Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
On February 8, the FTC announced that the U.S. District Court for the Western District of North Carolina had issued a temporary restraining order and asset freeze regarding a debt collection operation allegedly collecting phantom debts. According to the FTC, the debt collection operation deceptively claimed to be attorneys, or to be affiliated with attorneys, to pressure consumers into paying debts which they did not owe, including threatening legal action if they did not pay, in violation of the FTC Act and the FDCPA. The order names 10 companies and six individuals as defendants and temporarily prohibits the defendants from, among other things, (i) misrepresenting information as it relates to collection efforts; (ii) threatening to take unlawful action; (iii) communicating with third parties without having obtained prior consent, other than to determine a consumer’s location; and (iv) failing to provide consumers with written debt information five days after initial contact.
On February 1, the FTC announced that the U.S. Bankruptcy Court for the Southern District of Florida ruled that the operator of a computer-financing scheme cannot use his bankruptcy to discharge a $13.4 million judgment entered in 2016 for violating a 2008 FTC order. The FTC alleged that the defendant and his affiliated companies collected more than $14 million from consumers based on promises that they would finance the purchase of new computers but failed to actually deliver the computers. The court determined that the contempt judgment issued in 2016 could not be discharged because it resulted from the defendant’s fraudulent conduct “based on both misrepresentation and concealment.” In a press release describing the ruling, the FTC stated that the defendant’s attempt to shield himself from complying with the order by filing for bankruptcy was an attempt to “avoid justice.”
On December 13, the Department of Veterans Affairs (VA) released Circular 26-18-28, which outlines the VA’s Loan Guaranty Service Red Flag Rules Policy to aid in the detection, prevention, and mitigation of identity theft for certain loans financed by the VA (known as, “Vendee loans”), Native American Direct Loans, and refunded loans held by the VA. The policy lists categories and warning signs monitored by the VA, such as (i) credit reporting agencies alerts; (ii) suspicious documents that look altered or forged; (iii) suspicious or fictitious personal identifying information; and (iv) account activity inconsistent with established patterns. The policy notes that the VA Office of Inspector General will investigate accounts flagged for possible identity theft. Holds will be placed on the suspicious accounts or transactions as necessary.
The VA is required by the FTC’s Red Flags Rule to develop and implement a written identity theft prevention program. Notably, as previously covered by InfoBytes, the FTC is seeking comments on whether the agency should make changes to the Rule. Comments are due by February 11, 2019.
Court grants summary judgment in favor of FTC and Florida State Attorney General in debt relief scam case
On December 10, the U.S. District Court for the Middle District of Florida granted the FTC and the Florida Attorney General’s motion for summary judgment against an individual accused of participating in a scheme that allegedly targeted financially distressed consumers through illegal robocalls selling bogus credit card debt relief services and interest rate reductions. According to a 2016 complaint, several interrelated companies and the founder of such companies (defendants), among other things, allegedly violated the FTC Act, the Telemarketing Sales Rule, and the Florida Deceptive and Unfair Trade Practices Act by (i) claiming to be “licensed enrollment center[s]” for major credit card networks with the ability to work with a consumer’s credit card company or bank to substantially and permanently lower credit card interest rates; (ii) charging up-front payments for debt relief and rate-reduction services; and (iii) pitching credit card debt-elimination services, claiming the defendants could access money from a government fund to pay off consumers’ credit card debt in 18 months, when in actuality, no such government fund existed. In some cases, the defendants instructed consumers to stop paying their credit-card bills, resulting in “significant harm in the form of reduced creditworthiness, higher interest rates on their existing credit-card debt, and higher overall credit-card debt due to the accrual of late fees and interest charges.”
The court entered a permanent injunction ordering the defendant founder of the companies involved to pay over $23 million in equitable monetary relief. The order also permanently restrains and enjoins such defendant from, among other things, participating—whether directly or indirectly—in (i) telemarketing; (ii) advertising, marketing, selling, or promoting any debt relief products or services; or (iii) misrepresenting material facts.
On December 11, the FTC entered into a proposed settlement with an Arizona-based company and its officer (defendants) relating to an allegedly deceptive credit card telemarketing operation. As previously covered by InfoBytes, the FTC alleged that the defendants—as part of a larger group of 12 defendants comprised of an independent sales organization, sales agents, payment processors, and identified principals—violated the FTC Act and the Telemarketing Sales Rule by assisting a telemarketing company in masking its identity by processing the company’s credit card payments and laundering credit card transactions on behalf of multiple fictitious companies. The proposed settlement, among other things, prohibits the defendants from engaging in credit card laundering and bans them from telemarketing, processing payments, or acting as an independent sales organization or sales agent. The order also stipulates a judgment of $5.7 million, which will be suspended unless it is determined that the financial statements submitted by the defendants contain any inaccuracies.
In March 2018, the FTC reached settlements with two of the other defendants (see InfoBytes coverage here). Litigation continues against the remaining defendants.
On December 7, as part of Operation Game of Loans—a coordinated effort between the FTC and state law enforcement—the FTC announced settlements with operators of two student loan debt relief operations to resolve allegations that the defendants violated the FTC Act and the Telemarketing Sales Rule by, among others (i) charging consumers who purchased the debt relief services illegal upfront fees; and (ii) falsely promising to assist consumers in enrolling in government programs that would reduce or forgive their student loan debt.
