Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • New York Attorney General sues over 25 lenders for predatory lending operation

    State Issues

    On March 5, New York Attorney General Letitia James released a verified petition against 27 lenders accusing them of a “large-scale, predatory lending” operation in which they allegedly misrepresented themselves in order to issue small businesses short-term loans at “sky-high interest rates” in violation of New York Executive Law §63(12). According to the petition, the 27 lenders (Respondents) have issued “illegal, usurious” and fraudulent loans in the form of Merchant Cash Advances (MCAs), which imposed triple-digit interest rates as high as 820 percent. The NYAG noted such rates are beyond both the maximum civil usury interest rate (16 percent) and the maximum criminal usury interest rate (25 percent). The petition also alleged the Respondents misrepresented their transactions in court, making the court an “unwitting part of their illegal scheme.”

    The petition asked the court to permanently enjoin Respondents from committing any further fraudulent or illegal practices, cease all MCA collection payments, and void and rescind all MCAs. The NYAG also will seek and order that the Respondents disgorge all profits and award civil penalties of $5,000 for each fraudulent MCA transaction and $2,000 in costs from each Respondent. 

    State Issues State Attorney General New York Fraud Lending Predatory Lending

  • Pennsylvania Attorney General settles with data collection company for failing to disclose data use

    Courts

    On February 22, the Attorney General for the State of Pennsylvania, Michelle A. Henry, announced a settlement with a company for selling consumers’ data information without clearly notifying those consumers pursuant to the Unfair Trade Practices and Consumer Protection Law and the Telemarketer Registration Act (TRA) and required the defendant pay $25,000 in monetary relief. The defendant operated various websites that collected consumers’ personal information with offers of free samples or payments for online surveys. The Pennsylvania AG alleged the defendant failed to properly disclose to consumers that the purpose of collecting their data was for lead generation, made misrepresentations regarding free samples and brand affiliations, and failed to obtain necessary consumer requests and agreements.

    As part of the settlement, the Pennsylvania AG required the defendant to provide certain disclosures, including the collection of consumer data is for lead generation, consumer information may be sold to third parties, and defendant functions as an aggregator of promotional offerings. The settlement further enjoined the defendant from making certain misrepresentations to consumers. There were also orders related to telemarketing practices and consumer usage data, including a requirement that defendant not “use, sell, transfer or share any [c]onsumer [d]ata obtained from Pennsylvania consumers[.]”

    Courts Pennsylvania State Attorney General Data Collection / Aggregation Telemarketing

  • California Attorney General warns small banks and credit unions on fees

    State Issues

    On February 22, California State Attorney General, Rob Bonta, issued a letter to small banks and credit unions cautioning that overdraft and returned deposited item fees may infringe upon California’s Unfair Competition Law (UCL) and the CFPA. The letter, directed at institutions in California with assets under $10 billion, highlighted concerns that such fees disproportionately burden low-income and minority consumers. Bonta emphasized that these fees often catch consumers off guard, leading to significant financial strain, and urged the financial institutions in California to comply with state and federal laws by eliminating such practices.

    The letter underscores how overdraft and returned deposited item fees can harm consumers, and potentially constitute unfair acts against them. Bonta also pointed out how overdraft fees cannot be reasonably anticipated due to the complexities of transaction processing, making it challenging for consumers to make informed financial decisions. Furthermore, the letter warned that imposition of returned deposited item fees, which are charges by financial institutions when a consumer deposits a check that bounces (due to an issue with the check originator such as insufficient funds or a stop payment order), is likely an unfair business practice in violation of the UCL and CFPA because consumers are usually unable to reasonably avoid the fee. 

    This action by the California Attorney General is notable for its focus on smaller financial institutions that were expressly excluded from the CFPB’s proposed rule last month on overdraft fees (previously covered by InfoBytes here); however, the action is broadly consistent with the CFPB’s guidance on returned deposited item fees (also covered by InfoBytes here).

