Artificial Intelligence: Benefits and Risks

QUESTION 

There has been a lot of news about artificial intelligence. I have to admit, I do not know anything about it. Yet my company has just announced that it is linking up with an artificial intelligence provider. 

Now, we are scrambling to understand how artificial intelligence will impact our jobs, loan process, and compliance requirements. Last year, nobody cared about AI. This year, it’s all they can talk about! 

I would like you to tell us some ways that AI is used by banks and nonbanks, since providing compliance to us is your specialty. We need some basic understanding of how AI will be a part of originating and servicing loans. 

What are some ways that financial institutions are using AI? 

ANSWER 

I sense your frustration, and you are not alone. Whenever a new technology or innovation enters the marketplace, there is a perfectly normal tendency to be a bit suspicious and even worried about its implications. In time, these concerns often become resolved, sometimes with less than optimum impact on society, sometimes with far-reaching positive impact. The challenge is anticipating change and preparing proactively to mitigate unwanted outcomes. 

I don’t think financial institutions should rush into Artificial Intelligence (“AI”) without first considering compliance. But, there are good reasons to implement AI as a tool in the quest for a strong compliance program. When planning to partner with an AI vendor, it is important to bring in a firm such as ours to provide reliable due diligence to ensure the compliance component is integral to the plan. This creates a “baseline” that serves to enhance policies and procedures, training, and ongoing improvements in the technological application. 

Many banking agencies have been vetting AI for a few years. They're still in the early stages of drafting the rulemaking, but there has been an increase in regulatory guidance issuances. As a provider of customized compliance libraries, we are updating our clients’ policies for such guidance. And when rulemaking is determined, we will provide an AI policy, specific to a client's needs, and prior to a promulgated effective compliance date. 

Five banking agencies (OCC, FRB, FDIC, CFPB, and NCUA) have sought information and comments on the use of AI, including machine learning, by financial institutions. The caveat thus far is that they support responsible innovation as long as it includes identifying and managing associated risks. 

We can glean the areas of scrutiny being reviewed for supervision, examination, and enforcement by taking note of the following ways financial institutions use or may use AI. Though not meant to be a comprehensive outline, based on our interactions with regulators and published issuances, I’m sure these areas are under review for AI compliance. 

ARTIFICAL INTELLIGENCE: BENEFITS

Flagging Unusual Transactions 

Many institutions use AI to identify potentially suspicious, anomalous, or outlier transactions (for instance, fraud detection and financial crime monitoring). This involves using different forms of data (i.e., email, texts, audio data – both structured and unstructured)[i] to identify fraud or anomalous transactions with greater accuracy and timeliness. It also includes identifying transactions for Bank Secrecy Act/Anti-Money Laundering activities, monitoring employees for improper practices, and detecting data anomalies. 

Personalization of Customer Services 

Institutions use AI technologies, such as voice recognition and Natural Language Processing (NLP),[ii] to improve the customer experience and increase efficiency in allocating financial institution resources. 

One example is using chatbots[iii] to automate routine customer interactions, including account opening activities and general customer inquiries. AI is leveraged at call centers to process and triage customer calls to provide customized service. Institutions also use these technologies to target marketing better and customize trade recommendations. 

Credit Decisions 

Some institutions use AI to inform credit decisions to enhance or supplement existing techniques. This application of AI may use traditional data or employ “alternative data”[iv] (such as cash flow transactional information from a bank account). 

Risk Management 

Institutions may use AI to augment risk management and control practices. For example, an AI approach might be used to complement and provide a check on another, more traditional credit model. Financial institutions may also use AI to enhance credit monitoring (including through early warning alerts), payment collections, loan restructuring and recovery, and loss forecasting. 

AI can assist internal audit and independent risk management to increase sample size (such as for testing), evaluate risk, and refer higher-risk issues to human analysts. Indeed, AI may also be used in liquidity risk management, for example, to enhance monitoring of market conditions or collateral management. 

