On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued a Policy Statement on Abusive Acts or Practices (the “Policy Statement”). The Policy Statement “explain[s] how the CFPB analyzes the elements of abusiveness” under the Dodd-Frank Act “with the goal of providing an analytic framework” for identifying abusive conduct. The Policy Statement sets forth a broad approach to assessing what constitutes abusive conduct (for example, suggesting that products or services may be inherently abusive if they are too complex to explain to consumers and that even unreasonable consumer confusion may form the basis of abusiveness). In that respect, it may be of limited utility to companies seeking to enhance compliance programs to meet CFPB expectations. But as it sets out—for the first time—a comprehensive assessment of how the CFPB will approach its exercise of this authority, companies should review the Policy Statement to identify areas where it may be helpful from a compliance perspective and to gain insight into the CFPB’s thinking.
The Policy Statement purports to follow in the tradition of the Federal Trade Commission’s (Commission) policy statements on unfairness and deception, issued by the Commission in 1980 and 1983, respectively. Those policy statements “delineated the Commission’s views of the boundaries of its consumer unfairness jurisdiction” and set forth “the manner in which the Commission will enforce its deception mandate.” The CFPB’s Policy Statement, by contrast, does not purport to “delineate” any “boundaries” on the agency’s jurisdiction. Instead, it provides examples of the kind of conduct that the CFPB—today—considers as potentially abusive, but it carefully cabins these examples with phrases such as “including but not limited to” or “may include,” leaving the agency wiggle room to find abusiveness in circumstances that do not fit within the articulated framework.
Moreover, as we’ve previously discussed in surveying the CFPB’s use of its abusiveness jurisdiction during its first 10 years of existence, when the CFPB has alleged conduct to be abusive it has usually also alleged that the same conduct is unfair and/or deceptive. And when it has not done so, it readily could have. To date, the agency has not addressed or answered the question of what conduct the abusiveness prohibition proscribes that wasn’t already proscribed by the pre-existing prohibitions on deception and unfairness. The Policy Statement does not attempt to answer that question either.
Nor does the Policy Statement grapple with or address all of the CFPB’s prior claims of abusiveness—likely because those claims cannot be readily reconciled with each other or with the Policy Statement’s approach to the various aspects of abusiveness. That is, how the CFPB has pled abusiveness in the past is not always consistent with the “analytic framework” set forth in the Policy Statement.1
Nevertheless, the Policy Statement is a helpful exposition of how the agency currently thinks about its abusiveness authority and provides a framework for companies to think about how to approach compliance and interact with the CFPB. Consumer financial services providers should review the Policy Statement carefully and consider whether and how they should incorporate its guidance into their compliance programs.
The Dodd-Frank Act provides four separate definitions of abusive conduct. An act or practice is abusive if it:
(1) “materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service;” or
(2) “takes unreasonable advantage of:
A. a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
B. the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or
C. the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.”2
A violation of any of these provisions is sufficient for a finding of abusiveness. We address the Policy Statement’s discussion of each of these provisions in turn.
Materially Interfering with Consumers’ Understanding of Terms or Conditions
With respect to this prong of the abusiveness definition, the Policy Statement first articulates the CFPB’s view that “material interference” can be shown when an act or omission (a) intends to impede consumer understanding, (b) has the natural consequence of impeding consumer understanding, or (c) actually impedes consumer understanding. The Policy Statement cites no precedent or other authority for this assertion, which is arguably broader than the statutory language (which only speaks to conduct that [actually] “materially interferes”). The Policy Statement goes on to identify the different “forms” that material interference can take: buried disclosures; physical or digital interference that impedes a consumer’s ability to see, hear or understand terms or conditions; and overshadowing (defined as the “prominent placement of certain content that interferes with the comprehension of other content”).
The Policy Statement summarizes: “Certain terms of a transaction are so consequential that when they are not conveyed to people prominently or clearly, it may be reasonable to presume that the entity engaged in acts or practices that materially interfere with consumers’ ability to understand.” If all this sounds a lot like how you would identify potential deception, that’s because it is. As we’ve previously noted, this aspect of abusiveness is very similar to deception.
The Policy Statement does go one step further, however, noting (again without citation or example) that the “provision” of a product or service may be abusive if it “is so complicated that material information about it cannot be sufficiently explained.” This appears to suggest that some products or services may be inherently abusive—even if their terms are fully and accurately disclosed. The notion that the mere offering of a product or service—as opposed to conduct related to obscuring or misrepresenting material terms—can be abusive represents a novel assertion of authority, made all the more striking by the CFPB’s failure to provide any examples that might qualify or cite to any prior cases in which the agency took this position.
