Skip to main content
Menu Icon



Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC refers ROSCA case against software company and executives to DOJ

    Federal Issues

    On June 17, the FTC announced an enforcement action against a software company and two of its executives for its practices related to its subscription model. According to the redacted complaint filed by the DOJ (upon referral from the FTC), defendant allegedly failed to adequately disclose to consumers the terms associated with its year-long subscription, and allegedly failed to obtain the consumer’s express informed consent before charging them. Defendant’s “Annual, Paid Monthly” subscription plan allegedly included early termination fees (ETF) that were not clearly disclosed to consumers upon enrollment. In particular, the ETF disclosures were buried on the company’s website in small print or required consumers to hover over small icons to find the disclosures. The DOJ also alleged defendant used the early termination fees to discourage consumers from canceling their plans, which was also difficult for consumers to do. Defendant’s practices allegedly violated the Restore Online Shoppers’ Confidence Act (ROSCA). The DOJ will be seeking injunctive relief, civil penalties, equitable monetary relief, as well as other relief.

    Federal Issues DOJ FTC ROSCA Enforcement Consumer Protection Subscriptions

  • New York Attorney General issues judgment against crypto-asset firm

    State Issues

    On June 14, the New York Attorney General, Letitia James, announced a stipulation and consent to judgment against a crypto-asset company for allegedly misleading investors on the risks of its program. Under the order, the defendants agreed to distribute all digital assets through its platform as restitution on an in-kind, “coin-for-coin” basis, with distributions to be made in the same amount and types of crypto-assets loaned by the investors. The stipulation followed a May 20 settlement with the company worth $2 billion.

    The defendants were permanently restrained and enjoined from engaging in any conduct under the Martin Act and Executive Law § 63(12), as well as offering a cryptocurrency lending product in New York State. However, the order specified that if future state or federal legislation permitted crypto lending in the state, the defendant may seek permission from the New York AG to lift the ban. The defendants further agreed to fully cooperate with the New York AG as it continued to investigate the matter. The order also required the defendants to disclose to consumers within thirty days of its execution that the defendant is not registered with the SEC or the CFTC, along with detailing risk factors, among other disclosure requirements. The defendants neither admitted nor denied the allegations in the complaint, aside from admitting to personal and subject matter jurisdiction.

    State Issues New York Fraud State Attorney General

  • SEC charges communications company with accounting control failure


    On June 18, the SEC issued a cease-and-desist order (order) against a Delaware-based business communication and marketing service provider (respondent) to settle allegations of cybersecurity controls violations related to a 2021 ransomware attack.

    According to the order, the SEC alleged respondent did not have adequate controls to ensure cybersecurity incidents were reported to its management and did not respond to alerts indicating unusual network activity in a timely manner. Among other allegations, the order contended that respondent relied on a third-party vendor to review and escalate the large volume of alerts issued by its cybersecurity detection systems but did not implement procedures or controls to effectively confirm that the vendor’s review and escalation of alerts were consistent with the respondent’s expectations. The order noted that respondent cooperated with the investigation, reported the cybersecurity incident promptly, and took steps to enhance its cybersecurity technology and controls. Without admitting the SEC’s allegations, respondent agreed to a $2,125,000 civil money penalty.

    Notably, in addition to alleged violation of Exchange Act Rule 13a-15(a) requiring public companies to maintain disclosure controls and procedures designed to ensure timely disclosure of incidents in compliance with the Commission’s rules, the order also alleged that respondent’s failure to design effective procedures to ensure escalation and timely decisions regarding potential security incidents violated Section 13(b)(2)(B) of the Securities Exchange Act of 1934. Section 13(b)(2)(B) required covered companies to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances, among other things, that access to company assets was permitted only in accordance with management’s general or specific authorization.”

    In a statement responding to the order, SEC Commissioners Pierce and Uyeda took issue with the Commission’s application Section 13(b)(2)(B). Specifically, the commissioners argued that the requirement to maintain internal accounting controls ensuring “that access to company assets” must be authorized by management and was intended to protect the accuracy of corporate transactions for the use and disposition of assets in transactions. They noted that “[w]hile [respondent’s] computer systems constitute an asset in the sense of being corporate property, computer systems are not the subject of corporate transactions,” and that faulting respondent’s internal accounting controls in the context of a ransomware attack “breaks new ground with its expansive interpretation of what constitutes an asset under Section 13(b)(2)(B)(iii).”

