When using artificial intelligence (AI) or complex credit models, can lenders rely on the checklist of reasons provided in Regulation B sample forms for adverse action notices? According to today’s guidance issued by the Consumer Financial Protection Bureau (CFPB or Bureau), the answer to that question is, in many circumstances, no.

As background, the Equal Credit Opportunity Act (ECOA) and Regulation B require that a creditor must provide an applicant with a statement of reasons for any adverse action taken on a credit application or existing account. Moreover, the statement of reasons must be “specific,” indicate the “principal reason(s) for the adverse action,” and must “relate to and accurately describe the factors actually considered or scored by a creditor.”

The CFPB provides sample adverse action forms in Appendix C to Regulation B. The forms include a checklist of common reasons for adverse actions, as well as an open-ended field for lenders to provide other reasons not listed. In the guidance released today, the CFPB emphasized that “[r]eliance on the checklist of reasons provided in the sample forms will satisfy a creditor’s adverse action notification requirements only if the reasons disclosed are specific and indicate the principal reason(s) for the adverse action taken.” The Bureau also underscored that creditors may not rely on overly broad or vague reasons to the extent that they obscure the specific and accurate reasons for adverse action relied upon by the creditor.

According to the CFPB, some lenders are using AI in their underwriting models. Sometimes these algorithms rely on data that is harvested from consumer “surveillance” or data not typically found in a consumer’s credit file or credit application. The CFPB believes that some of this data may not intuitively relate to the likelihood that a consumer will repay a loan. Thus, the guidance insists that the reason identified by the lender for the adverse action taken must be specific. “Creditors may not evade this requirement, even if the factors actually considered or scored by the creditor may be surprising to consumers, as may be the case when a creditor relies on complex algorithms that, for instance, consider data that are not typically found in a consumer’s credit file or credit application.”

An example of the kind of specificity the CFPB will expect includes when a creditor lowers the limit on a consumer’s credit line based on behavioral data, such as the type of establishment at which a consumer shops or the type of goods purchased, it would likely be insufficient for the creditor to simply state “purchasing history” or “disfavored business patronage” as the principal reason for the adverse action. Instead, the creditor would likely need to disclose the consumer’s purchasing history or patronage that led to the reduction, such as the type of establishment, the location of the business, or the type of goods purchased.

The CFPB makes clear in this guidance that adverse action notice requirements apply equally to all credit decisions, regardless of whether the technology used to make them involves complex or “black-box” algorithmic models, or other technology that creditors may not understand sufficiently to meet their legal obligations and that as data use and credit models continue to evolve, creditors have an obligation to ensure that these models comply with existing consumer protection laws.

Our Take:

Today’s guidance from the CFPB shows the same overt suspicion towards AI and machine learning that the CFPB has repeatedly shown in other contexts (see here and here). The CFPB is also expanding on its circular from last year, in which the CFPB stated that creditors are required to explain the specific reasons for taking adverse actions when using AI. But in reality, the guidance issued today has nothing to do with AI — it could apply any time a creditor uses alternative data that is not covered by the ECOA model form reasons in making a credit decision.

But beyond that, there is an enormous difference in specificity between the reasons on the CFPB’s model form and the commentary in today’s guidance. The model form uses fairly broad, generic descriptions of adverse action reasons, like “[d]elinquent past or present credit obligations with others” or “[u]nable to verify income.” The Bureau’s examples in today’s guidance seem to be much more specific than those in the model form, which seems to place alternative data on an unequal footing with traditional credit bureau data in terms of the level of specificity required in adverse action notices.

In reality, our suspicion is that this guidance is part of an overall push by the CFPB to require more specific reasons on adverse action notices than the industry has traditionally used, guided by the level of specificity in the Bureau’s own model adverse action forms. Creditors should be aware of this regulatory pressure when they make decisions on adverse action reasons — whether those reasons come from machine learning models or not.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Chris Capurso Chris Capurso

Chris focuses his practice on consumer financial services compliance, guiding clients through the many federal and state laws and regulations that impact consumer credit programs.

Photo of Taylor Gess Taylor Gess

Taylor focuses her practice on providing regulatory advice on matters related to federal and state consumer protection, consumer finance, and payments laws, including those that apply to payment cards, lines of credit, installment loans, electronic payments, online banking, buy-now-pay-later transactions, retail installment contracts…

Taylor focuses her practice on providing regulatory advice on matters related to federal and state consumer protection, consumer finance, and payments laws, including those that apply to payment cards, lines of credit, installment loans, electronic payments, online banking, buy-now-pay-later transactions, retail installment contracts, rental-purchase transactions, and small business loans.

Photo of Ethan G. Ostroff Ethan G. Ostroff

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and state laws.

Photo of Alan D. Wingfield Alan D. Wingfield

Alan Wingfield helps consumer-facing clients navigate compliance, litigation and regulatory risks posed by the complex web of state and federal consumer protection laws. He is a trusted advisor and tireless advocate, helping clients develop practical compliance and dispute-resolution strategies.

Photo of Josh McBeain Josh McBeain

Josh focuses his practice on federal and state consumer and business lending and payments laws, including those that apply to credit cards, installment loans, lines of credit, and point-of-sale finance.

Photo of Chris Willis Chris Willis

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending…

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending them in individual and class action lawsuits brought by consumers and enforcement actions brought by government agencies.

Photo of Lori Sommerfield Lori Sommerfield

With over two decades of consumer financial services experience in federal government, in-house, and private practice settings, and a specialty in fair lending regulatory compliance, Lori counsels clients in supervisory issues, examinations, investigations, and enforcement actions.

Photo of Kim Phan Kim Phan

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Photo of David N. Anthony David N. Anthony

David Anthony handles litigation against consumer financial services businesses and other highly regulated companies across the United States. He is a strategic thinker who balances his extensive litigation experience with practical business advice to solve companies’ hardest problems.