Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 29, the CFPB issued a circular to law enforcement agencies and regulators explaining how operators of digital comparison-shopping tools or lead generators can potentially violate the CFPA’s prohibition on abusive acts or practices by steering consumers towards options that best serve the operator or the lead generator. The circular further discussed “how law enforcement agencies and regulators can evaluate operators of comparison-shopping tools… to manipulate results” to appease consumer preferences.
The Bureau explained that while consumers often use these tools to research, compare, and select financial products, some intermediaries also functioned as lead generators that sold consumer information to lenders. These intermediaries may have received compensation, the CFPB said, often termed as “bounties,” from financial providers for preferential treatment or lead generation. The circular recognized that operators of these tools may have engaged in commercial arrangements with financial providers and may have received compensation based on user actions or bids.
The CFPB stated that both digital comparison-shopping tool operators and lead generators can qualify as “covered persons” under CFPA section 1031(d)(2)(C) which prohibits them from engaging in unfair, deceptive, or abusive acts or practices, particularly those that “take unreasonable advantage” of consumers so they may act in the “covered person’s” best interests. The circular outlined elements of CFPA Section 1031(d)(2)(C) and applied the elements including reasonable reliance by consumers on covered entities to act in their interests, to an evaluation of the operator or lead generator activities. Notably, the circular warned that reasonable consumer reliance could be created based on the representations of the tool operator or lead generator, as well as implicit or explicit communications. Further, the Bureau added that steering consumers towards certain products or providers for the financial benefit of the operator or lead generator, rather than consumer interest, constituted unreasonable advantage-taking.
Finally, the circular included a non-exhaustive list of examples of preferencing or steering arrangements and advised law enforcement agencies and regulators to scrutinize bounty or bidding schemes and decision-making processes to identify abusive conduct.
On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”
A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.
On February 22, the U.S. Attorney General, Merrick B. Garland, announced that he tapped Jonathan Mayer to head the DOJ’s first Chief Science and Technology Advisory and Chief Artificial Intelligence (AI) Officer roles. The roles are housed in the DOJ’s Office of Legal Policy which is developing a team of technical and policy experts in technology-related areas important to the Department’s responsibilities. These topics include cybersecurity and AI with the aim to advise leadership and collaborate with other components across the Department and with federal partners on cutting-edge technological issues. As the first Chief Science and Technology Advisor, Mayer will contribute technical expertise on cybersecurity, AI, and emergent technology matters.
The Chief AI Officer role was created pursuant to a presidential executive order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. In this role, Mayer will work on intra-departmental and cross-agency efforts on AI and adjacent issues, and he will also lead the Justice Department’s newly established Emerging Technology Board, which coordinates and governs AI and other emerging technologies across the Department.
Mayer has a PhD in computer science from Stanford University and a J.D. from Stanford Law School. Mayer is an assistant professor at Princeton University’s Department of Computer Science and School of Public and International Affairs where his research is focused on the intersection of technology, policy, and law with an emphasis in criminal procedure, national security, and consumer protection.
On February 20, the Financial Stability Board (FSB) released a letter from its Chair, Klaas Knot, to the G20 Finance Ministers and Central Bank Governors ahead of the February 28-29 G20 meeting, setting up the agenda for maintaining global financial stability. The FSB is an organization made up of senior financial officials from G20 countries as well as international financial organizations including the International Monetary Fund, the World Bank, and the European Central Bank. The letter addressed financial system vulnerabilities, including the takeaways from the March 2023 banking crisis, nonbank financial intermediation (NBFI), digitalization of finance, climate change effects, and cross-border payment efficiency.
On the first topic, the letter highlighted lessons wrought by the March 2023 banking crisis; the FSB advocated the need for public-sector backstop funding mechanisms, and more analytical work on interest rate and liquidity risk to explore vulnerabilities. On NBFI, the letter noted a structural vulnerability in asset management as the “potential mismatch between the liquidity of fund investments and daily redemption of fund units in open-ended funds[.]” On digital innovation, the letter urges the G20 to closely monitor any risks to financial stability, including crypto, tokens, and artificial intelligence. On climate change, the FSB plans to further analyze climate-related financial risks to financial stability. Last, on cross-border payments, the G20 Cross-border Payments Roadmap goal is to make cross-border payments “faster, cheaper, and more transparent and inclusive” while keeping their integrity and maintaining the “safety of the system.” The letter noted that FSB has collaborated with AML experts in both the public and private sectors to “increase the efficiency of payments systems and further enhance their integrity and safety.”
On February 22, the Attorney General for the State of Pennsylvania, Michelle A. Henry, announced a settlement with a company for selling consumers’ data information without clearly notifying those consumers pursuant to the Unfair Trade Practices and Consumer Protection Law and the Telemarketer Registration Act (TRA) and required the defendant pay $25,000 in monetary relief. The defendant operated various websites that collected consumers’ personal information with offers of free samples or payments for online surveys. The Pennsylvania AG alleged the defendant failed to properly disclose to consumers that the purpose of collecting their data was for lead generation, made misrepresentations regarding free samples and brand affiliations, and failed to obtain necessary consumer requests and agreements.
