Skip to Main Content

Compliance Solutions quarterly newsletter — December 2023

Important information about compliance updates, regulatory changes, document enhancements, and more.


The continuing battle against illegal junk fees

Several government agencies have launched initiatives aimed at eliminating “junk fees” to save households billions of dollars each year. Junk fees are “unnecessary charges that inflate costs while adding little to no value to the consumer. These unavoidable or surprise charges are often hidden or disclosed only at a later stage in the consumer’s purchasing process or sometimes not at all.” There is a major concern that financial institutions make these junk fees, such as overdraft fees, part of their core business model.

Specifically, the CFPB has released several items discussing its efforts to fight junk fees, including the following:

  • Advisory opinion on fees charged by large banks and credit unions subject to CFPB supervision (i.e., those with more than $10 billion in assets) to consumers who request account information
  • Data spotlight showing that “the vast majority of NSF fees have been eliminated” by large banks
  • New edition of Supervisory Highlights focused on junk fees

Advisory opinion

First, the CFPB issued an advisory opinion that interprets Section 1034(c) of the Consumer Financial Protection Act to prohibit large banks and credit unions from requiring a consumer to pay a fee or charge to obtain basic account information. Section 1034(c) provides that large banks and credit unions “shall, in a timely manner, comply” with consumer requests for information regarding their accounts. A large bank or credit union would not be compliant with section 1034(c) if it imposed conditions or requirements on consumers' information requests that unreasonably impeded consumers' ability to request and receive account information. Generally, requiring a consumer to pay a fee to request account information is likely to unreasonably impede consumers' ability to exercise the right granted by section 1034(c), and thus violates the provision.

Regardless of how a large bank or credit union labels or categorizes a fee on its fee schedule or other documents, section 1034(c) does not permit unreasonable impediments to a request for information about a consumer's account. That likely “includes charging fees (1) to respond to consumer inquiries regarding their deposit account balances; (2) to respond to consumer inquiries seeking the amount necessary to pay a loan balance; (3) to respond to a request for a specific type of supporting document, such as a check image or an original account agreement; and (4) for time spent on consumer inquiries seeking information and supporting documents regarding an account.” The CFPB notes that it would generally not violate Section 1034(c) to impose fees in certain limited circumstances, such as charging a fee to a consumer who repeatedly requested the same account information.

Data spotlight

Second, in the CFPB’s data spotlight, the CFPB’s analysis shows the following:

  • Nearly two-thirds of banks with over $10 billion in assets have eliminated non-sufficient fund (NSF) fees
  • Nearly three-fourths of the banks that earned the most in overdraft/NSF fee revenue in 2021, including 27 of the top 30 earners, have eliminated NSF fees
  • Among credit unions with over $10 billion in assets, 16 of 20 continue to charge NSF fees, including four of the five largest

Additionally, the CFPB estimates:

  • Among banks with over $10 billion in assets, 97% of NSF fee revenue has been eliminated
  • Data spotlight showing that “the vast majority of NSF fees have been eliminated” by large banks
  • Among the 75 banks earning the most overdraft/NSF fee revenue in 2021, 95% of NSF fee revenue has been eliminated

CFPB estimates that, as a result of the elimination of NSF fees at these banks, consumers will save almost $2 billion annually.

Supervisory highlights

Third, in its Fall 2023 special edition of Supervisory Highlights called “Junk Fees Special Edition,” the CFPB discussed its supervisory work in connection with junk fees. The report updates the CFPB’s Supervisory Highlights issued in March 2023.

Key findings by CFPB examiners include the following:

