CFPB Issues Consent Order Against Fintech for Enabling Merchants to Secure Loans for Consumers Without Their Authorization

On July 12, 2021, the Consumer Financial Protection Bureau (CFPB) issued a consent order (the Consent Order) against a Fintech company that facilitates home improvement loans (the Fintech).  The CFPB claims that the Fintech enabled “contractors and other merchants to take out loans on behalf of thousands of consumers who did not request or authorize them.”  The Consent Order would require the Fintech to (i) provide up to $9 million in cash refunds and loan cancellations, (ii) pay a civil penalty of $2.5 million to the CFPB, and (iii) prevent future illegal practices and implement more stringent consumer protection standards moving forward.

The Fintech engages in origination and servicing activities on behalf of banks, and uses merchants to market and intake loan applications from consumers at the point of sale.  Most merchants provide home improvement products and services, health care services, or retail products.  The Fintech trains these merchants to promote and submit loan applications to the Fintech.

Specifically, the Fintech allows most merchants to submit consumer loan applications online using the Fintech’s website or mobile application, or over the phone under certain circumstances.  After the Fintech receives an application, it makes an “on-the-spot financing decision by comparing a consumer’s application data with the lending criteria” of the Fintech’s partner banks.  When a consumer or merchant submits a loan application through the Fintech’s website or mobile application, the approved loan terms are displayed on the computer or tablet at the conclusion of the application process.  However, if a merchant submits an application on behalf of a consumer, the consumer can view the approved loan terms only if the merchant shares its screen with the consumer.  Until at least April 2019, the Fintech mailed or email loan documentation to consumers after determining that a consumer qualified for a loan, but did not require consumers to sign and return loan documentation to consummate the loan.

The CFPB further claims that the Fintech issues consumers a “shopping pass” number, which functions like a credit card, and treats use of a shopping pass as acceptance of the loan.  The Fintech does not disburse loan proceeds to the consumer; instead, a consumer provides his or her shopping pass number to a merchant to pay for a product or service.  The merchant then uses the shopping pass number to apply for payment from the Fintech, and the Fintech disburses loan proceeds directly to the merchant.

The CFPB found that the Fintech engaged in a number of unfair practices against their customers in violation of the Consumer Financial Protection Act of 2010 (CFPA).  The CFPB claims that some merchants submitted loan applications to the Fintech without consumers’ consent.  The Fintech then, according to the CFPB, performed origination and servicing activities with regard to those loans and, in some instances, disbursed loan proceeds directly to the merchant without consumers’ knowledge or consent.  Some consumers complained that they never applied for a loan or heard of the Fintech before receiving billing statements from the Fintech.  The CFPB also claims that the Fintech failed to create and implement appropriate controls during the loan application approval and funding processes, failed to adequately train and oversee participating merchants and neglected to effectively manage consumer complaints.

The Consent Order makes clear that point-of-sale financing programs must carefully monitor and control participating merchants to prevent the issuance of fraudulent loans.