In the first installment of a special two-part series about the Consumer Financial Protection Bureau's (CFPB) recent policy statement on abusiveness, our panel discusses the background of the policy statement, the definition of abusiveness, when it exists and when it doesn't, and practical considerations for compliance.
Please join Troutman Pepper Partner Chris Willis and his colleagues Alan Wingfield, James Kim, and Taylor Gess for the first installment of a special two-part series about the Consumer Financial Protection Bureau's (CFPB) recent policy statement on abusiveness. In Part 1 the panel discusses the background of the policy statement, the definition of abusiveness, when it exists and when it doesn't, and practical considerations for compliance.
Stay tuned for Part 2 of this special series on the abusiveness statement for a deeper dive into some specific examples cited in the policy statement, as well as lessons learned about what constitutes abusiveness and what doesn't from the CFPB's perspective.
CFS Partner Alan Wingfield focuses his practice on financial services litigation and consumer law compliance counseling. He helps businesses with the myriad federal and state consumer protection laws, as well as laws regulating financial services and other types of consumer-facing companies. Alan regularly represents businesses in class-action and individual consumer litigation in many national venues, particularly with the "alphabet soup" of consumer protection statutes, including Section 5 of the Federal Trade Commission Act; Dodd-Frank Wall Street Reform and Consumer Protection Act's (Dodd-Frank) Unfair, Deceptive, or Abusive Acts and Practices (UDAAP) regulation; and state equivalents of the Unfair and Deceptive Act and Practices Act (UDAP).
CFS Partner James Kim leads the firm's fintech industry group. He advises fintechs, banks, investors, and other clients on federal and state consumer financial laws and regulations, including UDAAP. He helps clients navigate examinations and investigations with the CFPB, Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board, Federal Trade Commission (FTC), and various state agencies. As a former CFPB senior enforcement attorney, James provides the industry knowledge and expertise that fintechs and financial institutions require when launching new products or facing regulatory scrutiny.
CFS Associate Taylor Gess provides regulatory advice on matters related to federal and state consumer protection, consumer finance, and payments laws, including those that apply to payment cards, lines of credit, installment loans, electronic payments, online banking, buy-now-pay-later transactions, retail installment contracts, rental-purchase transactions, and small business loans. Taylor represents a broad spectrum of clients, such as fintech companies, banks, payment card issuers, retail merchants, online lending platforms, and solar and home improvement finance companies. In addition to handling matters on various consumer protection statutes, she also advises on issues related to payment network rules, electronic contracting, telemarketing, UDAAP, and military lending, while also helping clients develop compliance management systems, review marketing materials, and structure new products.
The Consumer Finance Podcast: CFPB’s Policy Statement on Abusiveness (Part 1)
Aired: May 4, 2023
Host: Chris Willis
Guests: Alan Wingfield, James Kim, Taylor Gess
Chris Willis:
Welcome to The Consumer Finance Podcast. I'm Chris Willis, the co-leader of Troutman Pepper's Consumer Financial Services Regulatory practice, and today we're going to be giving you part one of a special two-part series on the CFPB's recent policy statement on abusiveness. But, before we jump into talking about that abusiveness, let me remind you to visit and subscribe to our blog, ConsumerFinancialServicesLawMonitor.com, where you'll see all of the daily updates that we post about what's going on in the world of consumer finance.
Check out our other podcasts. We have a lot of them. We have the FCRA Focus, all about credit reporting, The Crypto Exchange, about everything related to crypto, and Unauthorized Access, which is our data security and privacy podcast. Now, those are all available on all the popular podcast platforms, just like this podcast is. And, speaking of this podcast, if you like it, let us know.
Leave us a review on your podcast platform of choice and let us know how we're doing. Now, as I said, today we're going to be talking about the CFPB's recent policy statement, in which they try to define abusiveness, which is the second A in the Dodd-Frank UDAAP Statute, and I'm joined today by three of my colleagues to talk about that. We have my partner Alan Wingfield, who's a member of our Consumer Financial Services Group in Richmond. My partner James Kim, who used to be at the CFPB, but now is one of our partners in our New York office. And Taylor Gess, who is one of our Consumer Financial Services associates, who happens to live in Minneapolis, where we actually have a large nucleus of people.
