Notice of final policy statement.
The Bureau of Consumer Financial Protection (the “Bureau”) is issuing a final policy statement (the “Policy Statement”) to provide guidance on how the Bureau plans to exercise its discretion to publicly disclose certain credit card complaint data that do not include personally identifiable information. The Bureau receives credit card complaints from consumers under the terms of Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). The Policy Statement also identifies additional ways that the Bureau may disclose credit card complaint data but as to which it will conduct further study before finalizing its position.
This Policy Statement is effective on June 19, 2012.
FOR FURTHER INFORMATION CONTACT:
Scott Pluta, Office of Consumer Response, Bureau of Consumer Financial Protection, at (202) 435-7306; or Will Wade-Gery, Division of Research, Markets and Regulations, Consumer Financial Protection Bureau, at (202) 435-7700.
A. Final Policy Statement
Under the final Policy Statement, the Bureau plans to disclose data associated with credit card complaints in two ways. These disclosures are intended to help provide consumers with “timely and understandable information to make responsible decisions about financial transactions” and to enhance the credit card market's ability to “operate transparently and efficiently.” 
First, the Bureau plans to issue its own periodic reports about complaint data. The Bureau has already issued three such reports.
Second, the Bureau plans to provide public access to an electronic database containing certain fields for each unique 
As discussed further below, the Bureau has adjusted its plans to include certain fields in the public database in response to comments on the proposed Policy Statement published by the Bureau on December 8, 2011. The public database will initially include data from credit card complaints submitted on or after June 1, 2012.
B. Concurrent Notice
Concurrent with the publication of this Policy Statement, the Bureau is publishing a notice in the Federal Register seeking comment on a proposed extension of the disclosure system described in the Policy Statement to complaints about consumer financial products other than credit cards (the “Concurrent Notice”). In addition to credit cards, the Bureau's complaint-handling system (the “Complaint System”) now encompasses mortgages, bank products such as checking and savings accounts, and certain other consumer loans. The Bureau anticipates that the Complaint System will accept complaints about all consumer financial products and services within the Bureau's jurisdiction by the end of 2012. Comments in response to the Concurrent Notice are due by July 19, 2012.
A. Complaint System
In the proposed Policy Statement, the Bureau generally described how the Office of Consumer Response (“Consumer Response”) accepts and processes credit card complaints. The Bureau has since revised the Complaint System in a number of respects, in part as a result of the comments received on the proposed Policy Statement. For example, the Bureau has adjusted the permissible entries for the “issuer response category” field, as summarized in part III.D.5.
B. Overview of Public Comments
The Bureau received seventeen sets of comments in response to the proposed Policy Statement. In some cases, several organizations submitted a single comment letter. Eleven industry groups submitted a total of nine comment letters. One credit union also commented. One financial reform organization, Americans for Financial Reform (“AFR”), submitted a single set of comments on behalf of twenty-one consumer, civil rights, privacy, and open government groups. Two privacy groups that joined that set of comments also submitted their own comments, as did one open government group, which submitted 840 substantially identical comment letters from consumers.
There was one additional consumer submission. Finally, one member of Congress commented on the proposed Policy Statement.
Almost all comments concerned the public database component of the proposed Policy Statement. Industry commenters generally opposed the public database. Although they endorsed the intended goals of the public database, many industry commenters asserted that the database would confuse consumers and unfairly damage the reputation of credit card issuers. The disclosure of issuer names in the public database was a particular focus of these comments. Some industry commenters further asserted that the Bureau lacks legal authority to disclose individual-level complaint data.
Consumer groups and consumers also endorsed the goals underlying the public database proposal. The AFR submission supported the public database, and urged the Bureau to include all narrative fields, subject to certain privacy protections. The two privacy groups that joined the AFR submission also offered their own written comments advising the Bureau to be mindful of the privacy risks associated with broader disclosure.
Many submissions included comments directed to the Bureau's process for handling credit card complaints. To the extent that these comments also relate to the Policy Statement, the Bureau addresses them below. To the extent that they relate only to the Complaint System and not to any associated impact on disclosure, the Bureau does not address them in this final Policy Statement.
In response to such feedback, however, Consumer Response has and will continue to refine and improve its Complaint System over time.
III. Summary of Comments Received, Bureau Response, and Resulting Policy Statement Changes
This section provides a summary of the comments received by subject matter. It also summarizes the Bureau's assessment of the comments by subject matter and, where applicable, describes the resulting changes that the Bureau is making in the final Policy Statement. All such changes concern the public database. There are no changes to the proposed policy for the Bureau to issue its own complaint data reports.
A. The Policy Statement Process
One trade association commented that the Bureau should engage in a public rulemaking under the Administrative Procedures Act to provide the public with an opportunity to comment on all aspects of the initiative. One issue that the rulemaking should address, according to this commenter, is the link between the availability of complaint information and informed consumer decision-making.
The Bureau is committed to transparency and to robust engagement with the public regarding its actions. Although not required by law, the Bureau solicited and received public comment on the proposed Policy Statement. The Bureau received substantial public feedback expressing a range of viewpoints, and it has carefully considered the comments received, as described in detail below. As stated in the final Policy Statement, the Bureau plans to study the effectiveness of its policy on an ongoing basis, and plans to continue to engage with the public, including regulated entities, as it assesses the efficacy of its complaint disclosure policy.
B. Legal Authority for Public Database
Several trade associations commented that the Dodd-Frank Act does not authorize the Bureau to create the proposed public consumer complaint. The associations make two arguments.
First, they contend that the Dodd-Frank Act expressly delineates the circumstances and manner in which the Bureau may collect, resolve, and share consumer complaints with others. The public database is not included. By negative inference, therefore, they argue that the Dodd-Frank Act does not authorize the database.
Section 1013(b)(3) of the Dodd-Frank Act requires the Director of the Bureau to establish a unit to collect, monitor, and respond to consumer complaints regarding consumer financial products and services.