    Securities Cease and Desist Civil Money Penalties Delaware Cyber Risk & Data Security Enforcement SEC

  • FINRA issues guidance on broker-dealers using generative AI tools


    On June 27, FINRA issued Regulatory Notice 24-09 that discussed the implications to broker-dealers in their use of artificial intelligence (AI), including large language models (LLMs) and other generative AI tools. Although FINRA stated that while AI offered broker-dealers opportunities to improve their services and enhance their operational and compliance efficiencies, it also reminded firms that its rules and federal securities laws continue to apply. In discussing use cases, FINRA noted that AI tools can analyze financial data, summarize documents, and assist in investor education, but also raise concerns about accuracy, privacy, bias, and security.

    When using these tools, FINRA reminds firms that: (1) they must have appropriate supervisory systems and governance in place, whether those tools are developed in-house or provided by third parties; and (2) they should evaluate AI tools before use to ensure compliance with FINRA rules. FINRA also stated that in some instances, it could issue further guidance for specific use cases. FINRA encouraged firms to seek interpretive guidance where ambiguous rule applications may exist and have ongoing discussions with their Risk Monitoring Analyst.

    Courts Securities Supreme Court ALJ Seventh Amendment

  • NYDFS issues guidance insurers regarding discrimination in affordable housing market

    State Issues

    On June 24, Gov. Kathy Hochul announced guidance issued by NYDFS in Circular Letter No. 6 (2024) informing insurers and related parties that, under the new Insurance Law § 3462, making coverage decisions based on a property’s status as an affordable housing development or on the amount or source of a tenant’s income will be prohibited. According to the Circular Letter, the recently enacted law came in response to a “hardening” insurance market that has resulted in increased premiums and reduced coverage options for affordable housing developments. Under the law, insurers cannot base decisions such as issuing, renewing, or increasing premiums for policies on whether a property was an affordable housing development or if tenants received government assistance. The guidance noted that “excess line insurers, and the New York Property Insurance Underwriting Association (NYPIUA) must comply with Insurance Law § 3462 and can no longer request information about government-subsidized housing units or tenants paying rent with housing assistance or use this information for underwriting purposes,” and were required to update their insurance applications and underwriting guidelines accordingly. If insurance rates were previously based on these factors, insurers must revise their rates and submit them to NYDFS.

    State Issues NYDFS New York Insurance Discrimination

  • Rhode Island amends and adds provisions to financial institutions code

    State Issues

    On June 25, the Governor of Rhode Island signed into law H 7282 (the “Act”) amending certain provisions of the state’s Title 19 on Financial Institutions and adding new consumer protections. Among other things, the amendments to the Act (i) updated the term “Federal Office of Thrift Supervision” to “Federal Reserve System,” (ii) clarified that the term “Tangible net worth” meant “the aggregate assets of a licensee excluding all intangible assets, less liabilities” in accordance with GAAP, and (iii) increased the minimum capital requirements for currency transmission licensees. The Act further restricted student loan servicers from withholding student transcripts from delinquent borrowers, removed a provision allowing deposit of securities in lieu of bonds, and added provisions on permissible investments for licensees, including cash, certificates of deposit, obligations of the United States, letters of credit with stipulations, or surety bonds.

    State Issues Rhode Island Financial Institutions Federal Reserve GAAP Bond

  • Ohio allows dual capacity in real estate transactions

    State Issues

    Recently, the Ohio Division of Financial Institutions released a letter to repeal prior guidance banning mortgage professionals from acting as both a mortgage professional and a real estate agent in the same transaction. This “dual capacity” was originally banned in the Divisions Mortgage Brokers & Lenders Letter 2006-1 to prevent conflicts of interest that might arise when a single person would both complete a sale and obtain financing for that sale. After the repeal, the Ohio Division of Financial Institutions required licensed mortgage loan originators to disclose when they or an associate will act as a realtor in connection with a property’s sale and to inform and obtain a signature from the buyer. Signatures can be obtained on the Dual Capacity Disclosure Form.