    State Issues California State Attorney General Overdraft CFPA Unfair

  • Minnesota Attorney General settles with tribal company over high interest rates

    State Issues

    On February 21, the Minnesota Attorney General announced a settlement with a tribal economic development entity to resolve a 2023 federal lawsuit that alleged the entity’s lending subsidiaries were engaged in predatory lending and illegal interest rates, in violation of Minnesota and federal consumer lending laws. As previously covered by InfoBytes, the complaint claimed that the entity’s lending subsidiaries charged interest rates of up to 800 percent in violation of state statutory caps of eight percent, and led state residents to believe that the entity was exempt from state laws that protect against predatory lending.

    Under the terms of the settlement, the entity and its subsidiaries can no longer lend to Minnesota residents nor advertise or market those loans. The settlement also required any loan issued to consumers in Minnesota before the settlement is canceled, except to recover the original principal balance with all past payments to be attributed towards paying down the principal balance.

    State Issues Courts Minnesota Interest Rate Consumer Finance State Attorney General Settlement Enforcement Consumer Protection

  • California Attorney General settles with food delivery company for allegedly violating two state privacy acts

    Privacy, Cyber Risk & Data Security

    On February 21, the California State Attorney General Office announced its complaint against a food delivery company for allegedly violating the California Consumer Privacy Act of 2018 (CCPA) and the California Online Privacy Protection Act of 2003 (CalOPPA) for failing to provide consumers notice or an opportunity to opt-out of the sale.

    The CCPA requires businesses that sell personal information to make specific disclosures and give consumers the right to opt out of the sale. Under the CCPA, a company must disclose a privacy policy and post an “easy-to-find ‘Do Not Sell My Personal Information’ link.” The California AG alleged that the company provided neither notice. The AG also alleged that the company violated CalOPPA by not making required privacy policy disclosures. The company’s existing disclosures indicated that the company could only use customer data to present someone with advertisements, but not give that information to other businesses to use.

    The proposed stipulated judgment, if approved by a court, will require the company to pay a $375,000 civil money penalty, and to (i) comply with CCPA and CalOPPA requirements; (ii) review contracts with vendors to evaluate how the company is sharing personal information; and (iii) provide annual reports to the AG on potential sales or sharing personal information.

    Privacy, Cyber Risk & Data Security California State Attorney General CCPA CalOPPA Enforcement Data

  • New York State Attorney General wins $77 million judgment against short-term lenders for predatory lending

    State Issues

    On February 8, New York State Attorney General (AG) Letitia James announced a more than $77 million judgment against three merchant cash advance (MCA) companies for usury and fraud based on allegations the lenders used short-term loans to charge illegally high-interest and undisclosed fees. 

    In a June 2020 announcement, Attorney General James detailed her office’s investigation, which concluded that the companies employed practices including (i) extending MCAs to small business owners at illegal interest rates over short durations; (ii) imposing undisclosed fees; (iii) withdrawing excess amounts from merchants’ bank accounts; and (iv) procuring judgments against merchants through the submission of falsified affidavits in New York State courts.

    The judgment follows a September 2023 court decision finding violations of New York’s prohibitions against, among other things, usury and predatory lending, and requiring the companies to cease collections and to repay thousands of small businesses the interest they paid. The companies were ordered to provide the full restitution and damages within 60 days to all merchants who entered into MCAs, including refunding all amounts taken from merchants or their guarantors in connection with the MCAs, minus the principal amounts funded to the borrowers. After the companies failed to pay the damages, the AG sought the entry of the monetary judgment from the court. 

    State Issues New York State Attorney General Enforcement Small Business Lending Interest Usury

  • Washington State Attorney General wins two suits under medical billing practices

    State Issues

    On February 1, the Attorney General from Washington State successfully sued a large healthcare group to pay over $158 million for settlement of funds under the state’s Consumer Protection Act (CPA). The Washington AG stated that the healthcare group violated state law which requires hospital management to notify patients about financial assistance and to screen them for eligibility before trying to collect payment. The healthcare group has been ordered to pay $20.6 million in patient refunds and will forgive $137.2 million in medical debts; it will also pay $4.5 million to cover the attorney general’s costs. Among others, the consent decree includes several injunctions to be engaged in or refrained from for five years, including maintaining charity care policies, and not collecting payment for medical services unless presented with either of two stated stipulations. Lastly, the consent decree states that if the healthcare group violates a condition, it would have to pay up to $125,000 per violation. The defendants do not admit the allegations of the complaints filed in the first lawsuit from February 2022. 