This provision requires the Bureau to present an annual report to Congress that includes information and analysis of complaint numbers, types, and resolutions, and it authorizes the Bureau to share consumer complaint information with prudential regulators, the Federal Trade Commission, and other Federal and State agencies, subject to certain confidentially and data protection standards. According to the associations, by delineating entities with which the Bureau may share consumer complaint information,
Congress meant such entities to be the exclusive recipients of such information.
Furthermore, the associations argue, by specifying that the Bureau may share such information only to the extent that these specific recipients agree to protect the confidentiality of the information shared, Congress manifested its intention that this information should otherwise remain confidential.
The associations also argue that Section 1034 of the Dodd-Frank Act, which requires the Bureau to establish “reasonable procedures to provide a timely response to consumers * * * to complaints against, or inquiries concerning, a covered person,” does not authorize the creation or publication of a public consumer complaint database that, instead of aiding complainants, enables data mining and market research.
The associations also contend that, by directing the Bureau in Section 1034(d) to enter into agreements with other affected federal agencies to facilitate the joint resolution of complaints, Congress intended for the Bureau to handle consumer complaints in accordance with the procedures of these other agencies, which publish only aggregated complaint data.
Second, the associations argue that the Dodd-Frank Act's restrictions on publishing confidential information block the implementation of the proposed public database. They contend that Section 1022(c), which authorizes the Bureau to “monitor for risks to consumers in the offering or provision of consumer financial protects or services, including developments in markets for such products or services,” 
and to “make public such information * * * as is in the public interest,” only permits the Bureau to make the resulting information public through aggregate reporting “designed to protect confidential information.” 
By using non-aggregated formats, the associations contend, the proposed database risks compromising the confidentiality of individual complaint information.
One commenter also argues that Section 1022(c)(4) prohibits the Bureau from collecting or sharing information like zip codes or the identities of card issuers. Although Section 1022(c)(4)(A) authorizes the Bureau to “gather information from time to time regarding the organization, business conduct, markets, and activities of covered persons and service providers,” Section 1022(c)(4)(C) prohibits the Bureau from using this authority to “obtain records from covered persons and service providers participating in consumer financial services markets for purposes of gathering or analyzing the personally identifiable financial information of consumers.” 
The commenter asserts that zip codes and card issuer names constitute personally identifiable information that the Bureau may not collect or share. The same commenter cites Section 1022(c)(8), which requires the Bureau, in “collecting information from any person, publicly releasing information held by the Bureau, or requiring covered persons to publicly report information,” to “take steps to ensure that proprietary, personal, or confidential consumer information that is protected from public disclosure under Section 552(b) or 552a of title 5, United States Code, or any other provision of law, is not made public under this title.” 
The commenter asserts that this provision requires the Bureau to keep consumer complaint information confidential to the extent that any law, including but not limited to the Freedom of Information Act (“FOIA”) or the Privacy Act, requires such confidentiality. The commenter argues that credit card issuer narratives and complaint rates by zip codes constitute trade secrets of credit card issuers that the Trade Secrets Act, 18 U.S.C. 1905, prohibits the Bureau from disclosing.
The Bureau disagrees with these arguments. First, the Dodd-Frank Act expressly authorizes the disclosure addressed in the Policy Statement, which cannot, therefore, be barred by negative inference. Second, there are no applicable confidentiality restrictions that apply to the data that will be disclosed in the public database.
Section 1022 of the Dodd-Frank Act permits the Bureau, in support of its rulemaking “and other functions,” to monitor and assess risks to consumers in the offering or provision of consumer financial products or services.
In monitoring and assessing such risks, this provision authorizes the Bureau to gather information regarding the “business conduct” of covered persons and service providers.
The provision expressly states that “consumer complaints” are among the types of information that the Bureau may gather for this purpose.
Not only does section 1022 permit the Bureau to gather or compile consumer complaint information, it also contemplates that the Bureau may disclose such information to the public under certain circumstances. Section 1022(c)(3)(B) states that the Bureau “may make public such information obtained by the Bureau under this section as is in the public interest, through aggregated reports or other appropriate formats designed to protect confidential information * * *” 
Although commenters focus on the fact that this subparagraph permits the Bureau to disclose consumer complaint information in aggregated reports, they ignore the fact that the subparagraph also permits the Bureau to disclose such information in a non-aggregated format as long as it protects the confidentiality of certain information in accordance with the other provisions of Section 1022(c).
Nothing in Section 1013(b)(3) suggests that Congress, in describing one database containing consumer complaint information and the manner in which its contents are to be reported to Congress or shared with other Federal or State agencies, sought to limit the Bureau's authority to disclose information to the public. Likewise, there is no reason to interpret Section 1034, which requires the Bureau to establish procedures to provide a timely “response” to consumers to their complaints, to mean that the Bureau may only disclose consumer complaint information publicly to complainants, and even then, only to the extent necessary to “respond” to their complaints.
The Bureau also disagrees that subpart D of the Bureau's Interim Final Rules on the Disclosure of Records and Information,
which the Bureau promulgated pursuant to section 1022(c)(6), precludes the Bureau from disclosing publicly any information contained within a consumer complaint database. Commenters are correct to point out that subpart D generally restricts the authority of the Bureau to publicly disclose “confidential information,” including “confidential consumer complaint information.” 
However, such disclosure restrictions only apply to the extent that consumer complaint information is confidential in nature. The Bureau's regulations define “confidential consumer complaint information” to mean “information received or generated by the [Bureau], pursuant to [sections 1013 and 1034 of the Dodd-Frank Act], that comprises or documents consumer complaints or inquiries concerning financial institutions or consumer financial products and services and responses thereto, to the extent that such information is exempt from disclosure pursuant to 5 U.S.C. 552(b) [the FOIA].” 
Because the information to be disclosed in the public database is not exempt from disclosure under the FOIA, as discussed in more detail in part III.D.1.a below, such information does not constitute “confidential consumer complaint information.” As a result, there is no applicable rule that precludes the Bureau from making such information available to the public.
