319-325-1171
5438 South Prairie View Drive West Des Moines, IA 50266
Blog Post
CFPB Again Expands Scope of UDAAP
Michael Christians • September 10, 2022
On Tuesday, September 6th, the Consumer Financial Protection Bureau (CFPB) issued Circular 2022-04 titled "Insufficient Data Protection or Security for Sensitive Consumer Information." In the circular, the CFPB puts financial institutions on notice that they can violate the prohibition against unfair acts and practices by having insufficient data protection or information security practices.
In addition to violating other federal laws governing data security, financial institutions with insufficient data protection or information security practices will likely also violate the prohibition against unfair acts and practices. An act or practice is unfair when:
- It causes or is likely to cause substantial injury to consumers,
- The injury is not reasonably avoidable by consumers, and
- The injury is not outweighed by countervailing benefits to consumers or to competition.
You can review Circular 2022-04 here.
Share this post
Recent Blog Posts
In Letter to Credit Unions 25-CU-03 , the National Credit Union Administration (NCUA) announced its new exam scheduling policy. Effective January 1, 2025, federally insured credit unions (FICUs) will be examined according to the following schedule: 8 to 12 months following its last examination date FICUs with ANY of the following characteristics - A CAMELS rating of 3, 4, or 5, Considered less than well capitalized, An outstanding enforcement action, or Assets greater than or equal to $10 billion. FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 3, 4, or 5, or A change in CEO since its last examination. 12 to 16 months following its last examination date FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 1 or 2, and No change in CEO since its last examination. 14 to 18 months following its last examination date Federal credit unions (FCUs) not included above Once every 5 years Federally insured state-chartered credit unions (FISCUs) not included above The NCUA believes this revised schedule will allow it to better respond to emerging risks and priorities using available resources. It is important to note that nothing in the new schedule limits the NCUA's authority to examine any FICU as frequently as the agency deems necessary.
Back in December 2023, the Federal Communications Commission (FCC) adopted a new rule amending the prior express written consent requirements under the Telephone Consumer Protection Act (TCPA). That rulemaking would have done a couple of things. First, it would have clarified that a consumer’s prior express written consent can apply to not more than one seller. In other words, the rule would have prevented a company from obtaining a consumer’s consent to the receipt of advertising and telemarketing messages both for itself as well as its affiliates. Second, the rule would have required that a consumer’s consent be logically and topically associated with the interaction that prompted the consent. That second requirement was particularly concerning for financial institutions. The language of the rulemaking seemed to suggest that an institution that captured prior express written consent at the time of account opening could not later rely on that same consent for purposes of sending advertising or telemarketing messages related to loans, credit cards, or other non-deposit products. The Insurance Marketing Coalition asked for a judicial review of the rulemaking at the Eleventh Circuit Court of Appeals. On January 24, 2025, that court vacated the new requirements. In its order, the court found that the FCC exceeded its statutory authority because the amendments to the definition of prior express written consent impermissibly conflicted with the statutory definition of the same term under the TCPA.
Following years of litigation, the Consumer Financial Protection Bureau’s 2017 payday lending rule will take effect on March 30, 2025. Three types of consumer loans are covered by the payday lending rule: Short-term loans that require repayment within 45 days, Longer term loans with a balloon payment, and Longer term loans for which the APR exceeds 36% and automatic payment is required from the consumer's account. Under the rule, covered lenders will have to adhere to both payment restrictions and notice requirements. First, when two consecutive automatic payment attempts have failed in connection with a covered loan, the lender is prohibited from attempting another withdrawal until it has obtained a new and specific authorization from the consumer. Second, the rule imposes the following notice requirements in connection with a covered loan: Written notice before the lender attempts to withdraw the first automatic payment from the consumer's account, Written notice before a subsequent automatic payment attempt that will differ in amount or effective date, and Written notice when two consecutive payment attempts have failed. Lenders that do not originate more than 2,500 covered loans in a calendar year are exempt from the rule’s requirements. Additional implementation resources regarding the payday lending rule are available from the CFPB here .
Address
5438 South Prairie View Drive
West Des Moines, IA 50266
Phone
319-325-1171
michael@mchristiansconsulting.com
Michael Christians Consulting, LLC
This website has been built to be accessible for all users. If you experience any difficulty in accessing this website, please contact us for assistance.