Textual Analysis 

Textual analysis refers to using NLP for handling unstructured data (generally text) and obtaining insights from that data or improving the efficiency of existing processes. Applications include analysis of regulations, news flow, earnings reports, consumer complaints, analyst ratings changes, and legal documents. 

Cybersecurity 

Institutions may use AI to detect threats and malicious activity, reveal attackers, identify compromised systems, and support threat mitigation. Examples abound, including real-time investigation of potential attacks, the use of behavior-based detection to collect network metadata, flagging and blocking of new ransomware and other malicious attacks, identifying compromised accounts and files involved in exfiltration, and deep forensic analysis of malicious files. 

There are risks, too, which I’ll explain shortly. But, it should be obvious that the agencies recognize that AI has the potential to offer improved efficiency, enhanced performance, and cost reduction for financial institutions, as well as benefits to consumers and businesses. AI can identify relationships among variables that are not intuitive or not revealed by more traditional techniques. And it can better process certain forms of information, such as text, that may be impractical or difficult to process using traditional methods. 

AI also facilitates processing significantly large and detailed datasets, both structured and unstructured, by identifying patterns or correlations that would be impracticable to ascertain otherwise.

In general, other potential AI benefits include more accurate, lower-cost, and faster underwriting and expanded credit access for consumers and small businesses that may not have obtained credit under traditional credit underwriting approaches. AI applications may also enhance an institution’s ability to provide products and services with greater customization. 

ARTIFICAL INTELLIGENCE: RISKS

But there are risks. The agencies have emphasized that financial institutions should have processes to identify and manage the potential risks associated with AI. Many of the risks associated with using AI are not unique to AI. For example, using AI could result in operational vulnerabilities, such as internal process or control breakdowns, cyber threats, information technology lapses, risk associated with using third parties, and model risks, all of which could affect an institution’s safety and soundness. 

Furthermore, the use of AI could also create or increase consumer protection risks, such as risks of unlawful discrimination, unfair, deceptive, or abusive acts or practices (UDAAP) under the Dodd-Frank Act, unfair or deceptive acts or practices regulation (UDAP) under the FTC Act, or privacy concerns.

The agencies have identified three risks particular to AI: 

• Explainability, 
• Data Usage, and 
• Dynamic Updating. 

Here’s a brief explanation of each risk. 

Explainability 

“Explainability” refers to how an AI approach uses inputs to produce outputs. In other words, some AI approaches can exhibit a “lack of explainability” for their overall functioning (sometimes known as global explainability) or how they arrive at an individual outcome in a given situation (sometimes referred to as local explainability). 

Lack of explainability can pose different challenges in different contexts. Lack of explainability can also inhibit a management’s understanding of the conceptual soundness of an AI approach (that is, the quality of the theory, design, methodology, data, developmental testing, and confirmation that an approach is appropriate for the intended use) which, then, can increase uncertainty around the AI approach’s reliability, and increase risk when used in new contexts. 

Lack of explainability can also inhibit independent review and audit and make compliance with laws and regulations, including consumer protection requirements, more challenging. 

Data Usage 

Broader or more intensive data usage plays a particularly important role in AI. In many cases, AI algorithms identify patterns and correlations in training data without human context or intervention and then use that information to generate predictions or categorizations. 

Because the AI algorithm depends on the training data, an AI system generally reflects any dataset limitations. As a result, as with other systems, AI may perpetuate or even amplify bias or inaccuracies inherent in the training data or make incorrect predictions if that data set is incomplete or non-representative. 

Dynamic Updating 

Some AI approaches have the capacity to update on their own, sometimes without human interaction, often known as dynamic updating. Monitoring and tracking an AI approach that evolves on its own can present challenges in review and validation, particularly when a change in external circumstances (i.e., economic downturns and financial crises) may cause inputs to vary materially from the original training data. 

Dynamic updating techniques can produce changes that range from minor adjustments to existing elements of a model to the introduction of entirely new elements. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] The term “structured data” generally refers to a set of data that has been systematically organized or arranged.

[ii] “Natural Language Processing” or “NLP” generally refers to the use of computers to understand or analyze natural language text or speech.