C. The Impact of the Public Database on Consumers
Consumer groups, privacy groups, and consumers commented that the public database would help consumers make more informed decisions and avoid “bad actors.” They also noted that consumers can draw their own conclusions from the public database. Several noted that data do not need to be fully verified or random to be of some use to outside parties. For example, the data might alert outside researchers and consumers to potentially harmful trends.
Industry commenters, by contrast, asserted that the public database would mislead consumers because its contents would be unverified, unrepresentative, lacking in context, and open to manipulation. Each of these general assertions is addressed below. Section D addresses industry comments that disclosure of particular data fields—issuer name, zip code, credit card complaint type, and discrimination fields—would be especially inappropriate or misleading.
Several trade associations commented that the Bureau should not disclose unverified data. Some argued that the Bureau should exclude complaints lacking factual foundation or legal merit. Others stated that consumer complaints were primarily statements of opinion, and not subject to objective verification. Several also argued that complaints resolved without any showing of company fault should be excluded as lacking foundation. One trade association stated that releasing unverified complaint data deprives issuers of due process. Privacy and consumer groups commented that the lack of verification presented only minimal risks to issuers because there are controls to ensure that complaints must come from actual cardholders, and issuers are given adequate time to dispute their identification.
The Bureau agrees with industry commenters that its complaint process does not provide for across the board verification of claims made in complaints. However, as it has previously indicated, the Bureau plans to specifically disclaim the accuracy of complaints when the data are made available to consumers. Outside of its own affirmative data reporting, the Bureau will allow the marketplace of ideas to determine what the data show.
While the Bureau does not validate the factual allegations of complaints, it does maintain significant controls to authenticate complaints. Issuer names are verified using card numbers and by other procedures. Each complaint is checked to ensure that it is submitted by the identified consumer or from his or her specifically authorized representative. Each submission is also reviewed to determine if it is a complaint, an inquiry, or feedback about the Bureau. Submissions in the latter two categories are not forwarded to the identified company for handling as complaints. Further, each complaint is checked to prevent duplicate submissions by a consumer who has already filed with the Bureau a complaint on the same issue. Complaints are only forwarded to companies when they contain all the required fields, including the complaint narrative, the consumer's narrative statement of his or her fair resolution, the consumer's contact information, and the name of a card issuer within the scope of Section 1025 of the Dodd-Frank Act.
Several trade associations commented that it is inappropriate for the Bureau to publish data that is not randomly sourced. Non-random complaints, they contend, cannot provide consumers with useful information. One trade association commented that academics and researchers would not use such unreliable data.
The Bureau will inform consumers and any other public database users that the data reflect only the credit card complaints that consumers submit to the Bureau. Even though similar limitations apply to other public complaint databases, however, experience shows that outside parties have, in fact, made reasonable use of non-random complaint databases disclosed by other agencies. The trade associations did not offer any examples of misuse of currently available non-random data sets or challenge the utility of the examples cited by the Bureau. In addition to those examples, the Bureau notes that two outside companies have recently repackaged for consumer use drug and medical device data mined from the AERS and MAUDE public complaint databases maintained by the Food and Drug Administration.
The trade associations also fail to acknowledge that consumers currently make credit card choices with little or no knowledge of consumer complaints. It is true that more robust data sets might, in theory, be assembled. Consumers would be better informed if the public database included complaint data from issuers' internal processes or even surveys of complainants and non-complainants. But that does not mean that less complete data sets worsen the status quo. So long as consumers are aware of the limitations of the data, there is little or no reason to believe that complaint data should make the market less informed and transparent.
Industry comments on representativeness also recognized that the Bureau is expressly authorized to use complaint data to set priorities in its supervision process. Some industry comments also recognized that the data could play a role with respect to other statutory obligations, such as fair lending enforcement or market monitoring. If complaint data can provide the Bureau with meaningful information, then logically they may also prove useful to consumers and other reviewers. If the data lacked such potential, Congress would not have pointed to public complaints as a basis to set important Bureau priorities.
Furthermore, credit card issuers have told Consumer Response on numerous occasions that they learn valuable information from consumer complaints. If the data inform issuers, they have the potential to inform consumers as well.
Several trade associations commented that Bureau disclaimers about the lack of verification or representativeness will not effectively warn consumers about the limitations of the public database. The associations expressed concern that consumers and the media will inevitably see or portray the information as being endorsed by the Bureau, notwithstanding the Bureau's disclaimers. In addition, one trade group commented that the marketplace of ideas cannot prevent consumers from being misled by the public database. Another commented that the database fails to distinguish complaints of major and minor significance and that without that context, the data are open to misinterpretation.
The Bureau acknowledges the possibility that some consumers may draw (or be led to) erroneous conclusions from the data. That is true, however, for any market data. In addition, the Bureau's two-part disclosure policy—first, its own affirmative reports of data findings that it believes may inform consumers, and second, a public database that researchers and others can mine for possible data trends—is intended to minimize any consumer confusion about the scope of the Bureau's own conclusions with respect to the complaint data. The Bureau is open, however, to further suggestions from trade associations, issuers, and other concerned stakeholders on how best to provide additional context for the public database.
Several trade associations commented that third parties like debt negotiation companies could use complaint filing as a strategic tool to aid their clients. One trade association commented that outside parties may artificially inflate complaint counts for litigation purposes. Several trade associations claimed that one outside party has filed numerous fraud complaints about a single merchant, allegedly for improper purposes.
The Complaint System has a number of protections against manipulation. For one, the burden of submitting a complaint is not negligible. Consumers must affirm that the information is true to the best of their knowledge and belief. The consumer is asked for a verifiable account number. If none is provided and the consumer is unable to produce verifiable documentation of the account (such as a statement), the complaint is not pursued further. As described further at part III.D.1.b below, when an issuer offers a reasonable basis to challenge its identification, the Bureau does not plan to post the relevant complaint to the public database unless and until the correct issuer is identified. Furthermore, duplicate complaints from the same consumer are consolidated into a single complaint.