So, Alan, James Taylor, thanks for joining me on the podcast today to talk about this.
Alan:
Chris, it's good to be here. Thank you so much. I've really been looking forward to this. For 30 years I've been fighting UDAAP wars under the state law and FTC Section 5. What abusiveness means is something I've been puzzling over for decades, so I hope to find out the answer.
James:
Thanks, Chris. When I was at the CFPB, we debated this subject. I don't think we had many answers, then, and I'm not sure we're in a much better place today, but we'll talk about this policy statement and see where we are.
Taylor:
Yeah, thank you Chris. It's good to be here. I'm looking forward to our conversation today.
Chris:
Okay, great. Well, I'm really glad that all three of you are here. Just to give the audience a little bit of background. At the beginning of April of this year, the CFPB released a policy statement on abusiveness, basically attempting to provide some definition around what abusiveness means, and when it exists and when it doesn't, at least in the Bureau's eyes. And of course, by way of background, Dodd-Frank or the Consumer Financial Protection Act prohibited, unfair, deceptive and abusive acts or practices, and gave the CFPB the power to enforce that prohibition against people who provide or offer consumer financial products or services. And, although we had other federal laws, like Section 5 of the FTC Act that had unfair and deceptive in them, abusive was new to the equation. Everybody's sort of been wondering for years since the CFPB’s inception, what does it mean for something to be abusive?
That's what the policy statement is all about, and that's what we're going to be talking about in this part one. In part two of this special series about the abusiveness statement we're going to dive into some of the specific examples that are cited in the policy statement and talk about lessons learned, at least from the CFPB’s standpoint about what constitutes abusiveness and what doesn't.
But, first we're going to talk about the background of what's in this statement itself. So, James, do you mind just getting us started with the background and how we got to the issuance of this policy statement?
James:
Sure. Way back in the olden days after the passage of Dodd-Frank, and the CFPB became operational about a year later, in 2011, and it was a little bit before I joined the Bureau. But, as I heard it, there were all hands meetings, where everyone would fit in one room and people would sit on beanbag chairs in the ground and listen to Elizabeth Warren talk. Back in those olden days, we talked about what abusive meant because it was brand new as you stated.
Aside from this policy statement and a little bit here and there that we're going to cover, really, the anchor point that we had then that we still have today, is what's in the statute itself, Title X of Dodd-Frank. I'll just quickly go over the statutory definition of abusive. It's an abusive act or practice, one, it materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service, or ... You'll note, everything is or in this section of the statute ... Or, takes unreasonable advantage of a lack of understanding on the part of the consumer, of the material risks, costs or conditions of the product or service, or be the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service, or, C, the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.
Those are the statutory definitions. We'll get into it, and, kind of at the end of this, I think we're going to give you our thoughts and analysis, based on what we see in the statute and in the policy statement. But, I would just flag for you here that it's very focused on the consumer's perspective. There's actually very little about acting on the part of the provider or the company, but we'll talk more about that.
Anyway, just to move forward from the statutory definition. I think in the earlier years of the Bureau, while everyone was puzzling over what this really meant, we saw abusive pop up in some consent orders. But, in my view, it didn't really shed much light, because in pretty much every instance that I can recall, something was alleged to be abusive, but it was also alleged to be either unfair and or deceptive.
Because of the overlap, and because you didn't see in the wild, in nature, what a uniquely abusive act was, that was neither unfair nor deceptive. I don't think we really got a good handle on what abusive, by itself, really was and how it was distinct and different from unfair or deceptive.
Then, fast-forward quite a bit to 2020, and this was when the Bureau was under Republican leadership and they issued a policy statement about abusive acts or practices, back in 2020. People can look it up, but I'll, kind of, quickly summarize the policy statement. It included at its core three guideposts that the bureau, at that time, issued to inform its use of the abusive prong, but also to signal to the market how it would interpret and apply abusive in both the supervisory context and the enforcement context.