    Similarly, on February 2 the Washington AG successfully entered into a motion for partial summary judgment against a medical debt collection agency working within the healthcare group for sending 82,729 debt collection notices under the Collection Agency Act (CAA). The court agreed with the AG’s finding that the agency’s debt collection notices failed to make the required disclosures under the CAA. Damages have not yet been awarded. 

    State Issues Medical Debt FDCPA Washington State Attorney General

  • Connecticut Attorney General reports on Connecticut Data Privacy Act

    State Issues

    On February 1, Connecticut’s Attorney General (AG) released a report on the Connecticut Data Privacy Act (CTDPA) including information on the law and how the state enforces it. Enacted in May 2022, the CTDPA is a comprehensive consumer data privacy law which took effect on July 1, 2023. The CTDPA gives consumers in Connecticut a set of rights regarding their personal information and privacy standards for businesses handling such data. Connecticut residents can: (i) see what data companies have on them; (ii) ask for corrections on inaccurate information; (iii) request the deletion of their data; and (iv) choose not to have their personal information used for selling products, targeted advertisements, or profiling. The report noted that within the first six months the CTDPA has been in effect, the AG issued dozens of violations towards a number of information requests. It added that companies generally responded positively to the notices and updated quickly their privacy policies and consumer rights mechanisms. According to the report, while some companies initially went below the CTDPA threshold, they made changes to meet it later while a few went beyond identified areas in the notices by strengthening their disclosures. 

    The report also mentioned that beginning on January 1, 2025, businesses are required to acknowledge universal opt-out signals, reflecting consumers’ choice to opt out of targeted advertising and the sale of personal data. This mandatory provision was emphasized during Connecticut's legislative process to alleviate the consumer burden, and it has been enacted into law. Finally, the report discusses possible expansions and clarifications to the CTDPA for the legislature to consider.  

    State Issues Connecticut State Attorney General Privacy, Cyber Risk & Data Security

  • FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General

    Agency Rule-Making & Guidance

    On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”

    This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.

    Agency Rule-Making & Guidance FCC TCPA Artificial Intelligence Robocalls State Attorney General

  • California Attorney General investigates streaming services for CCPA violations

    Privacy, Cyber Risk & Data Security

    On January 26, California State Attorney General Rob Bonta announced an investigative initiative by issuing letters to businesses operating streaming apps and devices, accusing them of non-compliance with the California Consumer Privacy Act (CCPA). The focus of the investigation is the evaluation of streaming services’ adherence to the CCPA's opt-out requirements, in particular those businesses that sell or share consumer personal information. The investigation targets businesses failing to provide a direct mechanism for consumers wishing to prevent the sale of their data.

    AG Bonta urged consumers to know about and exercise their rights under the CCPA, emphasizing the right to instruct businesses not to sell their personal information. The CCPA grants California consumers enhanced rights regarding the collection, sharing, and disclosure of their personal information by businesses, and compliance responsibilities include responding to consumer requests and providing necessary notices about privacy practices. AG Bonta noted that the right to opt-out under the CCPA mandates that businesses selling or sharing personal data for targeted advertising must facilitate an easy and minimal-step process for consumers to exercise their right. For example, users should be able to easily navigate their streaming service’s mobile application settings to enable the “Do Not Sell My Personal Information” option. The expectation is that this choice remains effective across various devices if users are logged into their accounts when electing to opt-out. Finally, Bonta added that consumers should be given easy access to a streaming service’s privacy policy outlining their CCPA rights. 

    Privacy, Cyber Risk & Data Security State Issues State Attorney General CCPA California Compliance Opt-Out Consumer Protection

Pages

Upcoming Events