The Bureau maintains additional controls after complaints are submitted and issuers are able to alert the Bureau to any suspected manipulation. If issuers find this combined package of controls insufficient in practice, the Bureau will consider suggestions for addressing any problems identified, including enabling an issuer to flag in the public database any complaint entry that the issuer reasonably believes is not submitted in good faith by or on behalf of an individual consumer.
D. The Impact of Specific Public Database Fields on Consumers and Credit Card Issuers
1. Issuer Names
a. Legal Authority
Several trade associations commented that the Bureau lacks authority to include issuer names in the public database or its own data reporting. The associations argue that the disclosure of this information is prohibited by Section 1022(c)(8), which requires the Bureau to take steps to protect from public disclosure confidential proprietary information that is exempt from disclosure under the FOIA. Specifically, they argue that the names of issuers are properly subject to Exemption 4 of the FOIA, which permits agencies to withhold trade secrets or confidential commercial information that businesses provide to it, and that the Bureau must, therefore, withhold from publication the names of credit card issuers cited in complaints. Courts generally hold that Exemption 4 applies when the submission of confidential commercial information is required of a business and the disclosure of such information would result in competitive harm to the business or would impair the ability of an agency to obtain similar information in the future. The associations argue that both of these prongs—competitive harm and impairment—are satisfied with respect to the disclosure of credit card issuer names. They argue that the disclosure of issuer names would make issuers reluctant to respond (and/or reticent in responding) to consumer complaints and would cause competitive harm if the disclosed complaints unfairly or misleadingly identify them as bad actors.
The Bureau does not agree that issuer names are subject to Exemption 4. As a threshold matter, Exemption 4 does not protect the names of credit card issuers because such information does not constitute “confidential” commercial information. The identities of the credit card issuers who do business with consumers are not typically secrets kept by the credit card issuers. By and large, consumers know this information and report it to the Bureau in their complaints. Even to the extent that the true names of credit card issues are not known to consumers when they file their complaints, this information typically becomes known to consumers as part of the complaint investigation and resolution process. Information which is in the public domain is not “confidential” and is therefore not subject to Exemption 4.
Further, even if one assumed that the names of credit card issuers constitute “confidential” commercial information, this information still does not qualify for protection under Exemption 4. To qualify for such protection, information must be likely either: “(1) To impair the Government's ability to obtain necessary information in the future; or (2) to cause substantial harm to the competitive position of the person from whom the information was obtained.”
The Bureau concludes that the information at issue does not satisfy either prong of this test.
First, the proposed disclosure of credit card issuer names is unlikely to impair the Bureau's ability to obtain similar information in the future. As noted above, it is usually consumers who provide the Bureau with the names of credit card issuers to which their complaints pertain. The decision by consumers to submit complaints against particular credit card issuers is not likely to be affected by the Bureau's policy of disclosing the names of the issuers to which complaints apply. The Bureau also finds unavailing arguments that its proposed policy of disclosing issuer names would make issuers reluctant to participate further in the resolution of consumer complaints. Section 1034 of the Dodd-Frank Act requires issuers to respond to consumer complaints. Courts generally agree that the disclosure of information will not impede an agency's efforts to obtain such information in the future when the information is provided pursuant to statutory obligation.
Second, the Bureau disagrees with commenters that the proposed policy of disclosing credit card issuer names is likely to cause credit card issuers substantial competitive harm. It is conceivable that consumer complaints could contain false or misleading allegations against a particular credit card issuer and that publication of the names of credit card issuers associated with such complaints could expose those issuers to unwarranted public criticism, reputational harm, and perhaps even a loss of existing or prospective customers. However, such harms can be mitigated through the use of disclaimers that warn consumers that the public database contains data reflecting unverified complaints that consumers submit to the Bureau. Even to the extent that such disclaimers are not sufficient to mitigate these harms, courts are clear that Exemption 4 is designed to protect against harms that flow from competitors' use of the released information, not from any use made by the public at large or by customers.
Thus, even the prospect of unwarranted public criticism and harassment,
or distortions of the disclosed information,
are not grounds for application of Exemption 4. Moreover, any harm that arises from publishing the names of credit card issuers is one that all issuers in the industry share. Harms shared among competitors do not constitute competitive harms for purposes of Exemption 4.
The associations also argue that FOIA Exemption 8 requires the Bureau to protect the names of issuers from disclosure. Exemption 8 authorizes Federal financial regulators to protect information relating to the examination of financial institutions. The associations contend that consumer complaints constitute confidential supervisory information and that the disclosure of these complaints would threaten the regulatory relationship between financial institutions and the Bureau.
The Bureau disagrees. As noted, Exemption 8 protects information that is “contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions.” 
The scope of this exemption is broad in that it applies not only to financial institution examination, operating, or condition reports, but also to all manner of information that relates, even indirectly, to the supervision process. Notwithstanding the breadth of Exemption 8, it typically applies only to information that supervisory agencies either generate themselves or receive from regulated financial institutions or from other supervisory agencies. Exemption 8 does not typically apply to information, like credit card issuer names, that consumers supply to supervisory agencies outside of the supervisory context, except to the extent that the agencies later utilize such information for supervisory purposes.
Commenters argue otherwise by citing a 1991 FOIA request response letter that the Office of the Comptroller of the Currency (“OCC”) sent to a FOIA requester.
In the letter, the OCC applies Exemption 8 to deny a request for the names of banks associated with consumer complaints received by the OCC. As its primary authority for its decision, the OCC cites an unpublished 1988 district court opinion in Consumers Union v. Office of the Comptroller of the Currency.
In that case, the court applied the following rationale to protect the identities of banks named in consumer complaints:
Irrespective of the fact that consumers provided the information to defendant and that disclosure of the identities of the banks against which complaints were made probably would not undermine public confidence, the portion of the computer printout to which plaintiff seeks access falls under exemption 8 because this information is directly derived from and `contained in * * * examination reports * * * prepared by, * * * or for the use of' defendant. The uncontroverted evidence shows that the bank charter numbers in the computer printout are contained in examination reports that fall within the meaning of Exemption 8 because the bank charter numbers are matters contained in larger reports, reflecting all consumer complaints against banks, which defendant forwards to its District offices. These larger reports are `examination reports' within the meaning of Exemption 8 because they analyze and summarize information concerning consumer complaints.
