Office of Consumer Credit Commissioner June 29, 2004

1. The Changing Currents of Compliance Office of Consumer Credit Commissioner June 29, 2004

2. Customer Service • The average business will hear nothing from 96 percent of unhappy customers who receive rude or discourteous treatment. • To make matters worse, each of those unhappy customers will tell his or her story to at least nine other people, and 13 percent of those unhappy former customers relate their stories to more than twenty people. • Additional research indicates that for every complaint received, the average company has twenty six customers with problems, six of which are “serious” problems.

3. Customer Service • Of the customers who register a complaint, between 54 percent and 70 percent will do business again with the organization if their complaint is resolved. That figure goes up to 95 percent if the customer feels that the complaint was resolved quickly. • Sixty eight percent of customers who quit doing business with an organization do so because of company indifference. It takes twelve positive incidents to make up for one negative incident in the eyes of customers.

4. Agency Customer Service Survey • Randomly sampled 900 businesses and individuals • Overall response rate low, but response from exam selected recipients was 39% • Over 90% of respondents agreed that examiner requests for information are timely and reasonable • Knowledge level of examiners increased substantially from 2002 • Over 70% feel that licensing staff is accessible and provides appropriate communication

5. Agency Customer Service Survey • Opportunities (requested by respondents) • More timely responses • Easier access to agency staff • More information in plain language • Self-directed improvements • Automated resource enhancements • Industry education efforts

6. Strategic Planning • Key data findings: • 8,043 licensees • 16% of licensees are small loan lenders • 13% are payday lenders • Restitution to consumers FY 2003 = $3,703,000 • Administrative actions in FY 2003 = 118 • Of consumer complaints, 9.8% are identified as related to signature loans

7. Strategic Planning • Emerging Issues • Predatory Lending • Preemption • Consumer Credit Counseling/Debt Management Companies • Payday Lending • Financial Literacy • Finance Code Revisions

8. High Cost Lending Study • Directed by Legislature • Non-real estate loans • Collected data sample (5 loans) during examinations from February to April • Attempting to collect data from 187 unlicensed entities • Report to be presented in August

9. Recent Examination Findings • Repossessions • Failure to refund unearned interest upon repossession • Failure to obtain a condition report indicating the condition • Failure to send a “Notice of Intended Disposition” (a.k.a. 10-day letter) or obtain a waiver of the notice signed after default • Failure to send a proper “Notice of Intended Disposition” • Failure to dispose of the collateral in a commercially reasonable manner • Failure to provide the “Explanation of Surplus or Deficiency” when required

10. Recent Examination Findings • Non-obligor did not grant a security interest in the collateral • Privacy Notice does not have any or does not have the proper “complaints and inquiries notice” • Initial Privacy Notice not being provided to the borrowers • Promissory Note references a non-plain language security agreement

11. Recent Examination Findings • Failure to Return Paid-out originals • Taking a security interest in FTC restricted items • Failure to refund a portion of the acquisition charge when the promissory note specifies that the acquisition charge is subject to being refunded • Failing to disclose the information sources used in the denial of a credit application • Failure to Credit Unearned Interest Upon Charge-Off of Loan

12. FTC Safeguards Rule • Requires financial institutions to develop a written information security plan describing the company’s program to protect consumer information. • In implementing safeguards, the rule requires the company include all areas of its operations, with particular attention paid to: • Employee management and training • Information systems • Managing system failures

13. FTC Safeguards Rule: Employee Management and Training • Ask every new employee to sign an agreement to follow the organization’s confidentiality and security standards for handling customer information. • Train employees to take basic steps to maintain the security, confidentiality, and integrity of data such as: • Locking rooms and file cabinets where paper records are kept • Using password-activated screensavers • Using strong passwords (> or = 8 characters) • Changing passwords periodically • Keeping passwords secure • Referring calls or other requests for customer information to designated individuals who have the proper safeguards training • Recognizing any fraudulent attempt to obtain customer information and reporting it to local law enforcement • Limiting access to customer information to employees who have a business reason for seeing it

14. FTC Safeguards Rule: Information Systems • Store records in a secure area • Do not store information on a machine with an internet connections • Maintain secure backup media • Keep archived data secure (either off-line or in a physically secure area) • Dispose of customer information in a secure manner: • Shred documents • Erase all data when disposing of computers or storage media • Promptly dispose of outdated customer information

15. FTC Safeguards Rule: Managing System Failures • Maintain up-to-date and appropriate programs and controls by: • Following a written contingency plan to address breaches • Regularly obtain software patches to resolve vulnerabilities • Use anti-virus software that updates automatically • Back up information, protecting the data in the event of a failure. • Promptly notify customers if their nonpublic personal information is subject to loss, damage, or unauthorized access.

16. Other Compliance Issues • Bilingual disclosure