[iii] The term “chatbot” generally refers to a software application used to conduct an on-line chat conversation via text or text-to-speech, in lieu of providing direct contact with a live human agent.

[iv] “Alternative data” means information not typically found in the consumer’s credit files of the nationwide consumer reporting agencies or customarily provided by consumers as part of applications for credit.

A New Quality Control Program

QUESTION 

We are a lender in the southwest. I am the VP of mortgage lending. Our loans are only conventional on 1-4 single family residential property. Our primary investor is Fannie Mae. We do not originate government loans or investor loans. 

Recently, we ended the relationship with our quality control auditor. So, we're now looking around to replace them. We went to a conference where several lenders highly recommended your firm. So, our compliance manager will be contacting you soon. 

Now, we're updating our quality control plan. We need to start over with a new quality control plan. We need guidance about the areas we should outline in the QC plan. I realize this is a big subject, so maybe you can provide an overview of the basic elements. 

What are the basic requirements of a QC Plan? 

ANSWER 

There are essentially six parts to a basic Quality Control Plan ("Plan" or "Program"). More about that shortly. Depending on the company's size, risk profile, complexity, loan products, and investor conduits, to name a few factors, the Plan's purpose is central to controlling a mortgage lender's originating environment. 

Thank you for contacting us to handle your quality control auditing. We can accommodate any production size and audit virtually all loan products. We have an entire group devoted to quality control, headed by an Executive Director, and staffed with an accomplished audit staff. 

Please contact us here. We'll see that you speak directly with our audit management team. 

I would add that it is critical to ensure that the Plan and the QC auditing are aligned. When regulators and investors review your QC reports, they want to see that you are implementing the requirements of your specific Program. When LCG conducts QC, we can provide a Plan that properly reflects your auditing needs. Be sure to discuss the Plan requirements when you speak to us. 

You should consider establishing a baseline review of your quality control compliance. To effectuate this assessment, many company's use our QC Tune-up. This mini-audit provides substantive evaluation of your quality control function and provides a risk rating. It's cost-effective, hands-on, and quick. If interested, contact us here for information about the QC Tune-up.

Because you originate only conventional loans and your primary investor is Fannie Mae (“Fannie”), my response will address the QC requirements for conventional generally and Fannie in particular.[i]

Your QC Plan must define your lending standards for loan quality, establish processes designed to achieve those standards and mitigate risks associated with the loan origination processes. In that regard, Fannie requires the lender to develop and implement a QC program that provides a structure for identifying the deficiencies in the loan manufacturing process and implementing plans to remediate those deficiencies and underlying issues quickly. 

Six Parts of a Quality Control Program 

I mentioned above that there are six parts to a basic Quality Control Plan. I am going to provide a brief description of each part. I urge you to contact us if you want a more detailed discussion. 

The six parts of a QC Program are: 

1.     Overview; 

2.     Contents; 

3.     Standards and Measures; 

4.     File Reviews; and 

5.     Reporting and Remediation. 

Overview 

Put simply, the Program must include a documented QC Plan that outlines requirements for validating that loans are originated under its established policies and procedures. 

The Overview must provide guidelines to ensure that: 

·     the loans comply with applicable federal, state, and local laws and regulations; 

·     the loans comply with investors' guidelines, such as Fannie Mae's Selling Guide, all related contractual terms and agreements, and are in all respects eligible for delivery to Fannie; and 

·     the Plan must guard against fraud, negligence, errors, and omissions by officers, employees, contractors (whether or not involved in the origination of the mortgage loans), brokers, borrowers, marketing partners, and others involved in the mortgage process. 

Contents 

The Plan must include documented QC procedures that establish standards for quality and incorporate systems and processes for achieving those standards. At a minimum, the Plan must contain the following categories.

 

·     Quality standards and measures, including:

 

o   a general overview and description of the QC philosophy;

 

o   the plan objectives;

 

o   specific risks to be measured, monitored, and managed; and

 

o   the methods used to ensure the Program is an independent and unbiased function, including program governance (targets, sampling) and transaction execution.

