CFPB Issues Second Consent Order under Acting Director MulvaneySecurity Group, Inc. and several of its wholly owned subsidiaries entered into a consent order with the Consumer Financial Protection Bureau (CFPB) in which it agreed to injunctive relief and to pay a $5 million penalty. Security Group is a financial services company that originates, purchases, services, and collects on short-term secured and unsecured loans. Security Group operates approximately 900 locations in 21 states.

The Highlights

The CFPB alleged that Security Group engaged in unfair activity in the following ways:

  1. In-person collection visits that included:Discussing debts with consumers in places where third parties could see or overhear the interaction;
    • Handing field cards to third parties, including family members and neighbors;
    • Identifying themselves as Security Finance when speaking with neighbors;
    • Informing third parties of consumers’ delinquency;
    • Visiting consumers’ places of employment when Security Group knew or had reason to know that consumers were not allowed to have personal visitors there; and
    • Visiting consumers’ homes or places of employment with excessive frequency.
  1. Collection calls to consumers’ places of employment that included:
    • Calling consumers on shared phone lines and disclosing or risking disclosing the existence of consumers’ delinquent debts;
    • Calling consumers after being told that consumers were not allowed to receive calls at work; and
    • Failing to properly track and review cease and desist requests, which resulted in calls to parties who had previously requested that calls cease.
  1. Collection calls to third parties that included:
    • Calling third parties, including credit references, supervisors, landlords, family members, and suspected family members in a manner that disclosed or risked disclosing the existence of a delinquent debt; and
    • Failing to properly track and review cease and desist requests, which resulted in calls to parties who had previously requested that calls cease.

The CFPB also alleged that Security Group violated the Fair Credit Reporting Act by:

    • Failing to maintain written policies and procedures related to credit reporting, including policies and procedures regarding the accuracy and integrity of consumer information;
    • Failing to provide accurate information to credit reporting agencies; and
    • Failing to promptly update reported accounts to reflect account activity such as payments and settlements.

Impacted Industries

The Security Group consent order has implications for any financial services company that (1) furnishes credit reports to the credit reporting agencies or (2) collects delinquent debts from borrowers. Likely the most important aspect of this consent order to financial services companies is the fact that the CFPB used UDAAP rather than the FDCPA to pursue its debt collection claims. So, the CFPB could pursue similar claims against first-party creditors as well as third-party debt collectors.

What It Means

First, the CFPB continues to live up to Acting Director Mulvaney’s promise to narrow its focus. Since Acting Director Mulvaney took over in November of 2017, the CFPB has issued only two consent orders, dismissed two high profile cases, taken steps to delay the effective date of payday lending rules, and generally slowed rulemaking while seeking community input in a series of requests for information. A second consent order, on its own, does not indicate a return to the volume of enforcement actions under former Director Richard Cordray.

Second, the CFPB appears to be focused on the debt collection industry.  Acting Director Mulvaney has, on several occasions, noted the significant number of consumer complaints related to debt collection and the importance of those consumer complaints in shaping the CFPB’s agenda.  While one debt collection consent order certainly does not indicate a trend, the limited evidence suggests the CFPB is paying additional attention to the debt collection industry.

Third, the CFPB’s allegations provide interesting insights into the CFPB’s views on debt collection and credit reporting practices.

  • The CFPB continues to disfavor in-person collection practices, and the Security Group consent order suggests that in-person collection efforts inherently run the risk of unfairly alerting third parties to the existence of a debt.
  • The Security Group consent order seems to suggest that calling a consumer on a shared line at the consumer’s place of employment, regardless of the precautions the debt collector may take to avoid disclosing its identity, may constitute an unfair practice because of the potential that this type of call could alert third parties to the existence of a debt.
  • The CFPB based part of its FCRA claims on a failure to report positive credit activity during a period in which Security Group implemented a credit reporting freeze while it evaluated and updated its credit reporting policies.