The FDIC has released the March 2022 edition of Consumer Compliance Monitoring Highlights which includes a description of some of the most significant consumer compliance issues identified by FDIC examiners in consumer compliance reviews conducted in 2021.
The issues described in the report are:
- Regulation E liability protections. Examiners found the following instances of consumers being targeted for fraud:
- Customers of a bank that used a third-party service provider (TPSP) to manage their deposit accounts were contacted by someone posing as a representative from the bank’s fraud department who asked for account verification codes consumers. Believing they were communicating with the TPSP (working on behalf of the bank) about an unauthorized activity, the consumers provided their two-factor authentication codes which were used by the scammer to steal money. money in consumer accounts. The bank had attempted to limit its liability through a disclosure in its account agreement that stated that neither the bank nor the TFS would ever ask for the passcode. The FDIC has concluded that Regulation E liability protections for unauthorized electronic funds transfers (EFTs) apply even if a consumer is tricked into giving someone their authentication credentials and banks cannot not limit the consumer protections of Regulation E through account disclosure.
- Consumers provided their account credentials for fraudulent EFTs through a cash payment platform (MPP) such as Cash App, Zelle, or Venmo. When an MPP entered into an agreement with a consumer, the agreement extended to the bank holding the consumer’s account. The bank, as the institution holding the account, was held liable under Regulation E. In addition, the MPP, through which the EFT was made, was also held liable because it was considered as a “financial institution” under Regulation E.
FDIC recommendations for mitigating risk include (1) reviewing account agreements and disclosures (including those with FDICs) to ensure they do not attempt to limit consumer rights under Regulation E, and (2) implementing effective fraud detection and prevention measures, such as monitoring geographic data, spending patterns, merchant data, and IP addresses, to help detect fraudsters. potential fraudulent activities. (In June 2021, the CFPB published an Electronic Funds Transfer FAQ which it amended in December 2021 to address similar unauthorized use issues.)
- Automated overdraft programs. Examiners have identified violations of Section 5 (UDAP) in connection with some banks’ implementation of overdraft program conversions from a static limit to a dynamic limit. The examiners found that the banks had engaged in deceptive acts and practices by not disclosing enough information about the change from a static limit to a dynamic limit. The main changes that the banks did not disclose (and that the reviewers deemed important) included:
- Replacement of the fixed amount with an overdraft limit that could change as often as daily;
- The possibility that the new overdraft limit may sometimes be higher or lower than the fixed amount the customer was accustomed to; and
- The suspension of the overdraft limit when it drops to zero and how such a change could cause transactions to be returned to merchants and other third parties due to insufficient funds.
FDIC recommendations to mitigate risk include (1) providing clear and visible information to existing customers so that they are notified in advance of how a change from an overdraft limit sets them to a dynamic limit will affect, (2) disclosing overdraft limit changes in real time to consumers, and (3) explaining that the dynamic limit is set based on algorithms, or a set of rules, that weigh many variables and customer behaviors, how the limit (including frequency) may change, and how the limit may be suspended or reduced to zero when eligibility criteria are no longer met. (The CFPB has made overdraft practices a permanent object of criticism.)
- Re-submission of unpaid transactions. Reviewers identified consumer harm when banks charged multiple NSF fees for portraying unpaid transactions. Some account disclosures and agreements stated that an NSF check fee would be charged on a “per item” or “per transaction” basis. These terms were not clearly defined and the disclosures did not explain that the same transaction could result in multiple NSF charges if re-submitted. The FDIC says failure to disclose material information about practices and representation costs can be misleading and also potentially unfair and notes that it has required banks to provide additional restitution beyond what had been agreed to in the class action settlements.
FDIC recommendations to mitigate risk include (1) eliminating NSF fees and (2) refusing to charge more than one NSF fee for the same transaction, whether the item is represented or not.
- Fair loan. The following findings have been made in cases referred by the FDIC to the Department of Justice:
- A bank used to use the cohort default rate (CDR) to determine who could apply for private student loan debt consolidation and refinance loans. In general, CDR thresholds resulted in the disproportionate exclusion of individuals who attended historically black colleges and universities (HBCUs) from applying for credit, as some HBCUs had CDRs above the bank’s threshold. Although the bank’s use of CDR to determine school-specific eligibility requirements was a neutral policy, the policy had a disparate impact on the prohibited basis of race, as HBCU graduates were disproportionately black. .
- There was reason to believe that another bank had engaged in a pattern or practice of unlawful credit discrimination on the prohibited basis of race in redlining in certain markets in the bank’s lending areas . This conclusion was based on an assessment of HMDA data of the bank and lending activity in majority black census tracts and an analysis of the bank’s branches, marketing and outreach in those areas.
FDIC recommendations for mitigating risk include (1) reviewing any requirements or other criteria used to screen potential applicants to ensure there is no discriminatory impact, (2) understand the bank’s reasonably expected market area and the demographics of geographic areas within that area, and (3) assess the methods by which the bank obtains loan applications, including marketing or outreach efforts and branch locations.