  • Deposits. In the offering and providing of core service platforms, core processors engaged in an unfair act or practice by contributing to the assessment of unfair NSF fees on re-presented items.
    In other examinations, examiners found that financial institutions engaged in unfair acts or practices by charging consumers re-presentment NSF fees without affording the consumer a meaningful opportunity to prevent another fee after the first failed re-presentment attempt.
    Supervision continued to cite unfair acts or practices at institutions that charged consumers for unfair, unanticipated overdraft fees, such as authorize positive, settle negative (APSN) overdraft fees. APSN overdraft fees occur when financial institutions assess overdraft fees for debit card or ATM transactions where the consumer had a sufficient available balance at the time the consumer authorized the transaction, but given the delay between authorization and settlement, the consumer’s account balance is insufficient at the time of settlement.
    Supervision found that institutions engaged in an unfair act or practice by assessing paper statement fees and returned mail fees for paper statements they did not attempt to print and deliver.
  • Auto Servicing. Auto servicers engaged in unfair acts or practices when they failed to ensure they received refunds for add-on products following early loan termination. Consumers were essentially required to pay for services they could no longer use, as the relevant products (including vehicle service contracts, GAP, or credit life insurance) terminated when the loan contract was terminated or provided no possible benefits after the consumer lost use of the vehicle.
    Examiners found that servicers engaged in an unfair act or practice when they used miscalculated add-on product refund amounts after loans terminated early. This caused servicers to either communicate inaccurate, higher deficiency balances or provide smaller refunds than warranted after early loan termination.
  • Remittances. Certain remittance transfer providers violated Subpart B of Regulation E by failing to appropriately disclose fees or failing to refund fees in certain circumstances because of an error.

Other actions

Additionally, the CFPB issued a proposed Personal Financial Data Rights rule which “would require depository and non-depository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts; establish obligations for third parties accessing a consumer’s data, including important privacy protections for that data; provide basic standards for data access; and promote fair, open, and inclusive industry standards.” The proposed Personal Financial Data Rights rule continues the CFPB’s focus on eliminating junk fees by requiring banks and other providers subject to the rule to make personal financial data available at no charge to consumers. Comments on this new rule must be received by December 29, 2023.

According to the CFPB, because of its supervisory work and focus on junk fees, the companies in the Supervisory Highlights are refunding $140 million to consumers, $120 million of which is for surprise overdraft fees and double-dipping on non-sufficient funds fees. As a result, the CFPB reports that most financial institutions have eliminated non-sufficient funds fees. It will be important to keep in mind that, in the CFPB’s war on junk fees, the idea of “junk” may broadly apply to an array of fees including application fees, credit report fees, document preparation fees, fees for “add-ons,” and much more.

Consumer Lending

SBA’s new Standard Operating Procedure

The Small Business Administration (SBA) has issued a new version of the standard operating procedure (SOP 50 10 7.1) for Lender and Development Company Loan Programs. The new SOP takes effect November 15, 2023. Applications for 7(a) and 504 loans submitted through November 14, 2023, must continue to use the SOP 50 10 7.

The SBA contends SOP 50 10 7.1 provides clarification based on feedback from the lending community. Updates to the SOP include but are not limited to:

  • SBA’s Risk Mitigation Framework was introduced for validation of an applicant’s eligibility
  • Lenders may charge technology service fees on a pro-rata basis for software or technology used during preparation of SBA loan documents, underwriting, or closing the SBA-guaranteed loan
  • With additional conditions, SBA is permitting substitution of personal and/or corporate guaranty liability
  • SBA lending programs qualify as “Special-Purpose Credit Programs” under the Equal Credit Opportunity Act (ECOA)
  • For 7(a) Small loans, the maximum loan amount is $500,000 per project. For SBA Express, the maximum aggregate loan amount is $500,000 (gross)
  • Lenders are required to submit the information from SBA Form 1919 into E-Tran but are not required to upload the SBA Form 1919 itself; however, the signed SBA Form 1919 must be saved in the loan file

The full SOP with revised language and conditions is found here. Form revisions to match new requirements are still in process. Lenders are advised to continue use of existing forms, even if expired, until the new forms are delivered.

Risk-based pricing, credit score exception, and Credit Score Not Available Notices

Regulation V § 1022.72 requires a risk-based pricing notice to be sent to a consumer when a financial institution engages in risk-based pricing and uses a consumer’s credit report as the basis for offering credit to that consumer “on material terms that are materially less favorable” than terms given to a substantial portion of consumers.

When reviewing existing credit, financial institutions that engage in risk-based pricing, use a consumer report in connection with the review, and increase the annual percentage rate based on the consumer report must provide a risk-based pricing notice. This notice is often referred to as an account review risk-based pricing notice.

