CFPB's PayPal Complaint Breaks New Ground

Bridgeforce Law analyzed details of the settlement between CFPB and PayPal, which sheds new light on the CFPB's interpretation of the "abusive" prong of UDAAP.

Overview

On May 19, 2015, PayPal agreed to settle CFPB allegations of violations of the unfair, deceptive, and abusive acts or practices (UDAAP) provisions of the Consumer Financial Protection Act (CFPA) related to its PayPal Credit product. The proposed Consent Order filed by the CFPB with the United States District Court for the District of Maryland requires PayPal to pay $15 million in compensation to consumers and a $10 million civil penalty. In addition, PayPal must submit to the CFPB for non-objection, “a comprehensive compliance plan designed to ensure that [PayPal’s] offering, marketing, and providing of PayPal Credit complies with [the] Order.” (Order ¶ 42.) As further discussed below, the Complaint filed together with the proposed Order both further clarifies the CFPB’s interpretation of the “abusive” prong of UDAAP and offers several general lessons for creditors.

PayPal Credit, formerly Bill Me Later, is an online, open-end, consumer credit product that allows consumers to pay for purchases online and in certain stores. The product is offered to consumers on eBay, as well as the websites of thousands of other online merchants. PayPal Credit is used by consumers to fund purchases made using PayPal—the consumer pays for an item using PayPal, and the amount of the purchase is charged to PayPal Credit. A customer’s PayPal and PayPal Credit accounts may be linked so that all PayPal transactions are charged to PayPal Credit by default. When linked to a PayPal account, PayPal Credit gives consumers the same functionality as an online credit card. [1]

All six Counts contained in the CFPB’s Complaint are based solely on violations of UDAAP:

• Count I - Unfair Acts or Practices related to the Enrollment of Consumers in PayPal Credit
• Count II - Unfair Acts or Practices related to Defendants’ Use of PayPal Credit as a Payment Method
• Count III - Unfair Acts or Practices Related to Payments
• Count IV - Deceptive Advertising
• Count V - Abusive Deferred-Interest Acts or Practices
• Count VI - Unfair Billing Dispute Practices

Although UDAAP is always used in singular tense in colloquial conversation, each of the three standards that together comprise UDAAP (i.e. unfair, deceptive, or abusive acts or practices) has its own legal standard. Regarding the unfair and deceptive standards, the Narrative to the UDAAP section of the CFPB Supervision and Examination Handbook notes that:

The principles of “unfair” and “deceptive” practices in the [CFPA] are similar to those under Section 5 of the Federal Trade Commission Act (FTC Act). The Federal Trade Commission (FTC) and federal banking regulators have applied these standards through case law, official policy statements, guidance, examination procedures, and enforcement actions that may inform CFPB. (UDAAP Narrative, footnote 2 [2].)

Consistent with longstanding FTC interpretations, an act or practice is “unfair” for purposes of the CFPA when: (i) it causes or is likely to cause substantial injury to consumers, (ii) the injury is not reasonably avoidable by consumers; and (iii) the injury is not outweighed by countervailing benefits to consumers or to competition. (UDAAP Narrative, pp. 174-178.) Likewise consistent with FTC interpretations, an act or practice is “deceptive” under the CFPA when: (i) there is a representation, omission, act or practice that misleads or is likely to mislead; (ii) the consumer’s interpretation of the representation, omission, act or practice is reasonable under the circumstances; and (iii) the misleading representation, omission, act, or practice is material. (UDAAP Narrative, pp. 178-181.)

The “abusive” standard of the CFPA has no direct parallel in the FTC Act; albeit, elements of the abusive standard closely resemble the unfair and deceptive standards. Section 1031(d) of the CFPA (12 U.S.C. § 5531(d)) defines “abusive” as follows:

(d) Abusive

The Bureau shall have no authority under this section to declare an act or practice abusive in connection with the provision of a consumer financial product or service, unless the act or practice—

1. materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or

2. takes unreasonable advantage of—
   1. a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
   2. the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or
   3. the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Although the facts underlying each of the six counts stated in the Complaint are instructive regarding the types of actions or omissions that are likely to result in formal enforcement action, only Count V, which concerns PayPal’s application of PayPal Credit payments made in excess of the minimum periodic amount due (excess payments), breaks new legal ground. Specifically, Count V marks the first time the CFPB has applied Subsection 1031(d)(2)(B) to circumstances involving the use, versus the selection, of a consumer financial product or service. Moreover, unlike the earlier enforcement actions involving the selection of a product or service, there is no indication that the CFPB considered the affected PayPal Credit customers to be highly vulnerable (i.e. based on poverty, old age, military status, etc.) with respect to the ability to protect their interests. [3]