 

·     Procedures involving detailed operating and reporting methods for all employees affected by the QC process.

 

·     QC file review process: a process for performing prefunding and post-closing QC file reviews, including, at a minimum, a method for

 

o   confirming compliance with the investors’ guidelines, all related contractual terms and agreements, and that the loans are in all respects eligible for delivery to Fannie; and

 

o   confirming compliance with applicable federal, state, and local laws and regulations.

 

·     Sample selection process: the procedures and metrics for identifying a representative sample of loans for QC file reviews using both random and discretionary selection methodologies, as applicable, that include loans

 

o   originated through each applicable production channel (for example, retail, correspondent, and third-party originators);

 

o   originated under all mortgage products (for instance, fixed, ARM, and special or niche programs); and

 

o   originated using all underwriting methods (manual and AUS).

 

·     Reporting: written procedures for reporting the results of the QC file reviews, including the method of monthly reporting of review findings, including

 

o   the method of monthly reporting of review findings;

 

o   identifying critical components included in the reports;

 

o   distributing summary-level findings to senior management;

 

o   distributing loan-level findings to the business unit(s), specifically to parties within the business unit(s) responsible for resolution;

 

o   requiring a timely response to and resolution – or resolution plan – of findings identified in the QC review process; and

 

o   maintaining accurate and detailed records of the QC reviews’ results.

 

·     Vendor review: a process for reviewing the QC work performed by the third-party auditors.

 

·     File retention: procedures for maintaining for three years records of the QC findings and reports, loan files reviewed, and all related documentation, including chronicling the location of such records.

 

·     Audit: an audit process to ensure that the lender’s QC processes and procedures are followed by the QC staff and that its assessments and conclusions are recorded and consistently applied. 

Quality Standards and Measures 

This is a somewhat complicated area, often leading to confusion. So, I will offer a high-level description. A lender is responsible for the development and maintenance of standards for loan quality and the establishment of processes designed to achieve those standards. 

To evaluate and measure loan quality standards effectively, the lender must establish a methodology for identifying, categorizing, and measuring defects and trends against an established target defect rate. 

At a minimum, the lender must identify any loans with a defect; specifically, these are loans not in compliance with investor guidelines or other related contractual terms and agreements. A methodology must be established by which all loans with identified defects can be categorized based on the severity of the defect. The lender must define the severity levels appropriate to its organization and reporting needs; however, the highest severity level must be assigned to those loans with defects resulting in the loan not being eligible as delivered to Fannie. 

The lender must also establish target defect rates for its organization, reflecting its quality standards and goals. Establishing a target defect rate is based on a lender’s post-closing random QC sample. It enables the lender to regularly evaluate and measure progress in meeting loan quality standards. 

Different target defect rates may be established for different severity levels; however, at a minimum, a target defect rate must be established for the lender’s highest level of severity. 

Here’s an suggestion: a target defect rate that is as reasonably low as possible should be established. Once the targets are set, performance against the targets must be measured at least quarterly and reported to management. It is also essential that the target defect rate(s) be evaluated and, if necessary, reset at least annually. The lender must document the rationale for establishing the target rate(s). During a Fannie review, consideration may be given to how the lender’s chosen target defect rate affects the investor’s risk. Sometimes, this leads to the investor requiring a more realistic target.

Pig Butchering

QUESTION 

We have a problem with a particular loan. Out of an abundance of caution, we filed a SAR on it. But we are not sure if we should have filed one. 

Our concern began when we found that our customer was involved in unusual account activity, Even though she always maintained high balances. When our manager asked her why there were sudden increases in activity, she said that she was involved in converting her money to virtual currency. 

Since it did not appear her account activity was without an economic purpose nor used for criminal activity, we took no action. But then she applied for a HELOC, and alarm bells went off in our compliance department. We found she used the proceeds to wire her funds to a virtual provider to buy virtual currency. 

At this point, we filed the SAR. FinCEN contacted us, and they are now investigating. I have never seen anything like this and wonder if you can tell us what is happening. Thank you for your awesome weekly newsletter. 