Unlike the complaint information at issue in Consumers Union, however, the information at issue here is not part of an examination report. Also, it is not presented within the context of a Bureau investigation of issuer conduct. Rather, the complaints exist in raw form as part of a database intended for public use and study. Accordingly, the Bureau does not believe that Consumers Union is analogous.
b. Other Comments on Issuer Name Disclosure
Consumer groups commented that the disclosure of issuer names represents a significant aspect of the Bureau's policy. They noted that other complaint databases that disclose the identity of specific companies—like NHTSA—have created pressure on companies to improve whatever metrics are measured by the public database. As a result, these groups expect the Bureau's public database to cause issuers to compete more effectively on customer service and product quality. Together with privacy and open government groups, consumer groups commented that outside groups can use the issuer data to help consumers make more informed decisions about credit card use, a factor also cited by the numerous consumers who submitted comments through the open government organization, OMB Watch.
Industry groups disputed that disclosing issuer names serves these or any policy purposes. They commented that this form of disclosure would unfairly damage issuers' reputation and competitive position. One trade association indicated that the inclusion of issuer names could implicate safety and soundness concerns, particularly in light of viral media. Another commented that disclosing issuer names would serve only as “fodder for plaintiffs' lawyers.” One noted that the public database would not take account of the size and nature of the credit card business at different financial services providers, which would cause consumer confusion. Another suggested that debt sellers would attract fewer complaints than issuers that collected their own debts.
Trade groups agreed that if issuer names were included, they should be verified. Several noted that consumers would be particularly likely to name the merchant or other partner in connection with private label or co-brand cards, and not the actual issuer. Some noted that card numbers would not be sufficient for verification because the system will accept complaints without a number, and some complaints—like declined application complaints—will arise even when there is no card number. Several trade associations argued that some complaints are really merchant disputes and that the issuer should not be named at all.
The Bureau believes that these industry comments fail to acknowledge the system controls that are in place to verify that a complaint is from a cardholder and that the issuer is properly identified. No issuer will be associated with a complaint if it offers a reasonable basis to dispute a commercial relationship with the consumer. Currently, the Complaint System provides issuers 15 days to contest issuer identity, which experience has shown to be sufficient. As noted earlier, there are also system controls to avoid double-counting duplicate complaints from the same consumer.
For many complaints, credit card account numbers provide a reliable method to verify the identity of the issuer. The Bureau agrees that some complaints may identify the issuer as the merchant or other partner associated with a co-brand or private label card. In such cases, the account number provided will not match to the name provided. As a result, the Bureau confirms the account number with the consumer, then substitutes the name of the correct issuer. The merchant or other partner is not named. The Bureau also recognizes that there are cases in which no credit card number is available to the consumer, such as declined application complaints. In these cases, the Bureau works directly with the consumer to identify the correct issuer from issuer correspondence. If the correct issuer cannot be identified in this manner, the case will be closed and no data added to the public database.
The Bureau acknowledges, as it did in connection with the proposed Policy Statement, that there are significantly varying views among stakeholders about whether this kind of data is useful to consumers. However, the Bureau continues to believe that this disclosure may allow researchers to inform consumers about potentially significant trends and patterns in the data. In addition, given that companies have made competitive use of other public databases, the Bureau anticipates that disclosure has the potential to sharpen competition over product quality and customer service.
Furthermore, as several trade associations conceded and as previously noted above, Congress itself recognized that the Bureau may properly use consumer complaint data to set supervision, enforcement, and market monitoring priorities.
If the Bureau is able to use complaint data in this way, there is good reason to allow consumers and outside researchers to weigh the importance of complaint data in their own research, analysis, and decision-making. Outside review of this kind will also help ensure that the Bureau remains accountable for tackling the complaints that it receives.
Finally, the Bureau notes the general acceptance by consumer and industry groups that normalization can improve data utility. Thus, although trade associations uniformly opposed the release of issuer names in the public database, many recognized the importance of normalizing the data that the Bureau decides to release. Only a minority of trade groups suggested that normalization was not workable and urged that issuer names not be disclosed for this reason as well. One association suggested that normalization cover open accounts, closed accounts with a balance, accounts without a balance that closed within the last year, and prospective accounts declined within the last year. Consumer groups also recognized the importance of normalizing data, but none offered any indication of the appropriate metrics for market share. The Bureau agrees with industry commenters that, if possible, normalization should make some account for closed accounts with a balance and declined applications because these may generate complaints. The Bureau intends to work further with commenters on specific normalization proposals, and welcomes further operational suggestions on the point.
2. Zip Codes
Consumer groups commented that the Bureau should add additional location fields, such as city and census tract. Several trade associations, however, commented that zip code disclosure created risks to privacy because zip codes can be combined with other data to identify consumers, particularly in sparsely-populated rural zip codes. Trade associations also commented that zip code data may be misunderstood to imply discriminatory conduct, leading to unfounded allegations of discrimination.
The Bureau is mindful of the privacy implications of zip code disclosure. As a result, it will limit zip code disclosures to 5 digits, even if a consumer provides the full 9-digit zip code. Furthermore, as it analyzes narrative disclosure, the Bureau will account for zip code disclosures in assessing privacy risks. The Bureau will also analyze whether there are ways to disclose more granular location fields without creating privacy risks, as suggested by some commenters.
The Bureau may, as one trade group noted, investigate zip code data for indications of “improper trends.” The Bureau believes that consumers and outside researchers should have the same opportunity.
Several trade associations warned against disclosure of any data that consumers submit in the discrimination field of the complaint form. These groups commented that in light of the seriousness of such allegations, the Bureau should not disclose this field unless and until it has investigated the allegations and determined that they have factual support. In support of their position, these commenters note that some consumers who check the discrimination field on the intake form fail to include any allegations of discrimination in the narrative field.