Those three guideposts, so to speak, were, number one, the Bureau would balance the benefits to consumers with the regulatory certainty or uncertainty, I guess, depending on how you look at it. But, I think the takeaway there is, even though benefit to the consumer or countervailing benefit to the consumer is not in the statutory definition of abusive, the 2020 policy statement, kind of put that in there as a consideration. Guidepost number two, that they would try to address the uncertainty by focusing on standalone abusive violations. So, that's really fixing the problem that I pointed out earlier, to focus on what is uniquely abusive. And three, the Bureau at that time said it would recognize and take into consideration good faith efforts by companies to avoid abuse of conduct and to comply with applicable law. And in those instances refrained from assessing penalties, for example.
That was the policy statement issued by Republican leadership in 2020. Now, after the election and the White House flipped to a Democratic Party, and the acting director was appointed by President Biden, David Uejio, so he was the acting director before Director Chopra took over and became the confirmed full-time director. In my mind, I have this idea that there was a list of things that Mr. Uejio, Mr. Chopra, others were kind of chopping at the bit to do as soon as they got back in power. And I think this was one of them, because in the very early days of the Bureau, when they still had an acting director, David Uejio issued a statement, rescinding the 2020 policy statement, rescinding it with some commentary. I'm not going to get into all of it, but one of it was, basically, very pointedly saying, penalties are back on the table. Penalties are in the statute, they should be applied, and they will be applied with abusive. Basically ignore and completely rescind the 2020 policy statement.
There's no tea-leaf reading there. The message was clear that they were clearing the decks to put their imprint on abusive. Then, that segues into the policy statement, which is really the current leadership's first and very detailed writing or statement on this area of uncertainty.
Chris:
Thanks a lot, James, for that background. That really helps us understand where we were prior to the issuance of this policy statement. Taylor, I'm going to ask you a few questions about this now. First off, the Bureau has all kinds of different communications. They have advisory opinions and interpretive rules, and bulletins, and consumer financial protection circulars, and then they have this thing, which is a policy statement. So, I don't want to ask you what all those other things are, but tell the audience what exactly is a policy statement.
Taylor:
A policy statement is a document that the CFPB provides background on a law that it administers. It sort of describes the CFPB's view on how it can exercise its authority, but it doesn't impose any new legal requirements. The abusiveness statement was issued on April 3rd, and that sets forth the framework that the CFPB can use to identify abusive conduct. The statement will be published in the federal register with the comment period closing on July 3rd, 2023.
Chris:
Thank you for that. Now that we know what a policy statement is, at least as compared to all those other communications that the Bureau likes to put out, can you tell the audience a little bit about what the CFPB describes as being abusive in this new policy statement that came out in April?
Taylor:
Sure, Chris. The policy statement explains that the abusiveness standard is focused on conduct that is harmful or distortionary to the way that the market functions, and that it doesn't require a showing of substantial injury to establish liability. The policy statement description of abusiveness largely tracks the CFPA definition of abusive acts or practices that James mentioned earlier. Just as a quick reminder, those buckets of abusiveness are material interference, and that's conduct that obscures important features of the products or services, in a way that materially interferes with the consumer's ability to understand product terms or conditions. And, second is the unreasonable advantage bucket. These are acts or omissions that leverage circumstances to take unreasonable advantage of the consumer, due to gaps in the consumer's knowledge or understanding of material risks, conditions of the product, unequal bargaining power, or consumer reliance on the entity's requirement to act in the consumer's interest.
If we dive a little deeper into the material interference bucket, the policy statement discusses acts or omissions that obscure, withhold, de-emphasize, or make confusing or just hide information that's relevant to the consumer's ability to understand product terms and conditions. The policy statement specifically mentions types of material interference. They are with the CFPB calls buried disclosures. These are things like fine print, jargon, or poor timing of the disclosure. The statement also mentions physical interference, like hiding or withholding notices, and another type of interference is digital interference, which would be things that manipulate popup or dropdown boxes, multiple click throughs, or dark patterns that make the terms and conditions materially less accessible to consumers. The policy statement also discusses overshadowing, so overshadowing would be prominently placing certain content that interferes with the understanding of the product terms or conditions.