Why are home equity proceeds causing a red flag when used to buy virtual currency?

COMPLIANCE SOLUTION

Anti-Money Laundering Test and Training 

ANSWER 

Your question is the first we’ve received from our readership that describes an insidious scam that takes a wrecking ball to an individual’s financial stability. The Financial Crimes Enforcement Network (FinCEN) has known about this scam for some time, but the problem is growing quickly. This con is one of the many cryptocurrency investment scams. 

Perhaps you have not heard the term before, but this type of scam operates by fraudsters gaining the confidence of their victims before eventually enticing them to invest in fraudulent virtual currency trading platforms. 

The scam has a rather gruesome term: Pig Butchering. 

This grisly term comes from a Chinese term[i] that translates to pig butchering. The pig butchering confidence game originated in Southeast Asia and has spread globally. ProPublica published a detailed article last year about this scam and how it works.[ii] There has been considerable media attention to pig butchering and regulatory interest in this scam, including, most recently, a FinCEN alert.[iii] 

Update your AML Program with guidelines for staying notified of SAR compliance. You should conduct an AML Test and AML Training annually to ensure that you comply with all BSA’s Anti-Money Laundering Program requirements. For information and scheduling, please contact us here. 

These scams are called “pig butchering” because they resemble the practice of fattening a hog before slaughter. Victims in this situation are referred to as “pigs” by the scammers who leverage fictitious identities, the guise of potential relationships, and elaborate storylines to “fatten up” the victim into believing they are in trusted partnerships. The scammers then refer to “butchering” or “slaughtering” the victim after their assets are stolen, causing financial and emotional harm to the victim. 

In many cases, the “butchering” phase involves convincing victims to invest in virtual currency or, in some cases, over-the-counter foreign exchange schemes. But scammers go beyond virtual currency into other modalities, such as electronic funds transfers, foreign currency and dollar-denominated Forex gold contracts, as well as wire transfers – as was the case with your customer. 

The goal is to defraud the victims of their investment. Indeed, U.S. law enforcement agencies estimate victims in the United States have lost billions of dollars to these scams and other virtual currency investment frauds.[iv] In fact, in 2022, investment fraud, as a general category, caused the highest losses of any scam reported by the public to the FBI, totaling $3.31 billion. Fraud involving cryptocurrency, including pig butchering, represented the majority of these scams and increased 183% from $907 million in 2021 to $2.57 billion in reported losses in 2022.[v] 

SAR COMPLIANCE 

Your customer may be a victim of a Pig Butchering scam. You acted appropriately by filing a Suspicious Activity Report (SAR). In the future, when you file the SAR, the narrative should include the key term “FIN-2023- PIGBUTCHERING” and select “Fraud-Other” under SAR field 34(z) with the description “Pig Butchering.”[vi] 

PIG BUTCHERING 

There are four parts to the Pig Butchering scam: Initial Contact, Sales Pitch, Promising Huge Profits, and Point of No Return.   

Initial Contact 

A scammer typically makes initial contact with a potential victim through text messages, instant messaging, professional networking sites, social media, dating sites, or other communication tools and platforms. A common ruse is to contact a victim under the guise of accidentally reaching the wrong number or trying to re-establish a connection with an old friend.[vii] The scammer, who may claim to be an investor or money manager, may also create a social media profile that showcases wealth and an enviable lifestyle. Once the scammer elicits a response from a victim, the scammer will communicate with them over time to establish trust and build a relationship.[viii] 

Sales Pitch 

Once trust or a relationship is established, the scammer introduces the victim to a supposedly lucrative investment opportunity in virtual currency, directing them to use virtual currency investment websites or applications designed to appear legitimate[ix] – but which are fraudulent and ultimately controlled or manipulated by the scammer. Legitimate applications with third-party plugins allow the scammer to manipulate or falsify information presented to the victim.[x] 

According to the FBI, many victims also report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards to buy virtual currency. Wire transfers appear to be the method used by your scammed customer. 

Once the victim acquires the virtual currency, the scammer directs them to “invest” the funds through the bogus investment websites or applications. However, the funds are funneled to virtual currency addresses and accounts controlled by scammers and their co-conspirators. 