Taking Unreasonable Advantage
The three remaining types of abusive conduct all involve “taking unreasonable advantage” of a particular circumstance. The CFPB previously grappled with what it means to “take unreasonable advantage” in the context of the Payday Rule, which determined that certain collection activity in connection with payday loans was abusive. In that rulemaking, the CFPB noted that the abusiveness standard “does not prohibit financial institutions from taking advantage of their superior knowledge or bargaining power to maximize profit,” noting that in market economies participants generally pursue their self-interests. “At some point,” however, “a financial institution’s conduct in leveraging a consumer’s lack of understanding or inability to protect their interests becomes unreasonable advantage-taking that is abusive.”3 After noting that determining when that line is crossed is based on “all the facts and circumstances,” the CFPB turned to a cost-benefit analysis that, relying on statistics, concluded that the particular conduct proscribed by the rule “generate[s] relatively small amounts of revenue for lenders as compared with the significant harms that consumers incur as a result of the practice.”4
The Policy Statement discusses what it means to “take unreasonable advantage” but makes no mention of this prior CFPB analysis. And without acknowledging the CFPB’s prior position, the Policy Statement expressly eschews the cost-benefit analysis suggested by the payday rulemaking: “[S]ection 1031(d)(2) does not require an investigative accounting of costs and benefits or other form of quantification to make a finding.” While it may be that the CFPB’s thinking on this issue has evolved, or that the agency believes that this type of cost-benefit analysis is only appropriate in the rulemaking, as opposed to enforcement, context, it is disappointing that the CFPB did not address—let alone explain its departure from—its previous “analytic framework” for what constitutes “taking unreasonable advantage.”
That said, the Policy Statement does set forth a (different) analytic framework for what constitutes “taking unreasonable advantage” in the Bureau’s view, providing several important guideposts. First, it notes that typicality is irrelevant to the inquiry; that is, “everyone does this” is (in the CFPB’s view) no defense to a claim of taking unreasonable advantage. Second, it notes that “even a relatively small advantage may be abusive if it is unreasonable”; that is, lack of (or minimal) profit from a practice is also no defense. Third, loans that are “set up to fail” (i.e., loans made with an “indifferen[ce] to negative consumer outcomes”) may constitute unreasonable advantage taking. Fourth, although a cost-benefit analysis is not required, entities should not “get a windfall” as a result of a gap in consumer understanding, unequal bargaining power, or consumer reliance (the three statutory factors of which entities cannot take unreasonable advantage). The Policy Statement then discusses each of these statutory factors in turn.
Lack of Understanding
The Dodd-Frank Act provides that it is an abusive act or practice for an entity to take unreasonable advantage of “lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service.” As we’ve previously noted, virtually all of the CFPB’s claims under this prong of abusiveness have been based, in part, on an alleged misrepresentation or omission by the respondent that caused the consumer’s alleged “lack of understanding.” In this respect, these claims sound in deception.
The Policy Statement, however, expressly disclaims the notion that a respondent need be responsible for the consumer’s lack of understanding, stating that the prohibition “does not require that the entity caused the person’s lack of understanding through untruthful statements or other actions or omissions.” And, indeed, one of the recent abusiveness claims brought by the CFPB was based on the charging of certain overdraft fees in a context where the “counter-intuitive, complex transaction processing” led to the consumer’s misunderstanding. That is, there may be circumstances where the sheer complexity of a product or service means that even absent misrepresentations or omissions, selling the product may be abusive. In this respect, the CFPB’s analysis of this aspect of abusiveness is consistent with its analysis of the material interference prong discussed above—some products or services may be too complex to adequately explain to consumers.
The Policy Statement provides guideposts for the kind of “gaps in understanding” that may form the basis for abusiveness claims. The Bureau notes that gaps in understanding as to “risks” include the likelihood of default and the loss of future benefits; gaps in understanding as to “costs” include not only monetary charges but also non-monetary harm such as lost time or reputational harm; and gaps in understanding as to “conditions” include “any circumstance, context, or attribute of a product or service,” including “the length of time it would take to realize the benefits of a financial product or service, the relationship between the entity and the consumer’s creditors, the fact that a debt is not legally enforceable or the processes that determine when fees will be assessed.”
Importantly, the Policy Statement asserts that the “lack of understanding” need not be either reasonable or widespread to be actionable. In the CFPB’s words, the statute “does not require that the consumer’s lack of understanding was reasonable…. Similarly, [it] does not require proof that some threshold number of people lacked understanding” to establish a violation. The upshot is that so long as some consumers misunderstand a risk, cost or condition, even if that misunderstanding is unreasonable or idiosyncratic, an entity’s “taking unreasonable advantage” of that circumstance may be abusive. This, of course, is a far cry from the standard for deceptive conduct, where the applicable legal standard as articulated in the Commission’s policy statement on deception (and in the CFPB’s own examination manual) is based on a “consumer acting reasonably in the circumstances.”5 The CFPB’s articulation of “lack of understanding” also differs from the CFPB’s analysis of this issue in the payday rulemaking, where the agency noted that “it is likely that a significant number of borrowers lack a sufficient understanding of [the proscribed] practices and their effects.”6 While that statement did not expressly impose a requirement of reasonable or widespread lack of understanding, it suggested as much, and the CFPB’s failure to grapple with its prior analysis in this regard is disappointing, especially as it relies on the precedent of the rulemaking for another aspect of the analysis.
