insideARM Weekly Recap - Week of September 23rd, 2024

News in the ARM industry moves at lightning speed; determining what's important and what’s just noise can be challenging. This is why the editorial team at insideARM sifts through all the news and brings you the need-to-know highlights. We hope you're ready to dive into this week's key updates, starting with a major CFPB settlement and critical rulings on TCPA and overdraft practices. 

To start off the week, we reported on CFPB settlement with a nonbank financial company servicing student loans, following allegations of violations of the CFPA, FCRA, and FDCPA. The company was accused of steering borrowers into forbearance instead of income-based repayment, misallocating payments, and providing inaccurate credit information, among other issues. Labeled a "repeat offender" by the CFPB, the company has faced prior regulatory enforcement, including in 2022. The settlement, if approved, will ban the company from servicing Direct Loans and acquiring additional FFELP loans, impose 55 specific servicing requirements, and result in a $120 million penalty, with $100 million for affected consumers and $20 million to the CFPB's Civil Penalty Fund. Collection agencies and creditors handling student loans are under CFPB scrutiny, making compliance with laws and regulations crucial. The company’s mistakes, including misallocating payments and misleading borrowers, highlight the importance of risk analysis, auditing, and understanding the debt being collected to avoid business loss and regulatory consequences. 

On Wednesday, we highlighted a ruling by the U.S. District Court for the Northern District of New York. It certified a Telephone Consumer Protection Act (TCPA) class action involving over 62,000 individuals on the National Do Not Call (DNC) Registry who received telemarketing calls from the defendant. The defendant obtained these phone numbers from a third-party website operated by Connexus Digital, which gathered consumer data and allegedly recorded consent to be called. The plaintiff denied visiting the website and argued that the calls violated the TCPA. The court found the class met the Rule 23(a) requirements, including numerosity, commonality, and typicality, as the defendant obtained phone numbers in the same manner for all class members. Despite concerns about consent, the court concluded that the sufficiency of Connexus Digital’s consent procedures was the key issue and certified the class. In this case, not enough information was obtained to prove accuracy leading to the defendant assuming they had consent to call and may have violated the TCPA.  This should be a reminder to firms to be diligent when using third parties for this purpose.  

Finally, we brought attention to CFPB Circular 2024-05, reminding financial institutions of their obligation to retain records proving consumer consent for overdraft services on ATM and one-time debit card transactions, as required by the Electronic Funds Transfer Act (EFTA) and Regulation E. The CFPB highlighted that some institutions failed to produce evidence of such consent during supervisory reviews. Examples of valid proof include signed forms, phone call recordings, or electronic signatures. The CFPB’s oversight on overdraft practices continues, with recent enforcement actions emphasizing the need for compliant opt-in processes, including phone opt-ins. Credit unions are also facing increased scrutiny, particularly on overdraft fees and NSF charges. 

As always, we thank you for reading the weekly recap to stay on top of this ever-changing industry! For a breakdown of the week of September 16th, click here.  

Have a question about how your company should react to the news above? We have a group for that! The weekly peer call hosted by insideARM’s Research Assistant is the perfect place to ask a question and get advice from industry colleagues who are facing the same challenges you are. Not sure if it is for you? Try it on for size with our 1-month free trial. Click here to learn more!