Determining who must receive a risk-based pricing notice

Regulation V details three methods financial institutions may use to determine which consumers must receive a risk-based pricing notice.

  1. Direct comparison method. This method is explained in § 1022.72(b) and requires the financial institution to directly compare the material terms offered to a consumer and the material terms offered to other consumers for that same credit product. If a consumer receives materially less favorable terms than others for that same credit product, the financial institution must send a risk-based pricing notice.
  2. Credit score proxy method. This method is explained in § 1022.72(b)(1) and requires financial institutions to determine a cutoff score. The cutoff score is the credit score that represents the point at which approximately 40 percent of consumers have higher credit scores and approximately 60 percent of consumers have lower credit scores. Risk-based pricing notices must be provided to any consumer with a credit score that falls below the cutoff score.
  3. Tiered pricing method. This method is explained in § 1022.72(b)(2) and requires financial institutions to determine how many pricing tiers there are for the credit product. If the credit product has four or less pricing tiers, a risk-based pricing notice must be provided to each consumer who does not qualify for the top tier. If the credit product has five pricing tiers, a risk-based pricing notice must be provided to each consumer that does not qualify for the top two tiers. If a credit product has more than five pricing tiers, a risk-based pricing notice must be provided to each member that does not qualify for the top tiers that make up no less than the top 30 percent and no more than the top 40 percent of the total number of pricing tiers. For example, under this method, if the credit product has nine tiers, a risk-based pricing notice would be provided to any consumer that does not receive the top three pricing tiers.

Risk-based pricing notice exceptions

There are several exceptions to the requirement to provide a risk-based pricing notice, including the ability to provide a credit score exception notice to all consumers who request an extension of credit rather than a substantial portion of consumers. This option is appealing because the financial institution does not have to determine who must receive a notice and who should not, resulting in a simpler process.

If a financial institution obtains a credit report to determine what terms a consumer qualifies for in a risk-based credit product and the credit report does not have a credit score, the financial institution must provide a credit score not available notice (also referred to as no score notice) pursuant to § 1022.74(f)(1).

Question of the quarter

Question: Should I collect demographic information on a consumer loan application to meet Community Development Financial Institution federal grant required reporting?

Answer: No. Based on a review of the Equal Credit Opportunity Act (ECOA), including this information on the consumer loan application is not recommended as it increases the risk that the information may impact, or it may be perceived to impact, a credit decision. To reduce these risks, the information may be collected separately from the application. Section 1691 of ECOA states:

(a) Activities constituting discrimination. It shall be unlawful for any creditor to discriminate against any applicant, with respect to any aspect of a credit transaction —

(1) on the basis of race, color, religion, national origin, sex or marital status, or age (provided the applicant has the capacity to contract);

(2) because all or part of the applicant’s income derives from any public assistance program; or

(3) because the applicant has in good faith exercised any right under the Consumer Credit Protection Act [15 USCS §§ 1601 et seq.].


TruStage™ Compliance Solutions offers real-time payments support for financial institutions

Real-time payments get your money to you…fast. And with two networks now available to process these payments, your money can move just as fast as you do in this modern economy. TruStage Compliance Solutions can now support your real-time payment ventures to accurately disclose your real-time payment policies and practices in your documents.

What are real-time payments?

Real-time payments are real-time transfers of your money that allows you to disburse your funds with near immediacy and allows you to request payment for immediate payment back via a real-time payment network. Unlike other payment rails, real-time payments are final, irrevocable, and confirmed within seconds and your payments are cleared and settled within seconds rather than having to wait for the payment to be finalized days later. You can also transfer your money 24 hours a day, 7 days a week, including weekends and holidays, allowing you to manage your money on your own terms.

What are the two real-time payment systems?

Although real-time payment networks have been abroad for some time, two real-time payment networks have emerged in the United States to help you move your money, The Clearing House’s RTP® network and the Federal Reserve’s FedNow® Service.

Launched in 2017, The Clearing House’s RTP network was the first core payments infrastructure in the United States in more than 40 years. The RTP network is open to all federally insured U.S. depository institutions to conveniently send payments directly from your bank accounts with real-time interbank settlement. It uses a shared pre-funded account to settle its transactions up to $1 million.

