disclosures, so long as the pandemic is leading to unusually high call volumes at issuers and constraining their staff capacity. To provide relief for consumers and expedite relief measures, the bureau will take a flexible supervisory and enforcement approach during the pandemic regarding card issuers’ electronic provision of disclosures required to be in writing for account opening disclosures and temporary rate or fee reduction disclosures mandated under the provisions governing non-home secured, open-end credit in Regulation Z. Specifically, this statement pertains to telephone interactions where a card issuer may seek to open a new credit card account for a consumer, provide certain temporary reductions in APRs or fees applicable to an existing account, or offer a low-rate balance transfer. In these instances, the CFPB does not intend to cite a violation in an examination or bring an enforcement action against an issuer that does not obtain a consumer’s E-Sign consent to electronic provision of the written disclosures required by Regulation Z during a phone call, so long as the issuer obtains both the consumer’s oral consent to electronic delivery of the written disclosures and oral affirmation of his or her ability to access and review the electronic written disclosures. Regulation E – Remittance Transfers In general, the Remittance Rule, or Regulation E, requires a remittance transfer provider to disclose the date when funds will be available in a foreign country to the recipient, and the provider’s failure do so by the disclosed date of availability is an error. The rule states that such a failure is not an error if it resulted from extraordinary circumstances outside the remittance transfer provider’s control and could not have reasonably anticipated. Some foreign governments have mandated closures of commercial activity in response to the COVID-19 pandemic, and these closures may prevent remittance transfer providers from delivering or transmitting a remittance transfer by the disclosed date of availability. Regulation V and the Fair Credit Reporting Act (FCRA) Under the CARES Act amendments to the FCRA, a consumer whose account was not previously delinquent is current on his or her loan if he or she has received an accommodation (payment assistance or relief granted to a consumer affected) and makes any payments the accommodation requires. An accommodation includes any payment assistance or relief granted to a consumer affected by the COVID-19 pandemic during certain dates. Accommodation can include agreements to defer one or more payments, make a partial payment, forbear any delinquent amounts, or modify a loan or contract. Summary Financial institutions must stay abreast of current and ever-changing guidance coming from regulatory agencies. Additionally, institutions must ensure that their staffing guidelines ensure appropriate training and education for customer facing employees to have timely information to best serve consumers and ensure regulatory compliance for financial institutions. Financial institutions must also ensure that policies and procedures are updated to encompass regulatory changes. Also, documenting every action taken to provide evidence and support to regulators when the time arises is key. DOJ Updates Guidance on Evaluating Corporate Compliance Programs In February 2017, the Department of Justice (DOJ) issued new guidance titled “Evaluation of Corporate Compliance Programs.” This guidance includes sample questions that prosecutors may ask when evaluating a company’s compliance program in the context of a criminal investigation and provides insights into how the DOJ will assess the effectiveness of a company’s overall compliance program. The guidance was updated in April 2019 and in June 2020. While the April 2019 update focused mainly on the same topics as the prior version, the structure of the guidance was changed to focus on three questions that prosecutors are expected to ask in evaluating compliance programs: Is the compliance program well designed? Is the compliance program effectively implemented? Does the compliance program actually work in practice? The June 2020 update maintains the same structure as the prior version, with one notable change: The revised June 2020 guidance revised the second question to more specifically ask, “Is the compliance program adequately resourced and empowered to function effectively?” The guidance notes further that “even a well-designed compliance program may be unsuccessful in practice if implementation is lax, under-resourced or otherwise ineffective.” Additionally, the guidance provides a list of best practice criteria, including commitment by senior and middle management, autonomy and resources that allow for sufficient access to data that produces “timely and effective monitoring and/or testing of policies, controls and transactions,” and incentives and disciplinary measures. Although questions one and three remain the same in the June 2020 update, the DOJ provides additional expectations across several aspects of corporate compliance programs, including: Risk assessments: A company’s assessment of risk is the “starting point” for evaluating the design of compliance programs, and prosecutors should “endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how the company’s compliance program has evolved over time.” Policies and procedures: Prosecutors should assess whether the company has established “policies and procedures that incorporate the culture of compliance into its day-to-day operations.” Training and communications: The company should provide risk-based training “offered in the form and language appropriate for the audience.” Employees should also be made aware of the company’s position concerning misconduct and the availability of guidance specific to compliance policies. Confidential reporting structure and investigation process: The guidance identifies a hallmark of a compliance program as one that has an “efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct.” Third-party management: Building on prior versions, the 2020 guidance now includes a question as to whether a company “engage[s] in risk management of third parties throughout the lifespan of the relationship, or primarily during the onboarding process,” which speaks to the importance of ongoing monitoring of third parties. Mergers and acquisitions (M&A): While previous iterations of the guidance focused on the due diligence process, the update also emphasizes post-acquisition actions, including the “timely and orderly” post-acquisition “integration of the acquired entity into existing compliance program structures and internal controls.” Although the revised guidance contains no large-scale changes or deviations from