On November 8, 2023, the Consumer Financial Protection Bureau (“CFPB”) entered into a consent order with a major bank to resolve allegations of violations of the Equal Credit Opportunity Act (“ECOA”) and Regulation B. Among other allegations, the CFPB asserted that the lender “failed to provide applicants with an accurate and adequate statement of the specific reasons for the adverse action when the applicant was denied based on Armenian national origin in violation of ECOA, 15 U.S.C. § 1691(d), and Regulation B, 12 C.F.R. § 1002.9(a)-(b) . . .”
The CFPB investigation concluded that credit card applicants of Armenian national origin were subjected to additional scrutiny, especially if the applicant lived in the Glendale, California, area, because the lender’s staff suspected an Armenian fraud ring was operating in the region. The suspicions of fraud resulted in longer application processing times, additional judgmental underwriting, approval with less favorable credit terms, and higher denial rates for both new credit cards and credit line increases. In addition, some applicants’ accounts were subjected to “blocks” of their credit cards, as well as line decreases or account closures.
However, applicants denied because of suspected fraud were not given accurate adverse action notices as required by ECOA and Regulation B. Internal messages among the lender’s employees revealed that pretextual denial reasons were used when an application was declined for possible credit abuse.
The consent order echoes concerns raised in the CFPB’s Summer 2023 edition of Supervisory Highlights regarding servicers’ failures to provide specific reasons for denial of consumer requests for loss mitigation assistance when reasons provided were deemed unduly vague. The Bureau noted that such failures violated Regulation X (12 CFR 1024.41(b)(2)(i)(B)). In 2021, the CFPB’s 2021 lawsuit against a large fintech lender included allegations that nearly 72,000 adverse action notices inaccurately stated the principle reasons the credit applications were denied in violation of 12 C.F.R. § 1002.9(b)(2).
The CFPB is not the only federal financial institution regulator interested in the accuracy and timeliness of adverse action notices. In its most recent Fair Lending Report of the Consumer Financial Protection Bureau, the CFPB stated that the CFPB, the Federal Deposit Insurance Corporation, the Federal Reserve, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Farm Credit Administration had all cited supervised institutions for failures to provide accurate and timely adverse action notices among the most common violations of Regulation B and ECOA in 2022.
In addition to enforcement actions and informal guidance, the CFPB also issued Consumer Financial Protection Circular 2022-03 (“CFPC 2022-03”) to provide guidance on the requirements of ECOA and Regulation B when issuing adverse action notices in connection with credit decisions on complex algorithms. CFPC 2022-03 affirms that accurate and specific adverse action reasons are required even when credit decisions are based on complex or vended models. CFPC 2022-03 also notes that, “While some creditors may rely upon various post-hoc explanation methods, such explanations approximate models and creditors must still be able to validate the accuracy of those approximations, which may not be possible with less interpretable models.”
Taken together, it is clear that federal banking regulators are concerned with, and examining for, accuracy of adverse action notices. Given the current regulatory interest, lenders should review their practices related to adverse action notice accuracy and specificity. Any such review should consider the appropriateness of denial reasons provided, especially when non-credit factors, such as fraud, are the reason for denial. Additionally, compliance reviews should evaluate the accuracy of denial reasons provided when credit decisions are made using credit scores or other algorithms and the timeliness of adverse action notices provided to applicants.
Lynn Woosley is a Managing Director with Asurity Advisors. She has more than 30 years’ risk management experience in both financial services and regulatory environments. She is an expert in consumer protection, including fair lending, fair servicing, community reinvestment, and UDAAP.
Before joining RiskExec, Lynn led the fair banking practice for an advisory firm. She has also held multiple leadership positions, including Senior Vice President and Fair and Responsible Banking Officer, within the Enterprise Risk Management division of a top 10 bank. Prior to joining the private sector, Lynn served as Senior Examiner and Fair Lending Advisory Economist at the Federal Reserve Bank of Atlanta.