CFPB Enters into Consent Order with Fintech Company

The CFPB has made it abundantly clear that it expects fintech companies to abide by the same rules as traditional brick and mortar lenders.  The Bureau’s consent order with San Francisco online lender Flurish, Inc. highlights the need for startups to effectively vet their products prior to launch to ensure compliance with the consumer protection regulatory scheme. Flurish, Inc., which does business as LendUp, is required to pay $1.82 million in retribution to affected consumers and a $1.8 million civil monetary penalty to the CFPB. 

LendUp held itself out as providing online single payments loans and installment loans and touted its “step up” system as allowing consumers to build up credit and improve credit scores.  The Consent Order highlights violations of multiple consumer protection laws, including the Truth in Lending Act and Fair Credit Reporting Act.  According to the Order,

·        LendUp’s loan-program marketing was misleading.  LendUp marketed its loan programs with claims they would build a consumer’s credit and credit scores by allowing consumers to move up the “LendUp Ladder” by taking out additional loans with more favorable terms.  Although advertised nationally, the two top level tiers of LendUp’s loans, however, were not available except in California.  Moreover, LendUp did not furnish any information to the credit reporting agencies to improve consumer’s credit scores until at least February 2014.

·        LendUp also ran amuck of the Truth in Lending Act in a number of ways:

o   LendUp allowed consumers applying for its lowest tier single payment loans the option to choose a loan maturity date as late as the consumer’s state allowed or an earlier date.  Where the earlier date was selected, the consumer was provided a discount on the origination fee.  If the consumer later extended the repayment fee, the discount was reversed.  According to the Consent Order, LendUp failed to disclose the potential for reversal to the consumer at the time they signed their loan agreement.

o   LendUp also violated the Truth in Lending Act by understating the APR.  According to the Order, LendUp failed to incorporate into its APR the portion of expedited funding fees which were retained by LendUp.  LendUp also used a faulty APR calculation tool for a period of time and did not have adequate testing provisions in place to identify the issue.

·        LendUp also ran afoul of the Fair Credit Reporting Act and Regulation V’s requirement that it have in place written policies and procedures about the accuracy and integrity of the information it furnished to credit reporting agencies. LendUp did not have any such policies and procedures in place until April 2015.

Lessons to be Learned.

·        The Order supports earlier statements by the CFPB that it holds fintech companies to the same standards as other lenders.

·        The CFPB continues to rely upon the Unfair and Deceptive Provisions on the Consumer Financial Protection Act to enforce through consent orders where other statutory authority does not exist.

·        Fintech startups should be reminded that it is essential they review consumer financial service products carefully with a lawyer well versed in the regulatory scheme before they rollout new products to ensure compliance.

·        Marketing is subject to the same scrutiny as the product itself.