As noted earlier, PayPal Credit is not a credit card for purposes of Regulation Z because purchases are never made using, or charged directly to, the customer’s PayPal Credit account. PayPal’s payment allocation practices during the time period in question, however, appear to have been consistent with Regulation Z’s payment allocation requirements for credit card relationships. Under Regulation Z, credit card payments must be applied “first to the balance with the highest annual percentage rate and any remaining portion to the other balances in descending order based on the applicable annual percentage rate.” (12 CFR § 1026.52.) Moreover, when multiple credit card balances have the same annual percentage rate, Regulation Z does not require any particular method for allocating payments among those balances. (12 CFR § 1053, Official Interpretation No. 4, Supplement I to Regulation Z.) Furthermore, when a balance is subject to a deferred interest program that does not require the customer to pay accrued interest so long as the balance is repaid in full prior to the expiration of a specified period of time, the deferred balance must be treated as having an annual percentage rate of zero (0) during the deferral period. [4] Finally, certain “special rules” apply to deferred interest credit card programs:

(b) Special rules—(1) Accounts with balances subject to deferred interest or similar program. When a balance on a credit card account under an open-end (not home-secured) consumer credit plan is subject to a deferred interest or similar program that provides that a consumer will not be obligated to pay interest that accrues on the balance if the balance is paid in full prior to the expiration of a specified period of time:

(i) Last two billing cycles. The card issuer must allocate any amount paid by the consumer in excess of the required minimum periodic payment consistent with paragraph (a) of this section, except that, during the two billing cycles immediately preceding expiration of the specified period, the excess amount must be allocated first to the balance, subject to the deferred interest or similar program and any remaining portion allocated to any other balances consistent with paragraph (a) of this section; or

(ii) Consumer request. The card issuer may at its option allocate any amount paid by the consumer in excess of the required minimum periodic payment among the balances on the account in the manner requested by the consumer.

The facts recited in the Complaint in support of Count V describe how PayPal applied payments received from PayPal Credit customers. Specifically, “before early 2013, [PayPal’s] practice was to apply payments in excess of the minimum payment proportionally to all deferred-interest promotional balances with the same rate, regardless of expiration date, unless a promotion was expiring within two cycles, in which case payments would be applied to that promotion.” (Complaint ¶ 36.). Moreover, PayPal represented to customers that they could “contact [PayPal’s] customer service representatives if they wanted more information about the product, including payment allocation and how much they would need to pay to avoid paying interest (Complaint ¶ 37),” or to “request that payments be allocated to specific balances in a way other than PayPal’s default method for applying payments.” (Complaint ¶ 38.)

According to the Complaint, PayPal failed to provide consumers “adequate information to allow them to understand how [PayPal] applied payment to various balances and how much consumers needed to pay to avoid interest.” (Complaint ¶ 35.) Regarding the ability of customers to request that excess payments be allocated in a particular way, the Complaint further provides that “many consumers could not reach a customer service agent at all, or [PayPal] ignored such re-allocation requests, or allocated payments differently than consumers requested. (Complaint ¶ 38).”

If one accepts that PayPal’s application of excess payments generally complied with Regulation Z’s payment allocation rules, the CFPB’s finding of abusive acts or practices necessarily hinges on PayPal’s alleged misconduct concerning its handling of customers’ special requests to allocate payments. In this regard, the Complaint describes PayPal’s actions in terms indicative of deliberate and wrongful behavior; i.e. “[PayPal purported to allow customers to control the allocation of payments. . .and when consumers made specific allocation requests, [PayPal] often ignored such requests or allocated payments differently than consumers requested.” (Complaint ¶ 73.) Absent this egregious behavior, it is highly unlikely that the CFPB would have invoked the CFPA’s abusive standard. To this end, although the Complaint states that PayPal “provided little information to consumers about how it allocated payments… (Complaint ¶ 72),” that failure, standing alone, would amount to conduct that was deceptive, but not abusive.

Aside from clarifying the scope of the CFPA’s abusive standard under Subsection 1031(2)(B), the CFPB’s finding that PayPal engaged in abusive acts or practices in allocating payments offers several important lessons. First, it reinforces that UDAAP extends beyond the letter of the law in two ways: (i) if a consumer account is structured in such a way that regulatory requirements do not apply (i.e. Regulation Z’s payment allocation rules for credit card accounts are inapplicable to PayPal Credit), UDAAP allows the CFPB to fill the gap; and (ii) the fact that regulatory requirements may have been met (i.e. if Regulation Z had applied, PayPal’s methodology for applying excess payments was technically compliant) affords limited defense if the CFPB finds that customers were treated improperly. Second, and most importantly, promises made to customers must be kept and, in the hopefully rare but inevitable instances where customers do not receive all they were led to expect, promises should never be capable of being viewed as having been flaunted.

Finally, the fact that the CFPB’s pursued formal enforcement action against PayPal demonstrates that the ability of the CFPB to enforce UDAAP under the CFPA broadly extends to almost any person engaged in the offering of consumer products and services, and not just to those entities that are supervised and examined by the CFPB.

How Bridgeforce Law Can Help

Bridgeforce Law can provide assistance with respect to both assessing the current state of your institution’s compliance with the CFPB and its ability to meet supervisory expectations for an effective compliance program—such as those outlined above.