InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS: Auto loan borrowers are entitled to rebates for cancelled ancillary products
On July 18, NYDFS sent a letter reminding regulated auto lenders and auto loan servicers that they are responsible for ensuring certain rebates are credited to consumers whose vehicles were repossessed or were a total loss. During its examinations, NYDFS identified instances where certain institutions that finance ancillary products, such as extended warranties, vehicle service contracts, and guaranteed asset protection insurance, failed to properly calculate, obtain, and credit rebates to consumers as required. NYDFS explained that the terms of sale for such ancillary products “provide that if the vehicle is repossessed or is a total loss prior to the product’s expiration, the consumer is entitled to a rebate for the prorated, unused value of the product (a ‘Rebate’), payable first to the [i]nstitution to cover any deficiency balance, and then to the consumer.” NYDFS found that some institutions either neglected to pursue Rebates from the issuers of the ancillary products or miscalculated the owed amounts, adding that in some instances, institutions made initial requests for Rebates but did not follow through to ensure that they were received and credited to consumers.
NYDFS explained that an institution’s failure to obtain and credit Rebates from unexpired ancillary products is considered to be unfair “because it causes or is likely to cause substantial injury to consumers who are made to pay or defend themselves against deficiency balances in excess of what the consumer legally owes.” The resulting injury caused to consumers is not outweighed by any countervailing benefits to consumers or to competition, NYDFS stressed.
Additionally, NYDFS said an institution’s statements and claims of consumers’ deficiency balances that do not include correctly calculated and applied Rebates are considered to be deceptive, as they mislead consumers about the amount they owe after considering all setoffs. NYDFS said it expects institutions to fulfill their contractual obligations by ensuring Rebates are properly accounted for, either by deducting them from deficiency balances or issuing refund checks if no deficiency balance is owed.
NYDFS further noted in its announcement that recent CFPB examinations found that certain auto loan servicers engaged in deceptive practices when they notified consumers of deficiency balances that misrepresented the inclusion of credits or rebates. The Bureau’s supervisory highlights from Winter 2019, Summer 2021, and Spring 2022 also revealed that collecting or attempting to collect miscalculated deficiency balances that failed to account for a lender’s entitled pro-rata refund constituted an unfair practice.
FHA proposes to change lender and mortgagee requirements, clarify GSE definition
On July 18, FHA announced a proposed rule for public comment that would revise requirements for investing lenders and mortgagees “to gain or maintain status as an FHA-approved lender or mortgagee.” The proposed rule would also “separately define Government-Sponsored Enterprises (GSEs) and the Federal Home Loan Banks (FHLB) from other governmental entities and align general FHA approval standards with current industry business practices.” The proposed changes are mainly aimed at accommodating more precise language and definitions concerning an investing lender or mortgagee's limited participation in FHA programs. According to FHA, these changes do not represent a significant departure from existing requirements for most lenders and mortgagees involved in originating, endorsing, or servicing FHA-insured loans. Through the proposed rule, HUD proposes to: (i) “separately define the GSEs and their approval requirements from other Federal, State, or municipal governmental agencies and Federal Reserve Banks”; (ii) include Freddie Mac, Fannie Mae, and the FHLBs in the GSE definition; (iii) add language to require investing lenders and mortgagees to comply with applicable audit and financial statement requirements; and (iv) “clarify that investing lenders and mortgagees must comply with FHA’s annual certification requirements.”
E-commerce company fined $25 million for alleged COPPA violations
On July 19, the DOJ and FTC announced that a global e-commerce tech company has agreed to pay a penalty for alleged privacy violations related to its smart voice assistant’s data collection and retention practices. The agencies sued the company at the end of May for violating the Children’s Online Privacy Protection Act Rule and the FTC Act, alleging it repeatedly assured users that they could delete collected voice recordings and geolocation information but actually held onto some of this information for years to improve its voice assistant’s algorithm, thus putting the data at risk of harm from unnecessary access. (Covered by InfoBytes here.)