Occasionally, scammers leverage high-pressure sales tactics such as telling their victims that they will lose out on the opportunity if they do not invest by a certain deadline.[xi]  A scammer may also encourage the victim to bring their friends and family to invest in the scheme.[xii] 

Promising Huge Profits 

At this point, the victim has been snookered. They have invested in the scam, and the scammer shows them incredible returns on their investment. All those returns, of course, are fabricated. To convince the victim of the authenticity of their investment, the scammer may even allow the victim to withdraw a small amount of that investment to further build the victim’s confidence before urging the victim to invest more. Victims have been known to liquidate holdings in tax-advantaged accounts or take out home equity lines of credit (HELOCs) and second mortgages on their homes to increase their investments. And that seems to have happened to your customer! 

Point of No Return 

If a victim slows or stops investing, the scammer uses aggressive tactics to extract final payments. For instance, the scammer may present the victim with supposed losses on the investment and ask them to make up the difference through additional deposits. But if the victim attempts to withdraw their investment, the scammer demands that the victim pay purported taxes or early withdrawal fees. Inevitably, once the victim cannot pay more into the scam, the scammer abruptly ceases communication, making off with the victim’s entire investment. 

RED FLAGS 

FinCEN compiled three types of red flags relating to pig butchering: behavioral, financial, and technical, consisting of a total of fifteen indicators. Lenders Compliance Group has a checklist for these red flag indicators. Please contact us here if you would like a copy of the Red Flags Indicators.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] “Sha Zhu Pan” is the Chinese term that loosely translates to pig butchering.

[ii] What’s a Pig Butchering Scam? Here’s How to Avoid Falling Victim to One, by Podkul, Cezary, September 19, 2022, ProPublica

[iii] FinCEN Alert on Prevalent Virtual Currency Investment Scam Commonly Known as “Pig Butchering”, FIN-2023-Alert005, September 8, 2023, Financial Crimes Enforcement Network

[iv] See The FBI Warns of a Spike in Cryptocurrency Investment Schemes, Public Safety Announcement, Alert I-031423-PSA, March 14, 2023, FBI

[v] See 2022 Internet Crime Report, FBI, March 9, 2023, at p. 12.

[vi] Idem

[vii] See Cryptocurrency Investment Schemes, Public Service Announcements, Alert I-100322-PSA, October 3, 2022, FBI

[viii] Idem

[ix] The term for this is “spoofing.” The term “spoofed” refers to a cyberattack in which fraudsters or hackers seek to persuade individuals that a web address or email belongs to a legitimate and generally trusted company, when in fact it links the user to a false site controlled by a cybercriminal.

[x] A scammer may also request remote access to the victim’s devices to register accounts with virtual currency service providers (i.e., virtual asset service providers, or VASPs) on the victim’s behalf. The scammer may also instruct their victims to take screenshots of their device so that the scammer can direct them through the process of purchasing virtual currency.

[xi] See Scammers Defaud Victims of Millions of Dollars in New Trend in Romance Scams, Public Service Announcement, Alert I-091621-PSA, September 16, 2021, FBI

[xii] See Criminals Steal Cryptocurrency through Play-to-Earn Games, Public Service Announcement, Alert I-030923-PSA March 9, 2023, FBI. The scammer may also invite the victim to join online or mobile games, advertised as “play-to-earn” games offering financial incentives to players, but which in reality are fake gaming applications created by the scammer to steal virtual currency from players.

Credit Repair Services – Cautioning the Consumer

QUESTION 

Our CEO has notified our loan officers that she will not accept any applications where credit repair has taken place. Some of our loan officers now threaten to leave the company because they view credit repair as a legitimate business. 

Maybe it is and maybe it isn’t. I am not in a position to know. But I do know that the CFPB has been very litigious against credit repair companies for all sorts of violations. And the CFPB has been getting some hefty settlements. 

We have been tasked with drafting a pamphlet to give applicants about the hazards involving credit repair. We are supposed to say that our company will not process applications if a credit repair company is used. 