prior versions, it incorporates additional DOJ insights regarding compliance best practices and reflects regulators’ increasing expectations of corporate compliance programs. Companies should consider the guidance a useful resource for understanding the DOJ’s expectations for the design, implementation, review and sustainability of corporate compliance programs and should look to incorporate best practices, policies and procedures detailed within the various sections of the guidance. Regulators Aim to Provide Financial Institutions Clear Guidance and Improve Compliance The Consumer Financial Protection Bureau (CFPB) and the Office of the Comptroller of the Currency (OCC) recently released communications regarding new efforts to increase responsiveness and provide clarity around regulations. In both instances, the regulators aim to gather feedback from financial institutions to improve communications and enhance processes within the financial services industry. It is imperative that institutions participate in the feedback processes to drive the success of these new programs. CFPB Launches Pilot Advisory Opinion Program On June 18, 2020, the CFPB launched a pilot advisory opinion (AO) program to publicly address regulatory uncertainty regarding the bureau’s existing regulations. The pilot program will allow entities seeking to comply with regulatory requirements to submit a request where uncertainty exists. The CFPB will compile requests, select topics based on the program’s priorities and publish responses that will be available to the public. The program builds on the CFPB’s efforts to improve its guidance processes, recognizing that the public would benefit from a process that provides broader clarifications and not just to requesting individuals or entities. The pilot program will focus on four key priorities: Providing clear and timely information to consumers to enable them to make responsible decisions and adjustments Identifying outdated, unnecessary, or unduly burdensome regulations in order to reduce regulatory fatigue Establishing consistency in enforcement of federal consumer financial law to promote fair competition Ensuring that markets for consumer financial products and services operate transparently and efficiently to facilitate easier access and foster innovation. Additional factors that will determine whether an advisory opinion is appropriate include the frequency at which the issue has been noted in prior examinations, the level of impact of the issue where clarification would provide substantial benefit, and/or the issue concerns an ambiguity that the CFPB has not previously addressed. Advisory opinions will not be given for issues that are the subject of an ongoing investigation or enforcement action or the subject of an ongoing or planned rulemaking. Advisory opinions that are deemed appropriate will be based on its summary of the relevant facts and be presented in a way that is applicable to other entities in situations with similar facts and circumstances. All advisory opinions will be posted on the CFPB’s website and published in the Federal Register. In its pilot phase, the public can comment on the pilot program until August 21, 2020; the CFPB will take comments into consideration for improvement prior to the full implementation. As the AO pilot program is a service designed for the public, institutions should participate in, and comment on, it in order to gain the most value. Participation will provide the CFPB with the necessary information on where the AO program should provide clarification and how to improve its processes for providing effective communication. Participation will also allow the CFPB to determine where and when it should provide an advisory opinion based on the issue and the factors of appropriateness. Institutions should establish processes to monitor and intake CFPB responses and apply necessary updates to internal operations. OCC ANPR on Technological Advances The Office of the Comptroller of the Currency (OCC) has published an Advanced Notice of Proposed Rulemaking (ANPR) and is undertaking a comprehensive review of 12 CFR Part 7, Subpart E (National Bank Electronic Activities), and Part 155 (Electronic Operations of Federal Savings Associations) as components of the its efforts to remain responsive to the technological evolution of the federal banking system. The OCC aims to evaluate whether these regulations effectively account for the evolution of the financial services industry, promote economic growth while ensuring safe and sound operations, provide fair access to financial services, and comply with applicable laws and regulations. The OCC has invited the public – specifically, members of the financial services and technology sectors and consumer groups – to share experiences and comments on banking issues related to digital activities, use of technology or innovation. The questions and issues rates pertain to the effectiveness of Part 7, Subpart E, and Part 155 and include the following: Both regulations’ clarity, flexibility, and burdens to technological innovation Bank and customer activity related to cryptocurrencies or crypto assets Distributed ledger technology used in banking activities How artificial intelligence (AI) techniques are used or potentially used in activities related to banking Emerging payments technologies and processes of which the OCC should be aware Innovative tools financial services use to comply with applicable regulations (i.e., Regtech) Issues specific to smaller institutions regarding the use and implementation of innovative products Changes to the development and delivery of banking products and services for consumers Issues the OCC should consider given the changes to the banking system that have occurred in response to the COVID-19 pandemic Through participation and comments received, the OCC may propose specific revisions to its rules, which would then be provided to the public for commentary. Any revision by the OCC would be technology-neutral so that products, services and processes can evolve regardless of the changes in technology that enable them. Any regulation change should facilitate appropriate levels of consumer protection and privacy, including features that ensure transparency and informed consent. Financial services and technology institutions should take the opportunity to analyze their own processes and technology to provide feedback to the OCC as to how 12 CFR Part 7, Subpart E, and Part 155 affect their business. It is an opportunity to provide feedback on regulatory pain points and improvement opportunities to keep regulation current with the modern pace of technological innovation. Topics Risk Management and Regulatory Compliance Industries Financial Services