Last week, the Consumer Financial Protection Bureau (CFPB) issued an updated policy statement on abuse in financial services. The new policy sheds light on the CFPB’s interpretation of the prohibition on abusive conduct in consumer financial markets and the legal implications it could incur. This will also assist the progress of federal and state agencies in identifying malpractice in the industry.
The Dodd-Frank Wall Street Reform and Consumer Financial Protection Act was passed by the US Congress in 2010, in response to financial industry behavior that brought about the financial crisis of 2007–2008. Dodd-Frank established a number of new government agencies – including the CFPB – that were assigned to keep a closer watch on various components of the law and, consequently, other aspects of the financial system.
In this new statement, the CFPB has outlined 43 cases, and examiners have reported many cross-references, alleging abusive conduct, since the Dodd-Frank was passed in 2010.
What does the new policy statement entail?
The pivot of the new policy includes a few main areas that financial services companies should examine:
1) Hiding or shrouding important features of a product or service
2) Taking unreasonable advantage of circumstances such as consumers’ lack of understanding of a product’s T&C, associated costs and material risks, their inability to protect consumers’ interests, and reliance on a certain product/service — all of which result in exploiting consumer trust.
For example, if a financial transaction would necessitate material risks or costs but would likely draw negligible or no benefit for the consumer, it would lead to the supposition that consumers who go ahead with the transaction do not understand or are unaware of the associated repercussions, the statement explained. This may include the length of time to realize the benefits of a product or service or the relationship dynamics between the financial institution and the consumer's creditors.
Interference with consumer understanding can be either physical or digital, the CFPB said.
Physical interference can include buried disclosures, limiting comprehension through the use of fine print, complex language, or untruthful statements. It may also include any physical conduct that hinders a person’s ability to see, hear, or understand the terms and conditions, while digital interference can include similar impediments through an electronic or virtual format.
The statement further focuses on the type of virtual interference known as a ‘dark pattern’. This pattern is a deceptive user experience that obscures and takes advantage of the way users habitually use websites and apps – and lures them into making unintended and possibly harmful choices.
Dark patterns take the form of misleading labeled buttons such as the use of “pop-up or drop-down boxes, multiple click-throughs” – choices that are difficult to undo. It can also include graphical elements like color and shading that deviate users’ attention to or away from certain options.
Dark patterns in subscriptions are a common example of these kinds of design choices. This kind of pattern might make it difficult for a user to unsubscribe, or it might automatically convert a free trial into a paid subscription. Additionally, these tactics are crafted to trick users into doing things, such as buying overpriced insurance with their purchase or signing up for recurring bills.
“Dark patterns are design tricks and other psychological tactics to confuse and manipulate people into making choices they otherwise would not have made,” said Chopra.
He further added that “manipulating people is wrong, whether on paper or pixels.”
The CFPB also stated that a service provider’s outsized market power may play a part in making it difficult for consumers to protect their own interests. The statement indicates non-negotiable contract provisions, supra-competitive pricing, and high switching costs as examples of potentially abusive practices.
Lastly, the statement emphasized how companies can take advantage of consumer reliance and dependency. Consumers reasonably expect that a fintech or financial services firm will make decisions or provide advice in the consumer’s best interest, while there is potential for betrayal or exploitation of the person’s trust.
2 ways to establish reliance
According to the CFPB, there are two ways to establish reasonable reliance.
A reasonable reliance may exist where an entity communicates to a person or the public that it will act in its customers’ best interest, or else remain true acting in the person’s best interest.
Additionally, a reasonable reliance may also exist where an entity assumes the role of acting on behalf of consumers or helping them to select providers in the market. In certain circumstances, financial services firms and fintechs can also act as intermediaries such as a broker or other trusted source. They may help people navigate marketplaces for consumer financial products or services, without any sort of influence or manipulation.
The CFPB is taking public comments on the guidance until July 3, 2023.
Policy statements aim to provide background information about laws under the CFPB’s jurisdiction and convey how the CFPB plans to implement those laws. They don't enforce new legal requirements.
The policy statement will impact lenders, banks, and fintechs going forward. They will likely need to update their existing practices to adhere to the new policy standards in order to avoid the broad “abusive” standard.
Consumer revenue sources with unusually high-profit margins could attract greater regulatory scrutiny. In December 2022, the CFPB ordered Wells Fargo to pay a $1.7 billion civil penalty in addition to more than $2 billion to compensate consumers for a range of “illegal activity”. This is the largest penalty imposed by the agency to date. The bank was alleged to generate part of its consumer revenue through repeatedly misapplying loan payments, wrongfully foreclosing on homes, illegally repossessing vehicles, incorrectly assessing fees and interest, and charging surprise overdraft fees.
Furthermore, every lending program will likely need to align with the regulatory requirements of its products and justify the additional protections provided to specific borrowers.
Late last year, the CFPB alleged that MoneyLion’s membership model resulted in unfair, deceptive, and abusive acts or practices under the Dodd-Frank. MoneyLion offered installment loans that consumers could not access unless they enrolled in a membership program with monthly membership fees. While MoneyLion illustrated to consumers that they “had the right to cancel their memberships for any reason,” it continued a policy prohibiting consumers with unpaid loan balances from canceling their memberships, alleged the CFPB.
Lastly, financial institutions could incorporate the use of simple and clear language in their marketing strategies. In this way, a company can clearly convey that it puts consumers’ interests ahead of its own for all intents and purposes.
For example, several cryptocurrency exchanges including FTX were charged in December last year over allegations that they were involved in false and deceptive advertising.
Even before the collapse of FTX, the CFPB reported that the crypto market has become a magnet for fraudsters who see little probability that their schemes will garner attention given the lack of investor protection and the opaque nature of the market. These firms often “hide behind terms and conditions” to delay transactions when customers try to claim their crypto assets, according to the bureau.