The stipulated order requires the company to pay a $25 million civil money penalty. The order also imposes injunctive relief requiring the company to (i) identify and delete any inactive smart voice assistant children’s accounts unless requested to be retained by a parent; (ii) notify parents whose children have accounts about updates made to its data retention and deletion practices and controls; (iii) cease making misrepresentations about its “retention, access to or deletion of geolocation information or voice information, including children’s voice information” and delete this information upon request of the user or parent; and (iii) disclose its geolocation and voice information retention and deletion practices to consumers. The company must also implement a comprehensive privacy program specific to its use of users’ geolocation information.
CFPB reports on employer-driven debt
On July 20, the CFPB released an Issue Spotlight covering findings from an inquiry into worker experiences with employer-driven debt. In June 2022, the Bureau launched a formal inquiry on practices and financial products that may cause an employee to owe a debt to their employer. (Covered by InfoBytes here.) The inquiry focused on debt obligations incurred by consumers in the context of an employment or independent contractor arrangement, including training repayment agreements where employees are required to repay the costs of job training should they voluntarily or involuntarily leave a job within a set time period. The inquiry sought information on “prevalence, pricing and other terms of the obligations, disclosures, dispute resolution, and the servicing and collection of these debts,” and asked consumers whether they felt they “have a meaningful choice” in agreeing to these products, what these agreements’ terms and conditions are, and whether the products might prevent individuals from seeking alternative employment.
The recent Issue Spotlight found that employer-driven debt presents several risks to consumers, including:
- Workers experience unique harms related to employer-driven debts, as these debts are tied to their employment, and the issuer of the debt controls their ability to repay it.
- Employees may be rushed into signing agreements that conceal debt details or employers may change terms and conditions after origination without a worker’s knowledge.
- Workers’ focus on securing or advancing employment may lead them to overlook valuation, disclosures, and terms of credit or lease products.
- Employer-driven debts may be imposed as a mandatory precondition of employment, potentially hindering workers’ ability to negotiate terms before accepting a job.
- Employers may misrepresent the value and nature of employer-driven debt, work conditions, and potential job earnings, leading workers to expect career mobility and higher earnings.
- Workers may suffer negative impacts on household financial stability, such as lower earnings, damaged credit scores, and additional debts, to meet repayment-related obligations.
The Bureau stated that it is committed to working with other federal, state, and local regulators to address potential workplace consumer harms and said it intends to evaluate the use of training repayment agreement provisions or other employer-driven debts for potential violations of consumer financial laws.
CFPB alleges UDAAP violations by “lease-to-own” financer
On July 19, the CFPB announced it is suing a lease-to-own finance company that provides services that allows consumers, typically with limited access to traditional forms of credit for their financing, to finance merchandise or services over a 12-month period. According to the complaint, the Bureau claims that once a consumer falls behind on payments, the company’s purchase agreement essentially “lock[s] [consumers] into the 12-month schedule—even if they want to return or surrender their financed merchandise.” The alleged violations include:
- Misleading consumers. The company is accused of designing and implementing its financing program in a way that misleads consumers by using print advertisements featuring the phrase “100 Day Cash Payoff” without including details of the purchase agreement financing. The company is accused of misrepresenting that consumers could not terminate their agreement, that consumers could not return their merchandise, and that the “best” or “only” option for consumers who no longer want to finance their merchandise is to enter a “buy-back” agreement. The Bureau alleges that such conduct, among other things, violated the CFPA's prohibition on deceptive and abusive acts and practices.
- Unlawful conditioning of credit extension. The company is accused of violating the EFTA and its implementing Regulation E by allegedly improperly requiring consumers to repay credit through preauthorized automated clearing house debits.
- Failing to establish reasonable policies concerning consumer information. The Bureau alleges that the company violated the FCRA and its implementing Regulation V by not having adequate written policies and procedures to ensure the accuracy and integrity of consumer information that it furnished, considering the company’s “size, complexity, and scope.”
The Bureau seeks, among other things, injunctions to prevent future violations, rescission or reformation of the company's financing agreements, redress to consumers, and civil money penalties.