Since you have written about the scams to consumers and challenges to lenders from credit repair companies, I hope you can provide a brief outline for our pamphlet. 

What should our pamphlet say about the scams and dangers of credit repair? 

ANSWER 

I think there is a tendency to take the whole credit repair industry to task because of the frauds perpetrated by several of its members, large and small. It is better to educate consumers about the risks than to tar all credit repair services with the nefarious actions of bad counselors. Many credit repair companies make a positive contribution to consumers’ financial welfare. 

Generally, credit repair organizations[i] sell, provide, or perform any service in return for the payment of money or other valuable consideration for the express (or implied) purpose of improving a consumer’s credit record, credit history, or credit rating or providing advice or assistance to a consumer with respect to any such activity or service.[ii] 

You are correct in stating that there have been substantial settlements involving credit repair companies, two of the largest being CreditRepair.com and Lexington Law. The settlement was reached in litigation with the Consumer Financial Protection Bureau (CFPB). Both companies are now bankrupt, each owned by PGX Holdings, Inc., which is reorganizing in bankruptcy.[iii] The settlement, among other things, states that the companies collected illegal advance fees for credit repair services through telemarketing in violation of federal law.[iv] 

The stipulated judgment will impose more than $64 million in civil monetary penalties and a $2.7 billion judgment for redress. Plus, it will require notices about the settlement to be sent to enrolled consumers, including information about canceling the service. Finally, for ten years, the settlement bars these companies from doing business with certain marketing affiliates and bans them from telemarketing any credit repair services or others marketed through telemarketing. 

I won’t second-guess the reasons why your CEO has decided not to take a loan application if the applicant used a credit repair company, but considering the case of CreditRepair.com and Lexington Law, and the CFPB’s far-reaching the CFPB’s examination and enforcement authorities, she may be mindful of the legal, regulatory, and operational risks. 

Providing a pamphlet about credit repair to the applicant is a good idea. It is proactive. If you offer a pamphlet but do not accept loan applications from people who use or plan to use credit repair, it would be helpful to state the company’s position in the pamphlet and appropriate disclosures. But this is not just a business decision. 

Suppose you take the application but discover that the applicant used a credit repair service, and you have a blanket policy that rejects such applications. In that case, you may need to reject the application, possibly based on an inability to verify credit eligibility. That decision would cause the issuance of Regulation B disclosure (i.e., Adverse Action), which requires you to disclose why you rejected the application. The Equal Credit Opportunity Act (ECOA)[v] and Fair Credit Reporting Act (FCRA)[vi] would likely apply. In fact, there are several moving parts, regulatory, legal, credit underwriting, and operational, to the decision not to accept applications where credit repair is used. The decision to implement a blanket policy to ban all applications where consumers have used credit repair or credit relief guidance is fraught with risk. Before implementing these plans, I suggest you discuss them with competent counsel or compliance professionals. 

However, in general, issuing a pamphlet to applicants is worthwhile. You don’t have to discourage an applicant from using credit repair services if you offer the pamphlet to warn applicants about potential scams, frauds, ripoffs, shams, deceptions, swindles, and telemarketing crimes. The warning may be enough! 

Legitimate credit repair services follow numerous federal laws, including the Credit Repair Organizations Act[vii] and, as applicable, the Telemarketing Sales Rule,[viii] both of which forbid credit repair organizations from using deceptive practices and accepting up-front fees. 

The CFPB has provided substantial guidance to consumers. Several years ago, the CFPB issued a Consumer Advisory called Don’t Be Misled By Companies Offering Paid Credit Repair Services.[ix] The Bureau also published an article on How To Avoid Credit Repair Service Scams, which is easy to adapt to a pamphlet format.[x] A fine pamphlet on credit repair fraud, entitled Consumer Pamphlet: Credit Repair Fraud, is provided as a public service for consumers by The Florida Bar.[xi] In drafting your pamphlet, consider including these publications in your review. 

