Office of Consumer Credit Commissioner

June 29, 2004

The Changing Currents of Compliance

Customer Service

The average business will hear nothing from 96 percent of unhappy customers who receive rude or discourteous treatment.

To make matters worse, each of those unhappy customers will tell his or her story to at least nine other people, and 13 percent of those unhappy former customers relate their stories to more than twenty people.

Additional research indicates that for every complaint received, the average company has twenty six customers with problems, six of which are “serious” problems.

Customer Service

Of the customers who register a complaint, between 54 percent and 70 percent will do business again with the organization if their complaint is resolved. That figure goes up to 95 percent if the customer feels that the complaint was resolved quickly.

Sixty eight percent of customers who quit doing business with an organization do so because of company indifference. It takes twelve positive incidents to make up for one negative incident in the eyes of customers.

Agency Customer Service Survey Randomly sampled 900 businesses and individuals Overall response rate low, but response from exam

selected recipients was 39% Over 90% of respondents agreed that examiner

requests for information are timely and reasonable Knowledge level of examiners increased

substantially from 2002 Over 70% feel that licensing staff is accessible and

provides appropriate communication

Agency Customer Service Survey Opportunities (requested by respondents)

More timely responses Easier access to agency staff More information in plain language

Self-directed improvements Automated resource enhancements Industry education efforts

Strategic Planning

Key data findings: 8,043 licensees 16% of licensees are small loan lenders 13% are payday lenders Restitution to consumers FY 2003 = $3,703,000 Administrative actions in FY 2003 = 118 Of consumer complaints, 9.8% are identified as

related to signature loans

Strategic Planning

Emerging Issues Predatory Lending Preemption Consumer Credit Counseling/Debt Management

Companies Payday Lending Financial Literacy Finance Code Revisions

High Cost Lending Study

Directed by Legislature Non-real estate loans Collected data sample (5 loans) during

examinations from February to April Attempting to collect data from 187 unlicensed

entities Report to be presented in August

Recent Examination Findings

Repossessions Failure to refund unearned interest upon repossession Failure to obtain a condition report indicating the

condition Failure to send a “Notice of Intended Disposition”

(a.k.a. 10-day letter) or obtain a waiver of the notice signed after default

Failure to send a proper “Notice of Intended Disposition”

Failure to dispose of the collateral in a commercially reasonable manner

Failure to provide the “Explanation of Surplus or Deficiency” when required

Recent Examination Findings

Non-obligor did not grant a security interest in the collateral

Privacy Notice does not have any or does not have the proper “complaints and inquiries notice”

Initial Privacy Notice not being provided to the borrowers

Promissory Note references a non-plain language security agreement

Recent Examination Findings

Failure to Return Paid-out originals Taking a security interest in FTC restricted items Failure to refund a portion of the acquisition

charge when the promissory note specifies that the acquisition charge is subject to being refunded

Failing to disclose the information sources used in the denial of a credit application

Failure to Credit Unearned Interest Upon Charge-Off of Loan

FTC Safeguards Rule

Requires financial institutions to develop a written information security plan describing the company’s program to protect consumer information.

In implementing safeguards, the rule requires the company include all areas of its operations, with particular attention paid to: Employee management and training Information systems Managing system failures

FTC Safeguards Rule: Employee Management and Training Ask every new employee to sign an agreement to

follow the organization’s confidentiality and security standards for handling customer information.

Train employees to take basic steps to maintain the security, confidentiality, and integrity of data such as: Locking rooms and file cabinets where paper records are kept Using password-activated screensavers Using strong passwords (> or = 8 characters) Changing passwords periodically Keeping passwords secure Referring calls or other requests for customer information to

designated individuals who have the proper safeguards training Recognizing any fraudulent attempt to obtain customer information

and reporting it to local law enforcement Limiting access to customer information to employees who have a

business reason for seeing it

FTC Safeguards Rule: Information Systems Store records in a secure area Do not store information on a machine with an internet

connections Maintain secure backup media Keep archived data secure (either off-line or in a

physically secure area) Dispose of customer information in a secure manner:

Shred documents Erase all data when disposing of computers or storage media Promptly dispose of outdated customer information

FTC Safeguards Rule: Managing System Failures Maintain up-to-date and appropriate programs and

controls by: Following a written contingency plan to address breaches Regularly obtain software patches to resolve vulnerabilities Use anti-virus software that updates automatically

Back up information, protecting the data in the event of a failure.

Promptly notify customers if their nonpublic personal information is subject to loss, damage, or unauthorized access.

Other Compliance Issues

Bilingual disclosure