The Bureau is continuing to refine its methods for identifying discrimination allegations from consumers that submit complaints. Accordingly, the Bureau does not plan to disclose discrimination field data in the public database at this time. In the interim, the Bureau will continue to study the conditions, if any, necessary for the appropriate disclosure of such information at the individual complaint level. The Bureau may also report discrimination data at aggregated levels in its own periodic complaint data reports.
4. Type of Credit Card Issue
Trade and consumer groups agreed that the Bureau could improve this data field in several respects. First, a consumer should be able to select several issues for a given complaint. Second, the issue categories should be better explained and differentiated. One trade association also commented that the Bureau should not rely on consumers for this data point.
The Bureau agrees that a consumer should be able to “tag” a complaint as implicating more than one issue. It is working to develop the required functionality. In addition, the Bureau is weighing possible improvements to the issue categories and is considering the extent to which Bureau staff should “tag” complaints as raising certain issues. The Bureau welcomes further input from stakeholders on how to improve the issue categories.
5. Issuer Disposition
Consumer groups commented on the need to include data about the issuer's response, the consumer's assessment of that response, and the timing of each of those steps, so that a user of the public database would know how fast complaints are handled and how often an issuer response is disputed. Consumer groups also urged the addition of more resolution-related data categories, such as categories that would explain why a complaint remains unresolved.
Several trade associations commented that the “Closed without relief” issuer response category was not meaningful and should be revised. These groups claimed that the category suggests an inappropriate response even though certain complaints are appropriately closed without any form of relief, such as meritless complaints or complaints that have already been appropriately handled by means of the issuer's internal complaints process. In addition, there will be complaints appropriately closed with non-monetary relief, which, under the Bureau's current system, do not meet the monetary criteria for “Closed with relief.” As a result, trade groups expressed concern that resolution rates would be undercounted. On that basis, some trade groups asked the Bureau to restore its prior resolution-related categories: full, partial, and no resolution. Others urged that the Bureau subdivide the “Closed with relief” category into monetary and non-monetary relief subcategories.
In light of these comments, the Bureau has made several changes to the Complaint Systems' issuer response categories.
First, where an issuer provides relief to the consumer, the issuer may categorize the complaint as either “Closed with monetary relief” or “Closed with non-monetary relief.” To qualify for the “Closed with monetary relief” category, the company's response must provide objective and verifiable monetary relief that is measurable in dollars. To qualify for “Closed with non-monetary relief,” the response must provide the consumer with objective and verifiable relief that does not meet the definition of monetary relief. These categories reduce any risk that reviewers fail to accord appropriate significance to cases that issuers close with non-monetary relief. Second, the Bureau has added a “Closed with explanation” response category, which may be used when the issuer believes that the complaint does not merit substantive relief, and instead provides a full explanation to that effect to the consumer. This category recognizes that in some instances, a thorough explanation will serve to resolve the consumer's complaint. At the same time, it allows reviewers and consumers to see in more detail how issuers, collectively and separately, resolve the complaints filed against them.
6. Date Fields
Finally, the Bureau agrees with the commenters who urged the inclusion of relevant dates in the public database. Initially, the Bureau will be able to include the date that a complaint is sent to the Bureau and the date that the Bureau forwards it to the relevant company.
The Bureau is currently developing the technical ability to publish other date fields including the date that a company responds. When this is feasible, the Bureau plans to include additional date fields in the public database.
E. Potential Impacts of Undisclosed Fields
The Bureau received a number of comments about data fields that the proposed Policy Statement did not list for disclosure in the public database. The Bureau is not shifting any of these fields into the disclosed category in the final Policy Statement, though several fields remain under assessment for potential inclusion at a later date.
1. Consumer Narratives
The issue of disclosing consumer narratives generated the most comments. Each consumer comment letter submitted by OMB Watch requested access to narratives “to help me make better financial decisions and avoid bad actors.” Consumer, civil rights, open government, and privacy groups uniformly supported disclosure on the grounds that it would provide consumers with more useful information on which to base financial decisions and would allow reviewers to assess the validity of the complaint. As noted, these groups submitted a coordinated proposal that would give the consumer a default option to submit narrative information for public disclosure. Recognizing the need to protect privacy interests, the commenters' proposal calls for the Bureau to use algorithms to detect personally identifiable information in narratives slated for disclosure, with back-up manual review by staff and consumers of any narratives that the algorithm identifies. Subject to FOIA limitations, however, the proposal would also provide a consumer the chance to opt out of narrative disclosure, in whole or in part. Narratives that the consumer opts out would not be disclosed in the normal course.
The two privacy groups expounded on privacy risks in the most detail, echoing the Bureau's acknowledgment that a detailed narrative may enable re-identification even if it does not contain standard personally identifiable information like a name or account number. One privacy group noted that the privacy risk from “non-identifiable” data is increasing all the time. The other noted that after it established its own online complaint system, it received a number of “extraordinarily detailed and unique complaints” that would have been inappropriate to disclose without express consent and heavy redaction or summarization. Although this group supported disclosure on an opt-in basis, it urged the Bureau to study a large sample of complaint narratives before resolving on its final course.
Trade groups and industry commenters uniformly opposed disclosure of consumer narratives. Several suggested that if the Bureau resolved to disclose narratives, it might inadvertently disclose personally identifiable information, with potentially significant consequences to the affected individuals. These commenters also argued that narrative disclosure might undermine the Bureau's mission to the extent that consumers, fearing potential disclosure of their personal financial information, became reluctant to file complaints. Some industry commenters argued against narrative opt-ins or opt-outs, claiming that consumers would not take time to read them or to understand the consequences of their choices. One privacy group also cautioned against the use of opt-in or opt-out approaches on grounds that consumers do not generally understand them and will usually select the default option, undermining the notion that a consumer has thereby “consented” to publication. As a result, the privacy group urged that the Bureau explore the use of data agreements, whereby users could have access to select narratives subject to a contractual agreement not to attempt re-identification.