Having a better idea of what material interference is, we can discuss the CFPB's articulated approach. In the policy statement, it provides an intent to materially interfere is not required, but that intent can show material interference. The CFPB will also consider whether the natural consequence of the act or omission would impede the consumer's ability to understand the product terms and conditions. Material interference can also be shown by a product so complicated that the material terms and conditions can't be explained, or a business function that's inconsistent with what the consumer understands the product's terms or conditions to be.
I think one of the main takeaways is that these material interference considerations are all pretty flexible and leave the CFPB with a lot of discretion. As to unreasonable advantage bucket, the analysis is a fact intensive inquiry that examines where the advantage taking was unreasonable under the circumstances. And, it doesn't matter if the act or mission is typical. The policy statement provides that an unreasonable advantage does not need to be significant if it is unreasonable.
As with the material interference standards, there's a lot of discretion, because people can differ as to what is considered unreasonable. The statement describes an advantage as possibly unreasonable if a windfall is received due to a gap in understanding, unequal bargaining power, or consumer reliance that the entity is looking out for the consumer's best interests.
I thought it was interesting that there's also no threshold of people that must have lacked the understanding for something to be considered an unreasonable advantage. It is possible for there to be an abusiveness violation with respect to some consumers, even if other consumers do not have a lack of understanding. Overall, it seems that the CFPB is taking a "No abusiveness when we see it," type of approach to these abusiveness violations.
Chris:
Got it. Thanks. And Taylor, does the policy statement shed any light on the question that James was talking about a minute ago, which is how does abusiveness differ from unfair and deceptive acts as defined in Dodd-Frank and in other statutes like the FTC Act?
Taylor:
Under a long-established guidance from the FTC, that the CFPB has accepted in its examination manual harm to consumers is central to a finding of unfair or deceptive acts. A rigorous cost benefit analysis is done if a practice is challenged as unfair or deceptive. But in this abusiveness policy statement, the CFPB rejects the need to show consumer harm, and says it's not bound to do any kind of rigorous cost benefit analysis.
Chris:
Okay, so that seems like kind of a partial answer from the CFPB to the question that we've talked about, But, it still leaves me a little confused about what abusive means that's different from what we've historically understood as unfair and deceptive. Alan, I know that you have some thoughts about this, and I'm really dying to have you share them with the audience.
Alan:
Thank you, Chris. One of the interesting things about the policy statement by the CFPB is they summarized and listed lots of enforcement actions, with alleged ... support their view of what abusiveness is. I went through it, all those footnotes, and I was looking for examples where there was abusiveness that was independent and separate from a fact pattern that would've been called by the FTC or state regulator unfair or deceptive. I have to say, I didn't see one possible exception. I didn't see one case cited in the footnotes that would not have been susceptible to analysis under unfair or deceptive. So, I'm going, "What is the point of this abusiveness?" Well, I think, being a little cynical, I think Director Chopra sort of let the cat out of the bag. He gave a speech the same day that this policy statement was issued. The speech is available on the website and you can look it up and read it for yourself.
But he talks about the old UDAAP and he claimed that abusiveness was dealt over a long period of time. But then he makes the following observation about UDAAP, old-fashioned unfair deceptive acts of practices, Section 5 FTC Act, as administered by FTC. It makes the following observation, "While unfairness and deception reach a broad set of problematic practices, misguided enforcement policies and interpretations by FTC commissioners had over time undermined their effectiveness."
So, he doesn't like what unfair and deceptive means as developed a many, many decades of work by the FTC that the CFPB, itself, had adopted in its examination manual. So, he's going for a big old do-over. That's the cynic view. So, what is abusiveness means? In my view, based on what I'm hearing, so far, abusiveness means unfair deceptive conduct that cannot be the subject matter of an improper enforcement action, because the elements of the violation under unfair and deceptive, as set forth by FTC over many years, aren't present. Specifically, harm to consumers, and then for unfair conduct, the failure of a cost benefit of analysis.