As part of the settlement, the Pennsylvania AG required the defendant to provide certain disclosures, including the collection of consumer data is for lead generation, consumer information may be sold to third parties, and defendant functions as an aggregator of promotional offerings. The settlement further enjoined the defendant from making certain misrepresentations to consumers. There were also orders related to telemarketing practices and consumer usage data, including a requirement that defendant not “use, sell, transfer or share any [c]onsumer [d]ata obtained from Pennsylvania consumers[.]”
Recently, the FDIC released a consent order against a Tennessee bank as part of its release of January Enforcement Decisions and Orders. The FDIC stated that within sixty days of the effective date of the consent order, the bank must “submit a general contingency plan to the Regional Director… [on] how the [b]ank will administer an effective and orderly termination with significant third-party FinTech partners,” as part of its Third-Party Risk Management program for the bank. The Program must assess and manage the risks posed by all fintech firms associated with the bank. It will include policies related to due diligence and risk assessment criteria that are appropriate to the products and services provided by the fintech partner. The bank must also engage an independent firm for completion of a comprehensive Banking-as-a-Service Risk Assessment Report.
The bank further consented, without admitting or denying any charges of unsafe or unsound banking practices, to board supervision of the bank’s management and approval of the bank’s policies and objectives, qualified management, the Regional Director’s prior consent for new or expanded lines of business that would result in an annual 10 percent growth in total assets or liabilities, and a comprehensive strategic plan.
On February 27, Michelle Bowman, a member of the Federal Reserve Board of Governors, gave a speech reflecting on the state of the broader U.S. economy and banking regulation in Tampa, Florida. Bowman highlighted the need for the Fed to focus on “efficiency in how we deliver on our safety and soundness goals.” On capital reform, Bowman noted that since the closure of the comment period for the Basel III “Endgame” reforms, the federal banking agencies have been reviewing the feedback and identifying areas of concern: she hopes that the agencies will take this opportunity to revise the proposal in a way that addresses the concerns raised by the public. After voicing her non-support for the recently adopted Community Reinvestment Act (CRA) final rule, Bowman shared that while the new rule provided some positive changes, the changes are still “unnecessarily complex, overly prescriptive,” and have greater costs than benefits. Bowman highlighted that the final rule treats a wide range of community banks with more than $2 billion in assets as “large banks, and would have resulted in a “nearly tenfold increase in banks with a ‘Need to Improve’ CRA rating” if applied to the period from 2018 to 2020. On Regulation II and debit card interchange fees, Bowman noted that the comment period has been extended until May 12, adding that the proposed permanent decrease in debit card interchange fees will have “consequences for banks of all sizes.” Bowman ended with discussion on bank mergers, climate change, and liquidity.
On February 26, the Department of Veterans Affairs published a circular to address assumption fees, specifically permitting a loan holder to charge an additional assumption-related fee based on the location of the relevant property when the assumption of a VA-guaranteed loan closes. This additional fee is in addition to the previously permitted assumption fees which must be less than $300 for loan holders with maximum authority or $250 for loan holders without automatic authority. The VA set the amount of the additional assumption fee allowed in Exhibit A to the circular, which can be found here.
On February 22, California State Attorney General, Rob Bonta, issued a letter to small banks and credit unions cautioning that overdraft and returned deposited item fees may infringe upon California’s Unfair Competition Law (UCL) and the CFPA. The letter, directed at institutions in California with assets under $10 billion, highlighted concerns that such fees disproportionately burden low-income and minority consumers. Bonta emphasized that these fees often catch consumers off guard, leading to significant financial strain, and urged the financial institutions in California to comply with state and federal laws by eliminating such practices.
The letter underscores how overdraft and returned deposited item fees can harm consumers, and potentially constitute unfair acts against them. Bonta also pointed out how overdraft fees cannot be reasonably anticipated due to the complexities of transaction processing, making it challenging for consumers to make informed financial decisions. Furthermore, the letter warned that imposition of returned deposited item fees, which are charges by financial institutions when a consumer deposits a check that bounces (due to an issue with the check originator such as insufficient funds or a stop payment order), is likely an unfair business practice in violation of the UCL and CFPA because consumers are usually unable to reasonably avoid the fee.
This action by the California Attorney General is notable for its focus on smaller financial institutions that were expressly excluded from the CFPB’s proposed rule last month on overdraft fees (previously covered by InfoBytes here); however, the action is broadly consistent with the CFPB’s guidance on returned deposited item fees (also covered by InfoBytes here).
On February 21, the Minnesota Attorney General announced a settlement with a tribal economic development entity to resolve a 2023 federal lawsuit that alleged the entity’s lending subsidiaries were engaged in predatory lending and illegal interest rates, in violation of Minnesota and federal consumer lending laws. As previously covered by InfoBytes, the complaint claimed that the entity’s lending subsidiaries charged interest rates of up to 800 percent in violation of state statutory caps of eight percent, and led state residents to believe that the entity was exempt from state laws that protect against predatory lending.
Under the terms of the settlement, the entity and its subsidiaries can no longer lend to Minnesota residents nor advertise or market those loans. The settlement also required any loan issued to consumers in Minnesota before the settlement is canceled, except to recover the original principal balance with all past payments to be attributed towards paying down the principal balance.