Under the terms of the settlement, the defendants are permanently banned from advertising, marketing, promoting, offering for sale, or selling any type of debt relief product or service—or from assisting others in doing the same. Combined, the settlements total more than $36 million, though judgments have been partially suspended due to the defendants’ inability to pay.
On December 4, the FTC released a request for public comment on whether the agency should make changes to its identity theft detection rules—the Red Flags Rule and the Card Issuers Rule—which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. The FTC is seeking comment as part of its systematic review of all of its regulations and guides. According to the FTC, consumer complaints relating to identity theft represented the third largest category of consumer complaints made to the FTC through the first three quarters of 2018 and the second largest category in 2017. The FTC is seeking comment on all aspects of the two rules, but also poses specific questions for commenters to address, such as (i) whether there is a continuing need for the specific provisions of the rules; (ii) what significant costs have the rules imposed on consumers and businesses; and (iii) whether there are any types of creditors that are not currently covered by the Red Flags Rule but should be covered. The request for comment is due to be published in the Federal Register shortly, and comments must be received by February 11, 2019.
On November 27, the Senate Committee on Commerce, Science and Transportation’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security conducted a hearing to discuss, among other topics, whether the FTC should be granted expanded authority over consumer data privacy and security. The hearing entitled “Oversight of the Federal Trade Commission” heard from the Chairman of the FTC as well as the agency’s four commissioners. Ranking Member Senator Bill Nelson’s opening statement discussed the need for providing additional resources to the FTC in order to ensure the agency is able to perform its mandated duties and effectively protect U.S. consumers from unfair or deceptive acts or practices. The five witnesses agreed that enforcement remains a priority for the FTC and called for comprehensive consumer privacy legislation that would clarify the agency’s authority and the rules relating to data security and breach notification, while fostering competition and innovation to the benefit of consumers. Specifically, FTC Chairman Joseph Simons stated he would support federal data security legislation if it provided the following three items: (i) the ability to seek civil money penalties to effectively deter unlawful conduct; (ii) jurisdiction over nonprofits and common carriers; and (iii) broad rulemaking authority to issue implementing rules under the Administrative Procedures Act for consumer protection issues such as privacy and data security. Commissioner Rohit Chopra also emphasized the need for Congress to support the FTC’s authority under Section 13B of the FTC Act, which authorizes the FTC to seek preliminary and permanent injunctions against companies and individuals.
However, Senator Blumenthal argued that too often the FTC has “fallen short” on protecting consumer privacy, particularly in terms of enforcement and pressing challenges. According to Senator Blumenthal, big tech companies misuse their power and consent orders are not “vigorously and adequately enforced.” He argued that the FTC must have the tools and resources to establish meaningful penalties for first offenses that pose a credible deterrent and recognize state attorneys general to ensure violations are investigated and punished.
Among other things, the hearing also discussed topics addressing: (i) the FTC’s ongoing series of public hearings reexamining the agency’s approach to consumer privacy in light of changing technologies (see previous InfoBytes coverage here); (ii) federal preemption versus state-by-state laws and the risk of inconsistencies and compliance challenges; (iii) the potential use of the FTC’s Section 6B authority, which would allow requests to be sent to the tech industry to understand what data is collected from consumers and how that information is used, shared, and sold; (iv) privacy protections for children, including the strengths and weaknesses of the Children’s Online Privacy Protection Act, particularly with respect to children ages 13 and older; (v) data minimization controls; and (vi) notice and comment rulemaking authority.
FTC settles with one student loan debt relief operation; seeks separate permanent injunction against another
On November 20, the FTC announced a settlement with operators of a student loan debt relief operation to resolve allegations that the defendants defrauded consumers through programs offering mortgage assistance and student debt relief. Regarding the student debt operations, the FTC alleged that the defendants falsely offered student borrowers reduced monthly payments or loan forgiveness by falsely claiming to be affiliated with the Department of Education. In a 2017 complaint, the FTC alleged that the defendants also falsely promised foreclosure prevention and mortgage relief to distressed homeowners, but instead collected advance fees in violation of the Telemarketing Sales Rule (TSR) and the Mortgage Assistance Relief Services Rule. Among other things, the settlement includes a judgment of more than $9 million—which will be partially suspended once the defendants turn over all assets worth approximately $305,000 because of their inability to pay—and bans the defendants from participating in debt relief and telemarketing activities in the future.
The same day, the FTC also announced it was charging a separate student loan debt relief operation with violations of the FTC Act and the TSR for allegedly engaging in deceptive practices when marketing and selling their debt relief services. According to the complaint, the operators of the scheme—which include a recidivist scammer previously banned from participating in debt relief activities—allegedly “promoted a 96 percent success rate in reducing consumers’ student loan payments.” However, the FTC stated that consumers who purchased the debt relief services and often paid illegal upfront fees “often did not receive any debt relief and lost hundreds of dollars.” On November 13, the U.S. District Court for the Central District of California issued a temporary restraining order and asset freeze at the FTC’s request. The FTC seeks a permanent injunction against the defendants to prevent future violations, as well as redress for injured consumers through “rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.”
- Kathryn L. Ryan to discuss "NMLS usage" at the NMLS Annual Conference & Training
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program