What is abusiveness? It's unfair plus and deceptive plus. That's my take on where this leads us. Now, we got some experts on this call, so we're supposed to have a conversation. I'm happy to be corrected, but the cynic of me says all this is about is allowing the same kind of conduct to be prosecuted in the past under unfair deceptiveness, but without the constraints imposed by all the guardrails and nuanced tests that this FTC has built over time.
Chris:
Well, Alan, I don't think I'm in any mood to talk you out of being cynical today on this point, so I'm going to let what you said stand, because I think you were correct, and we've spent a good bit of time trying to figure out the precise parameters of what constitutes abusive. We could probably turn ourselves in circles for the rest of the day and get no further on that. But, let's take Alan's view of it, and ask ourselves where do we go from there? So, James, can you address the implications of the CFPB's policy statement on things like product design, and terms and conditions for consumer financial products or services? Let's get practical and figure out what do we do with this now that we've got it.
James:
Yeah, just a few thoughts on that. And I definitely want Taylor, you, and Alan to weigh on this, because this is the art part of it, which is what does it mean? How do you incorporate this guidance into your products, into your disclosures, into your operations?
I'm going to throw out a few words and concepts that are nowhere to be found in the statute, nowhere to be found in either policy statement, but I think it will be helpful for companies. They may not want to incorporate them, but there are words and concepts that apply in other areas that might be helpful. What are these concepts and turns? I think the Bureau's vision for abusiveness imposes a fiduciary duty on companies to act in the best interest of consumers. Part of that is to think about product suitability. Those are the words that I want to throw out for people to chew on, fiduciary duty and product suitability. Those concepts exist in other areas that are not my areas, but I know that they've been much debated in various ways.
I throw them out there because I think that's what the current director and the current CFPB want. They want a certain degree of paternalism where you think about what's in the best interest of the consumers. So, in other words, disclosing all you want clearly and conspicuously isn't enough. If the consumer chooses something that isn't good for them, despite your disclosures, there's real risk the Bureau's going to hold it against you, the company, the provider. Therefore, you have to act as if, without conceding, but as if there's a fiduciary duty, which includes thinking about, is this product or is this feature of a product suitable for the particular consumer that might be applying for and getting the product.
At a high level, that's what I would say. I just pause there to let other people weigh in, and I'd connect what I just said to other statements by the Bureau and by Director Chopra about, for example, dark patterns, which is just another way of saying all this stuff that happens in the background that is not visible to consumers, but impacts their user experience. Not only what they see, but what they don't see, what products are offered or not offered, for example. And again, transparency and disclosures isn't enough. You have to act in the interest of the consumer, despite their choices, honestly, and unfortunately.
Chris:
Thanks, James. One of the things that I picked up in reading the policy statement is this emphasis on relationships where the consumer, according to the CFPB, can't vote with their feet by going to another provider of whatever it is that they're getting as a consumer financial product or service. So Alan, can you comment on the impact of the statement, as to the types of relationships the CFPB is focusing on for special scrutiny? That is, the types of relationships where they seem to be saying abusiveness is more likely to occur?
Alan:
Well, there's two prongs. One is the CFPB’s statement indicates that any relationship, which is in some essential way, involuntary for the consumer. One, the consumer's, I guess they would say, trapped into ... is going to fall into this bucket for heightened scrutiny. The three examples that the CFPB gives, are consumer reporting agencies, servicers, and debt collectors, or debt collections, related scenarios. All the things James just said are signaled to be applied, sort of on steroids, to these groups. So, for example, it's sort of amazing when you take the language and the policy statement, literally. They say, if you're one of these involuntary relationships with the consumer, the company cannot take unreasonable advantage of the situation. And what their definition is that anything you do with a consumer must be reasonable, and they give a definition of reasonable, the kind of thing you can do with a consumer in these involuntary relationships.