While acknowledging the general lack of consensus in this area, the Bureau notes that almost all commenters agreed that the privacy risks of narrative disclosure must be carefully addressed if narrative disclosure is to take place. Accordingly, the Bureau will not publish narrative data until such time as the privacy risks of doing so have been carefully and fully addressed. In addition to assessing the feasibility of redacting personally identifiable information (“PII”) and other re-identifying narrative information, by algorithmic and/or manual methods, the Bureau will carefully consider whether there are ways to give submitting consumers a meaningful choice of narrative disclosure options.
2. Responsive Issuer Narratives
Consumer groups argued that issuers should have the same ability as consumers to offer their responsive narratives for either public disclosure or private communication to the consumer. According to these commenters, this mechanism would protect consumer privacy, allow for effective communication between consumers and issuers, and permit issuers to respond publicly to public complaint narratives. Trade associations disagreed, arguing that the Gramm-Leach-Bliley Act prohibits them from publicly disclosing any PII about their customers. In light of the Bureau's current disclosure position on consumer narratives, however, the Bureau is not resolving this issue at this point.
F. Addition of New Data Fields
Several consumer groups requested the Bureau to add new data fields for collection and disclosure via the public database. One group suggested that the database identify the specific card product, not the issuer alone. As noted, several groups urged that location data be provided at the city or census tract level to help identify discriminatory practices. To that same end, several groups urged the collection of demographic data on a voluntary basis.
The Bureau is open to the inclusion of additional data fields and will continue to work with external stakeholders to address the value of adding such fields. The Bureau notes, however, that additional data categories will logically fall into one of two groups, each of which implicates different policy concerns and trade-offs. First, the Bureau can disclose new data fields by adding them to the intake form for consumers to complete. These fields impose additional burden on the consumer and may make the submission of a complaint that much less likely. Second, the Bureau can derive additional data fields from a complaint submitted on the existing intake form. Thus, the Bureau could tag complaints by issue or by other criteria. New fields of this type would not impose a burden on consumers, but they would impose an additional burden on the Complaint System and the Bureau's resources.
G. When Complaint Data Will Be Added to the Public Database
One consumer group commented that data should be uploaded 10 days after the submission of a complaint. This group also urged that the issuer be required to respond substantively to the complaint within that same 10-day window.
Several trade associations, however, noted that the complaint process may allow up to 60 days for a substantive response and, on that basis, argued that data for a given complaint should not be uploaded until the 60-day period has run. Finally, one privacy group endorsed the proposed 30-day lag between a consumer submitting a complaint and the Bureau adding the applicable data to the public database.
The Bureau's rationale for the 30-day lag was to ensure that issuers have sufficient time to determine whether they are the identified issuer before any data about the complaint is disclosed. Experience shows, however, that issuers do not need more than 15 days from their receipt of the complaint to make this determination. As a result, the Bureau proposes to revise the posting schedule. Under the revised approach, the Bureau will add field data subject to disclosure to the public database once the issuer has made a timely response within the 15-day window (“Closed with monetary relief,” “Closed with non-monetary relief,” “Closed with explanation,” “Closed” or “In progress”) or has failed to make any response within 15 days. This means that almost all complaints will be subject to posting at or before the 15-day mark, improving the timeliness of data in the public database. However, if the company can make a reasonable showing within the 15 days that the consumer's identification is incorrect, the complaint will not be published unless and until the correct issuer is identified.
Once data for a given complaint has been posted to the public database, any new data fields for that complaint will be added to the public database as they become available. Thus, if a company makes a late response, its response will be included in the public database, but that response would also show as untimely. The Bureau currently proposes to update the public database once each day, subject to the initial lag period that applies to a given complaint.
H. Posting Data for Complaints Submitted to Other Regulators
One consumer group commented that the public database should include data on complaints that the Bureau forwards to other agencies. This group also commented that the Bureau should encourage other agencies to submit complaints to the same public database.
The Bureau agrees that the utility of the public database would be improved by the inclusion of as many complaint records as possible. As a result, it is open to other regulators providing parallel complaint data for inclusion in the public database. Until that can be achieved, however, the Bureau does not believe it would be that useful to include referred complaints in the public database. The Bureau would not be able to describe how and when a referred complaint was responded to, or whether the consumer accepted or disputed the outcome. In addition, the Bureau would not have verified the existence of a commercial relationship between the company and the consumer.
I. Public Database Tools
Consumer groups recommended a number of particular tools for accessing the public database. One group urged that the tools directly generate ranking data. Another argued that the access system should be able to generate percentage shares for one variable in terms of another.
The Bureau will use a data platform to make the complaints publicly available. This platform has a number of important features. First, users can search and filter the data across any of the data fields.
Second, users can build their own data visualizations, which can then be embedded on other Web sites and shared via social media. These visualizations can stay up-to-date with the Bureau's public database as it receives new data. This makes it easy for reviewers to disseminate information from the database, reducing transaction costs in the marketplace of ideas. Third, the platform allows users to submit public comments for potential refinements and improvements to the public database. Fourth, the data will be provided in a machine-readable format via an Application Programming Interface. This will allow third parties to build their own tools for leveraging the data, further reducing transaction costs and improving dissemination.
J. Extension of Policy Statement to Complaint Data for Other Consumer Products and Services
The Concurrent Notice published in the Federal Register describes the Bureau's proposal to extend the Policy Statement to all consumer products and services within the Bureau's jurisdiction. Responsive comments are due on or before July 19.
IV. Final Policy Statement
The text of the final Policy Statement is as follows:
1. Purposes of Credit Card Complaint Data Disclosure
The Bureau receives credit card complaints from consumers. The Bureau intends to disclose certain information about credit card complaints in a public database and in the Bureau's own periodic reports.
The purpose of this disclosure is to provide consumers with timely and understandable information about credit cards and to improve the functioning of the credit card market. By enabling more informed decisions about credit card use, the Bureau intends for its complaint data disclosures to improve the transparency and efficiency of the credit card market.