    State Issues Ohio Mortgages Mortgage Lenders Disclosures

  • Court grants $12 million final judgment but denies prejudgment interest in RICO class action


    On June 18, the U.S. District Court for the Southern District of California entered an order granting plaintiffs’ motion for entry of final judgment against a large for-profit educational institution that has since gone bankrupt. According to the 2020 complaint, plaintiffs were left with debt for what they claimed to be a worthless education. After the school’s bankruptcy in 2016, plaintiffs alleged that they continue to be victimized by defendants’ student loan operation. Plaintiffs filed the motion following a jury trial where defendants were found liable under the Racketeer Influenced and Corrupt Organizations Act (RICO). The jury awarded plaintiffs $4 million in compensatory damages, which was trebled to $12 million under the RICO statute.

    In addition to the judgment, plaintiffs applied for an additional $4 million in prejudgment interest. In denying the application for prejudgment interest, the court declined to award the discretionary interest based on allegations that defendants “repeatedly attempted to pick off the class representatives for the very purpose of eliminating this action, or at the very least, delaying it.” The court recognized that defendants’ tactics may have delayed the litigation but did not find them to be unreasonable or unfair to a degree that would warrant prejudgment interest, noting that the plaintiffs’ own post-trial motions contributed to the delay in judgment.

    The court entered final judgment against the defendants in the amount of $12 million, with attorneys’ fees and costs to be determined later.

    Courts RICO California Class Action Student Loans Consumer Finance

  • District Court approves $3.65 mil. settlement against student loan servicer


    On June 24, the U.S. District Court for the Western District of Pennsylvania approved a class action settlement involving student loan borrowers brought against a student loan servicer. The class alleged that from December 2018 to October 2023, the defendant assessed improperly certain convenience fees to process Perkins loan payments from student borrowers by telephone, IVR, or over the internet. The settlement fund of $3.65 million represents 25 percent of the total processing fees collected from hundreds of thousands of borrowers over roughly five years. The parties agreed that, in the event any funds remain after the first distribution, a second distribution will be made to class members.

    Courts Student Loan Servicer Class Action Settlement

  • Colorado’s DIDMCA opt-out blocked by preliminary injunction

    On June 18, U.S. District Court of the District of Colorado granted a motion for preliminary injunction filed by several financial services trade associations, enjoining Colorado from enforcing Colo. Rev. Stat. § 5-13-106 with respect to any loan made by the plaintiffs’ members, to the extent the loan is not “made in” Colorado. As previously covered by InfoBytes, the enjoined provision, contained in Section 3 of Colorado HB 23-1229 and scheduled to become effective on July 1, opted Colorado out of Section 521 of the Depository Institutions Deregulation and Monetary Control Act (DIDMCA) which allowed state-chartered banks to export rates of their home state across state borders. Trade groups sued before this law went into effect (covered here), with the FDIC writing a brief in support of the Colorado Attorney General (here).

    The court’s decision turned on its interpretation of DIDMCA Section 525, which allowed states to enact laws opting loans “made in” the enacting state out of Section 521, the provision granting insured state banks the same rate exportation authority as national banks. In support of their motion, the plaintiff trade associations argued that loans to Colorado residents by insured state banks located in other states were “made in” the bank’s home state or the state where key loan-making functions occur. Colorado disagreed, contending that a loan was “made in” both the borrower’s state and the state where the lender is located for purposes of applying the DIDMCA opt out provision.

    In granting the preliminary injunction, the court found the argument that only a bank “makes” a loan was “more consistent both with the ordinary colloquial understanding of who ‘makes’ a loan, and, more importantly, with how the words ‘make’ and ‘made’ are used consistently throughout the text of the Federal Deposit Insurance Act, including the [DIDMCA] amendments.” The court explained that “the answer to the question of where a loan is ‘made’ depended on the location of the bank, and where the bank takes certain actions, but not on the location of the borrower who ‘obtains’ or ‘receives’ the loan.” Although the court noted that agency interpretations did not address directly how to apply Section 525 of DIDMCA, it found that “[t]o the extent the agency interpretations are helpful, they support the conclusion that in common parlance, a loan is ‘made’ by a bank and therefore where the bank is located and performs its loan-making functions” (italics omitted).

    Colorado has 30 days to appeal the district court’s decision to the Tenth Circuit.

    Bank Regulatory Courts State Legislation DIDMCA Interest Rate UCCC


Upcoming Events