Entities that operate among or provide services to persons who provide consumer financial products or services can be subject to the same oversight and regulatory responsibilities of persons who directly provide consumer financial products or services. This is based on their involvement in and the services they provide in support of consumer financial products or services. Accordingly, service providers should evaluate their role in the delivery of consumer financial products and determine their responsibilities under applicable consumer financial protection laws and rules.
The Consumer Financial Protection Bureau (CFPB) recently filed a proposed order in an ongoing lawsuit against a service provider that engaged with credit-repair business owners. In the initial 2021 complaint, the CFPB outlined its jurisdiction over the service provider and its alleged violations for being aware of, and allegedly encouraging, credit-repair business owners to violate the Telemarketing and Consumer Fraud and Abuse Prevention Act (the “Telemarketing Act”) and thus violate the Consumer Financial Protection Act (CFPA).
Service Providers Under the CFPA
The CFPA provides that it is unlawful for any covered person or service provider to offer or provide a consumer financial product or service not in conformity with federal consumer financial law, or otherwise commit any act or omission in violation of federal consumer financial law. A service provider is any person that provides a material service to a covered person in connection with the offering or provision by a covered person of a consumer financial product or service.
The CFPB filed a complaint in 2021 related to the promotion of activities it claimed violate the Telemarketing Act and the CFPA. The service provider in question created software and training to persons interested in building credit repair businesses (“Credit Repair Start-Ups”). The complaint noted the following:
- The software was marketed as an all-in-one solution, including template websites and an optional billing module.
- The service provider drafted marketing templates for use by the financial service provider.
- The service provider drafted correspondence templates, including customer-facing communications.
- The service provider conducted training and instruction.
- The service provider resources included telemarketing sales scripts.
As a result of providing the Credit Repair Start-Ups with these tools and training, the service provider had access to a significant amount of information about their activities.
Why Did the Service Provider’s Action Invite Scrutiny?
The intense end-to-end involvement by the service provider resulted in the service provider being held accountable for the alleged violations of the Telemarketing Act and as a result the CFPA. The CFPB pursued action against the service provider rather than the various Credit Repair Start-Ups, which would each be covered persons under the CFPA.
In a proposed stipulated and final judgment from August of 2024, the CFPB imposed certain obligations on the service provider, which have the impact of ensuring that the service provider is responsible for monitoring the activities of the covered persons. Those obligations and penalties included in part:
- The service provider must develop and maintain a certification program to ensure that Credit Repair Start-Ups are screened and confirmed to not be in violation of certain financial regulations; it must also maintain a compliance monitoring program to periodically monitor Credit Repair Start-Ups’ compliance with certain financial regulations.
- The service provider must develop and maintain a compliance plan that is sufficiently robust to ensure that the provision of the software and any tools and training provided by the service provider comply with all applicable laws that the CFPB enforces.
- The service provider executives must have a significant role in reviewing compliance efforts and ensuring that such executives are responsible for ensuring that the service provider complies with any order.
- The service provider was ordered to pay $1,000,000, and the service provider’s founder, owner and chief executive officer were ordered to pay $2,000,000 in civil penalties.
Why Should Service Providers Be Mindful of Consumer Finance Laws and Regulation?
As the CFPA clearly states, the rules of compliance with consumer financial protection laws apply to both service providers and covered persons. Both the CFPB and state attorney generals have authority to pursue actions with both service providers and covered persons. This action by the CFPB makes it clear that the CFPB can and will go after service providers that are involved in providing financial products to consumers, particularly if such service provider is providing the means for sellers of financial products or services to sell to consumers and encouraging such sellers to do so in a way that is not in compliance with financial regulations.
If you are providing training, templates, software services or other solutions for persons who offer consumer financial services, have you reviewed these materials for compliance with consumer financial protection laws? If not, we strongly encourage you to do so. For further guidance, contact the authors or any attorney with Frost Brown Todd’s Finance Industry Team or Data, Digital Assets & Technology Practice.