2. Public Access to Data Fields
Data from complaints that consumers submit will be uploaded to a publicly accessible database, as described below.
a. Complaints Included in the Public Database
To be included in the public database, complaints must: (a) Not be duplicative of another complaint at the Bureau from the same consumer; (b) not be a whistleblower complaint; (c) within the scope of the Bureau's authority under section 1025 of the Consumer Financial Protection Act; and (d) be submitted by a consumer (or his or her authorized representative) with an authenticated commercial relationship with the identified issuer. The public database will initially include data from credit card complaints submitted on or after June 1, 2012.
b. Fields Included in the Public Database
For included complaints, the Bureau will upload to the public database certain non-narrative fields that do not call for PII. The Bureau plans to include these fields:
(i) Bureau-assigned unique ID number;
(ii) Channel of submission to Bureau;
(iii) Date of submission to Bureau;
(iv) Consumer's 5-digit zip code;
(v) Subject matter;
(vi) Date of submission to company;
(vii) Company name;
(viii) Company response category;
(ix) Whether the company response was timely; and
(x) Whether the consumer disputed the response.
The consumer generates data for fields (iv), (v), (vii), and (x). The Bureau will authenticate the consumer's identification of the relevant company in field (vii), and finalize the entry in that field as appropriate.
The Bureau intends to use the name of the issuer as disclosed in Nilson Report data on the credit card market. If a company demonstrates by the 15-day deadline that it has been wrongly identified, no data for that complaint will be posted unless and until the correct issuer is identified. At the 15-day mark, however, the Bureau will post the complaint data with the originally identified issuer in field (vii) so long as the Bureau has card number or documentary data to support the identification. If the Bureau cannot reasonably identify the company, however, the complaint will be closed without posting to the public database.
The complaint system automatically populates the two date fields, (iii) and (vi). The Bureau completes fields (i), (ii), and (ix).
The issuer completes field (viii). If it selects “Closed with monetary relief” for field (viii), the issuer will also enter the amount of monetary relief provided, although that information will not be included in the public database.
Field (viii) will show as “In progress” if the issuer responds with a request within 15 days for the full 60-day response period. The issuer's later response will then overwrite the “In progress” data entry.
c. When Data Is Included in the Public Database
The Bureau will generally add field data to the public database for a given complaint within 15 days of forwarding the complaint to the company in question. If the company responds “Closed with monetary relief,” “Closed with non-monetary relief,” “Closed with explanation,” “Closed,” or “In progress” before the 15-day deadline for response, the Bureau will then post applicable data for that complaint to the public database. If the company fails to respond at all by the 15-day deadline, the Bureau will also post data for that complaint at that point. In this case, the issuer response category field will be blank and the untimely response field will be marked. As noted above, if a company demonstrates by the 15-day deadline that it has been wrongly identified, no data for that complaint will be posted unless and until the correct issuer is identified. Once the Bureau discloses some data for a given complaint, it will add to the public database any new complaint data that are subject to disclosure as they become available. Subject to these various restrictions, data will be posted to the public database on a daily basis.
d. Public Access
A public platform for the public database will enable user-defined searches of the posted field data. Each complaint will be linked with a unique identifier, enabling reviewers to aggregate the data as they choose, including by complaint type, issuer, location, date, or any combination of these variables. The data platform will also enable users to save and disseminate their data aggregations. These aggregations can be automatically updated as the public database expands to include more complaints. Finally, users will be able to download the data or leverage it via an Application Programming Interface.
e. Excluded Fields
The public database will not include personally identifying fields such as a consumer's name, credit card number, or address information other than a 5-digit zip code. At least until it can conduct sufficient further study, the Bureau will not post to the public database the consumer's narrative description of “what happened” or his or her description of a “fair resolution.” The Bureau also will not post a company's narrative response. These narrative fields may contain personally identifiable information or other information that could enable identification. The possibility of disclosure may also suppress complaints and/or reduce the specificity of complaint narratives, potentially undermining the effectiveness of the complaint process. In addition, the company's response may contain material protected from disclosure under consumer privacy laws. The Bureau intends to study the potential inclusion of narrative fields as described further in section 4 of this Policy Statement.
3. Regular Bureau Reporting on Complaints
At periodic intervals, the Bureau intends to publish reports about complaint data, which may contain its own analysis of patterns or trends that it identifies in the complaint data. So far, the Bureau has published three reports containing aggregate complaint data.
The Bureau intends for its reporting to provide information that will be valuable to consumers and other market participants. Before determining what reports to issue beyond those relating to its own handling of complaints, the Bureau will study the volume and content of complaints that it has received in a given reporting period for patterns or trends that it is able to discern from the data. If the data will support it, the Bureau intends for its reports to include some standardized metrics that would provide comparisons across reporting periods. The reports will also describe the Bureau's use of complaint data across the range of its statutory authorities during a reporting period. Because monetary relief data will not be included in the individual-level public database, the Bureau anticipates such data will be included at non-individual levels in its own periodic reporting.
4. Matters for Further Study
Going forward, the Bureau intends to study the effectiveness of its credit card complaint disclosure policy in realizing its stated purposes. In addition, the Bureau will analyze the narrative fields submitted by consumers and issuers. The analysis will assess whether there are practical ways to disclose narrative data in a manner that will improve consumer understanding without undermining privacy interests or the effectiveness of the credit card complaint process and without creating unwarranted reputational injury to issuers.
5. Effect of Policy Statement
This Policy Statement is intended to provide guidance regarding the Bureau's exercise of discretion to publicly disclose certain data derived from consumer complaints. The Policy Statement does not create or confer any substantive or procedural rights on third parties that could be enforceable in any administrative or civil proceeding.
Dated: June 14, 2012.
Director, Bureau of Consumer Financial Protection.
[FR Doc. 2012-15163 Filed 6-21-12; 8:45 am]
BILLING CODE 4810-AM-P