The Clearing House’s competing network is the Federal Reserve’s FedNow Service that launched in July 2023 with 35 participating financial institutions, the U.S. Department of the Treasury’s Bureau of the Fiscal Service, and 16 service providers. Financial institutions using the FedNow Service will be linked to the bank’s master account at the Federal Reserve and will have a maximum credit transfer of $100,000 with the ability by the financial institution to lower or increase the credit transfer to $500,000.

How do real-time payments differ from services such as Zelle or Venmo?

Peer-to-peer (P2P) services such as Zelle or Venmo enable consumers to send money online or via a mobile app. They give immediate credit to customers but settle the transactions later, making these payments only near-instant payments. These P2P transfers, however, may be instant payments if settlement occurs via real-time payment. For instance, Zelle announced in 2021 that Zelle transactions can be cleared and settled in real-time over the RTP network. Additionally, the online and mobile transactions could be conducted entirely by these service providers, without involvement of a financial institution as intermediary, by pulling the money directly from funds stored on the online and mobile platform. In contrast, real-time payments will always flow through a financial institution.

Are there any concerns with real-time payments?

As with any type of money transfer, fraud is prevalent with real-time payments. These instant payments pose a heightened challenge due to the speed of the transaction and their final and irrevocable nature. Unlike most transactions, customers that use a real-time payments network to send funds cannot recall a payment made in error or cancel the transaction, making it challenging to recover funds before the fraudster has had an opportunity to make a withdrawal. However, due to these risks, the real-time payments systems have built in security measures. For instance, the FedNow Service has the ability for a financial institution to establish risk-based transaction value limits; the ability to specify certain conditions under which transactions would be rejected, such as by account number (a “negative list”); enable message signing, which validates that the message contents have not been altered or modified; and allows reporting features and functionality, including reports on the number of payment messages that were rejected based on a participating financial institution’s settings. As always, financial institutions can do their part in preventing fraud by adequate training of employees to verify the source of the payment request and implement dual approval for certain types of payments.

How do TruStage Compliance Solutions’ disclosures allow our financial institution to adequately disclose our real-time payments policies and practices through our selected network?

Available to Compliance Solutions customers soon, you will be able to indicate if your financial institution uses a real-time payment network to allow your customers to send real-time payments. In Configuration, you can choose if you want language to display in the Account Agreement document and Mobile Account Agreement document that describes how and when your customers can use your selected network to send their funds and any limitations sending payments through a real-time payment network.

In the Electronic Fund Transfer disclosure and Mobile Electronic Fund Transfer disclosure, you can further specify your unique policy and practice via a user-defined field to enter your own custom language.

How do I find out more information about TruStage’s real-time payments support?

To find out more, contact

Question of the quarter

Question: We pull Chex Systems reports when opening new accounts. Are we required to provide an adverse action notice if we decline a consumer’s request to open a new checking account based on information in the report?

Answer: Yes. You must provide a notice that complies with the requirements of § 615(a) of the Fair Credit Reporting Act (FCRA) when taking “adverse action” based on information in a “consumer report.”

FCRA § 603(k) defines “adverse action” to include “an action taken or determination that is made in connection with an application that was made by, or a transaction that was initiated by, any consumer” and that is “adverse to the interests of the consumer.” Denying a consumer-initiated request to open an account would be considered an adverse action.

FCRA § 603(d) defines a “consumer report” as a communication of information by a consumer reporting agency “bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.” A Chex Systems report would be considered a consumer report.

The adverse action notice must include:

  • Notice that adverse action was taken based on information obtained from a consumer reporting agency
  • The name, address, and telephone number of the consumer reporting agency that furnished the report
  • A statement that the consumer reporting agency did not make the credit decision and is unable to provide to the consumer the specific reasons why the adverse action was taken
  • The consumer’s right to (1) obtain a free copy of their consumer report from the consumer reporting agency providing the information if requested within 60 days; and (2) dispute the accuracy or completeness of any information in a consumer report furnished by the consumer reporting agency
  • Credit or other risk score disclosures if the score was a factor in taking the adverse action