In the payday rulemaking, the CFPB concluded that in assessing “lack of understanding,” the focus should be not on a consumer’s general understanding of the risks or costs of a product but rather on the consumer’s understanding of the likelihood or extent of the risk or cost being incurred. Relying on the rulemaking, the Policy Statement reaches the same conclusion—“even if [consumers] have an awareness that it is in the realm of possibility that a particular negative consequence may follow, or a particular cost may be incurred,” they may still misunderstand that the “risk is very likely to happen or that … the impact of a particular risk would be severe.”
Finally, the Policy Statement makes explicit what had been implicit in a number of cases brought by the CFPB: A consumer entering into a transaction that entails material risks or costs but from which the consumer would likely derive minimal or no benefit can itself demonstrate that the consumer lacked the requisite understanding. Put another way: Selling a consumer a product from which the consumer is unlikely to benefit may be abusive.
Inability of Consumers to Protect Their Interests
The Policy Statement refers to the prohibition on taking unreasonable advantage of a consumer’s inability to protect their interest as focusing on “unequal bargaining power.” As with the “costs” that consumers may misunderstand, the “interests” that consumers may not be able to protect include not only monetary interests but also non-monetary privacy or reputational interests.
Relying on the payday rulemaking as precedent, the Policy Statement explains that the “inability” to protect one’s interests refers not to a literal impossibility but instead to “impractical[ity].” By way of example, it notes that when a person would need to take unknown or especially onerous steps to protect their interests, they are likely unable to protect their interests. And the Policy Statement expressly notes that for those of limited means, the payment of money may be impractical—that is, the argument that interests could be protected by, e.g., making a timely loan payment is unlikely to persuade the Bureau.
The Policy Statement notes that where consumers lack market choice—for example, in dealing with credit reporting companies, debt collectors or third-party loan servicers—they are often unable to protect their interests by choosing an alternative provider. While taking pains to note that “obviously, such relationships are not per se abusive,” the Policy Statement flags them as ripe for abusive claims if entities take unreasonable advantage of the lack of choice. In many respects, this is similar to the prohibition on unfairness, which is focused on consumers’ inability to avoid an injury and which is often focused on such captive relationships.
In addition to captive relationships, the Policy Statement highlights additional circumstances where consumers may not be able to protect their interests, including the use of form contracts (where consumers lack bargaining power), where companies have outsize market share, and where there are high transaction costs to exiting a relationship with a product or service provider. The Bureau’s articulation of these criteria reflects the market- and competition-focused approach to consumer protection that Director Rohit Chopra has brought to his job.
The final circumstance that covered persons are prohibited to take unreasonable advantage of is a consumer’s reasonable reliance on the covered person acting in the consumer’s interest. Given the general rule of caveat emptor that prevails in a capitalist economy, the question raised by this prohibition is under what circumstances is it reasonable for a consumer to rely on a company to act in the consumer’s interest. The Policy Statement identifies two such circumstances. First, where an entity represents that it will act in a consumer’s interests or otherwise holds itself out as doing so, it is generally reasonable for consumers to rely on such representations. As we’ve previously noted, this has been the basis for the majority of the CFPB’s abusiveness claims under this prong of the statute. Second, the Policy Statement notes that when entities “assume the role of acting on behalf of people as their agents or representatives” or “act as intermediaries to help people navigate marketplaces for consumer financial products or services,” it may be reasonable for consumers to rely on the entities to act in the consumers’ interest.
The Policy Statement’s failure to fully grapple with prior CFPB analysis and use of its abusiveness authority is disappointing. Nevertheless, the Policy Statement is still a welcome exposition of how the CFPB is thinking about and approaching claims of abusiveness—at least in the short term. It should help ensure a greater consistency in the CFPB’s use of this authority (which previously seemed somewhat ad hoc) and provides covered persons with an analytic framework to assess compliance and rebut CFPB claims of abusiveness.
The Policy Statement, of course, is not a formal rule and it does not have the force and effect of law. While the courts have repeatedly cited to the Commission’s policy statements on unfairness and deception in deciding cases, those policy statements were both grounded in caselaw and more circumscribed in delineating the Commission’s understanding of the scope of those authorities. Here, the CFPB’s Policy Statement is almost exclusively grounded in agency consent orders or simply the CFPB’s articulation of its understanding of the statutory prohibition. It remains to be seen whether courts will defer to the Policy Statement or endorse some of its more far-reaching interpretations—e.g., that certain products are too complex to explain and may be inherently abusive as a result or that the analysis of consumer understanding is not focused on a reasonable consumer. And it remains to be seen whether the CFPB seeks to assert claims beyond the confines of what it has articulated in the Policy Statement.
1 The Policy Statement purports to “summarize” the “dozens of actions” the CFPB and other agencies have taken alleging abusive conduct. In many cases, the CFPB does cite to its past complaints and consent orders. But not all of its cases are cited or referenced, and in some cases (discussed below), the agency makes broad statements without any citation to precedent.
3 82 Fed. Reg. 54472, 54743 (Nov. 17, 2017). The CFPB later partially repealed this rule but applied the same analytic framework to “taking unreasonable advantage.” 85 Fed. Reg. 44382, 44420 (July 22, 2020).
5 It bears noting that the FTC Act also “does not require that the consumer’s lack of understanding was reasonable,” but the Commission nevertheless adopted a reasonableness standard in its policy statement.