It would help if you listed some caveats in the pamphlet that can assist consumers in evaluating credit counselors. A well-known resource for finding a credit counselor is the National Foundation for Credit Counseling. Contact information about it can be offered in the pamphlet.[xii] 

Whatever caveats you choose, such a list should at least include these five Red Flags:[xiii] 

1.     They demand payment upfront. 

The company wants you to pay before it provides any services. Under the Credit Repair Organizations Act, credit repair companies can’t request or receive payment until they’ve completed the services they’ve promised. Some companies will structure monthly payment plans to avoid this requirement, and you should know that no form of upfront payment is legal. 

A simple rule to follow is “Don’t pay upfront.” If the company uses telemarketing such that the Telemarketing Sales Rule applies, the company may not request or receive fees until it has provided you with a credit report generated more than six months after the promised results that shows the results. 

2.     It sounds too good to be true. 

The company tells you it can get rid of the negative credit information in your credit report in a short period, even if that information is accurate and current. Also, if they promise a specific increase in your credit score or guarantee a certain result. 

No one can guarantee this. It simply takes time to repair your credit file. 

3.     They can’t answer questions.

The company representative can’t explain the specifics of the services they are offering you or the total cost for those services. 

Asking a few simple questions can help you determine if you are dealing with a reputable organization. 

4.     They hold back or provide misinformation. 

The company doesn’t inform you of your rights, including your right to obtain a written contract outlining the details of your arrangement, as well as having the ability to cancel your contract with the company within three business days. The company does not disclose the full cost of its services, and/or the company suggests that you should not (or cannot) contact any of the nationwide credit reporting companies directly (you can). 

5.     They ask you to misrepresent information. 

The company suggests that you try to invent a “new” credit identity – resulting in a new credit report – by applying for an Employer Identification Number instead of your Social Security Number. 

 

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group

---

[i] See §1679a(3)(A)(i)-(ii), 15 USC Chapter 41, Subchapter II-A: Credit Repair Organizations, From Title 15: Commerce and Trade, Chapter 41—Consumer Credit Protection

[ii] Ibid. §1679a(3)(A), Credit repair organizations include entities that can or will sell, provide, or perform credit repairs.

[iii] Credit repairer PGX begins bankruptcy with $12 million loan, Knauth, Dietrich, June 6, 2023, Reuters. PGX also owns Credit.com.

[iv] CFPB Reaches Multibillion Dollar Settlement with Credit Repair Conglomerate, Press Release, August 28, 2023, Consumer Financial Protection Bureau; Bureau of Consumer Financial Protection v Progrexion Marketing, Inc.

[v] Equal Credit Opportunity Act

[vi] Fair Credit Reporting Act

[vii] 15 USC §§ 1679-1679j, FTC; Title IV of the Consumer Credit Protection Act, prohibits untrue or misleading representations and requires certain affirmative disclosures in the offering or sale of "credit repair" services. The Act bars companies offering credit repair services from demanding advance payment, requires that credit repair contracts be in writing, and gives consumers certain contract cancellation rights.

[viii] 16 CFR 310, FTC; The Telemarketing Sales Rule requires telemarketers to make specific disclosures of material information; prohibits misrepresentations; sets limits on the times telemarketers may call consumers; prohibits calls to a consumer who has asked not to be called again; and sets payment restrictions for the sale of certain goods and services.

[ix] Don’t Be Misled By Companies Offering Paid Credit Repair Services, Consumer Advisory, Consumer Financial Protection Bureau, issued September 20, 2016, updated December 3, 2019.

[x] How To Avoid Credit Repair Service Scams, Brown, Desmond, September 23, 2016, updated July 30, 2019, Blog, Consumer Financial Protection Bureau

[xi] Consumer Pamphlet: Credit Repair Fraud, The Florida Bar, updated June 2023, https://www.floridabar.org/public/consumer/tip005/. Note, the article appears to be copyrighted, so contact the organization for permission to publish it in whole or in part.   

[xii] The nonprofit National Foundation for Credit Counseling has a website at https://www.nfcc.org. Its telephone is 800-388-2227.

[xiii] Op. cit. x