It says that you need to be fair, proper, or moderate under the circumstances. I'm sort of laughing. That's literally the standard for a business under this thing, is that you have to be fair, moderate, and proper under the circumstances as gauged by the CFPB. All of a sudden, the contracts and services be provided by people in these involuntary relationships, particularly those in these three enumerated lines of industry. Everything that they do, every service and product that they're engaging with, the consumer is starting to be challenged if it's not reasonable under this test.
Chris:
One of the other things that's sort of like that in the policy statement that I picked up on Alan, is that the Bureau cites the use of standard form contracts as another indicator of abusiveness. Which the thing is, in order for financial services companies to do business, at any scale, they have to have standard form contracts. And, let's not forget that for most consumer financial products and services, there's a whole lot of federal and sometimes state disclosure requirements that can only be satisfied by using standard form contracts. But now, the Bureau seems to be telling us in the policy statement that if we use standard form contracts, then obviously, although that is not a per se violation of Dodd-Frank as being abusive, it's certainly evidence of abusiveness. So like now, I guess every single consumer product or service is sort of on the suspicious list for being abusive. Am I overreacting to that?
Alan:
I'm with you. I think that we're all still absorbing this, but one of the biggest potential impacts of this abusive standard is on terms and conditions and consumer facing companies live on standard form contracts, terms and conditions on the website to structure the relationship with consumers in both, the process of sharing these terms and conditions and creating contractual relationships around these documents, as well as the content of them are both on the table to be challenged on this abusiveness standard.
The sky’s not falling, but it may be a new day for how you think about your standard form contracts and your website terms and conditions, in light of the standard that apparently is being promulgated by the CFPB.
Chris:
Okay, let's end with the bottom line, Alan. So where does this leave consumer financial services companies in terms of compliance? Do you have some thoughts about, practically, what should the regulated industry now be thinking about doing to try to keep itself, I won't say safe, but as safe as possible in light of the new policy statement?
Alan:
My top two are as follows, first, don't add gasoline to the fire by using throwaway language in your marketing materials and advertising, where you are promoting yourself as being a trusted business. Avoid a trust relationship with the consumers. You see often advertising and marketing materials and websites language, where the company's inviting the consumers to trust them. The policy statement very explicitly says that's going to be prime evidence of a relationship with the consumer, where the consumer is entitled to rely on the company to act in their best interests. So, you're rethinking all of that. Years’ experience indicates to me that all that throwaway language is not helpful. It doesn't sell a dang thing, but it can cause you trouble. So that's number one. Avoid creating trust relationships with the consumers. Number two, is the overall quality of your compliance management system. I read a book once that talked about how World War I, the French and English dealt with the new storm trooper tactics of the German army, which were innovative and very difficult to deal with, and the solution to them was a good all-around defense.
I think we're here today is where when you face a risk like this, the overall quality of a compliance management system will help you so much. First of all, as we know, if you are challenged by a regulator, including the CFPB, if you lack a compliance management system that's working on these issues, that's a big black mark. In fact, 50% of enforcement action will be describing the fact that you don't have a compliance management system control for these issues. Have a compliance management system that is working on these issues, feed these issues enter your system. It doesn't mean that the output would be any different, but you're making intentional decisions to do what you're doing, as opposed to just accidentally throwing up some language on a website that later becomes exhibit A in an enforcement action or a private lawsuit. That's my two takeaways.
Chris:
Yeah. Thanks a lot, Alan, and thanks for closing us out with that very practical advice. Let me thank you, as well as James and Taylor for being on the podcast today and sharing their insights with our listeners. And of course, thanks to our listeners for tuning in to today's episode. Don't forget to visit us at our blog, ConsumerFinancialServicesLawMonitor.com, and hit that subscribe button, so that you can see all of our daily updates about the world of consumer finance. And why don't you go ahead and visit us over at troutman.com, and add yourself to our Consumer Financial Services email list? So, that you can get copies of our alerts and notice of our industry-only webinars. And of course, stay tuned for a great new episode of this program every Thursday afternoon. Thank you all for listening.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.