FTC proposal would allow facial recognition for consent under COPPA
On July 19, the FTC announced it is seeking public feedback on whether it should approve an application that proposes to create a new method for obtaining parental consent under the Children’s Online Privacy Protection Act (COPPA). The new method would involve analyzing a user’s facial geometry to confirm the individual’s age. Under COPPA, online sites and services directed to children under 13 are required to obtain parental consent before collecting or using a child’s personal information. COPPA provides a number of acceptable methods for obtaining parental consent but also allows interested parties to submit proposals for new verifiable parental consent methods to the FTC for approval.
The application was submitted by a company that runs a COPPA safe harbor program, along with a digital identity company and a technology firm that helps companies comply with parental verification requirements. Specifically, the FTC’s request for public comment solicits feedback on several questions relating to the application, including: (i) whether the proposed age verification method is covered by existing methods; (ii) whether the proposed method meets COPPA’s requirements for parental consent (i.e., can the proposed method ensure that the person providing consent is the child’s parent); (iii) does the proposed method introduce a privacy risk to consumers’ personal information, including their biometric information; and (iv) does the proposed method “pose a risk of disproportionate error rates or other outcomes for particular demographic groups.” Comments are due 30 days after publication in the Federal Register.
FDIC announces Vermont disaster relief
On July 19, the FDIC issued FIL-36-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Vermont affected by severe storms and flooding from July 7 through the present. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructed institutions to contact the New York Regional Office if they expect delays in making filings or are experiencing difficulties in complying with publishing or other requirements.
European Data Protection Board clarifies GDPR transfers
On July 18, the European Data Protection Board (EDPB) published an information note to provide clarity on data transfers under the GDPR to the United States following the European Commission’s adoption of the adequacy decision as part of the EU-U.S. Data Privacy Framework on July 10. The information note also addresses available redress mechanisms under the framework, as well as a new redress mechanism relating to the area of national security. As previously covered by InfoBytes, the European Commission concluded that the U.S. “ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to U.S. companies under the new framework.” With the adoption of the new adequacy decision, personal data can now be transferred securely from the EU to U.S. companies participating in the framework without having to implement additional data protection safeguards.
The information note clarified that transfers based on adequacy decisions do not require supplementary measures. However, transfers to the U.S. not included in the “Data Privacy Framework List” will require appropriate safeguards, such as standard data protection clauses or binding corporate rules. The EDPB emphasized that U.S. government safeguards put in place in the area of national security (including the redress mechanism) will “apply to all data transfers to the [U.S.], regardless of the transfer tool used.” Additionally, EU individuals whose data is transferred to the U.S. based on the adequacy decision may use several redress mechanisms, including submitting complaints with the relevant U.S. organization, while EU organizations may seek advice from their national data protection authority to oversee related processing activities. Moreover, regardless of the transfer method used for sending personal data to the U.S., EU data subjects can submit complaints to their national data protection authority to utilize the new redress mechanism concerning national security. The national data protection authority, in turn, will ensure that the complaint is sent to the EDPB, which will transmit the complaint to the appropriate U.S. authorities.
The EDPB noted that the European Commission will conduct a review of the adequacy decision one year after it enters into force to ensure all elements have been fully implemented and are effective. Depending on the findings, the European Commission will decide, in consultation with the EDPB and the EU member states, whether subsequent reviews are warranted.
Michigan Supreme Court limits applicability of “usury savings clauses”
On June 23, the Michigan Supreme Court reversed a circuit court’s decision on a case involving Michigan’s “longstanding prohibition on excessive interest rates for certain loans.” The case involved a “usury savings clause,” which is a term sometimes used in notes, which requires the borrower to pay the maximum legal interest rate if the contractual terms impose an illegal rate. In the case, a nonbank investment group (plaintiff) lent a realty service company (defendant) $1 million to flip tax-foreclosed homes. Plaintiff sued for breach of contract and fraud after defendant discontinued payments after paying more than $140,000 in interest on the loan. Defendant argued that plaintiff violated the criminal usury statute by, “knowingly charging an effective interest rate exceeding 25%,” which it alleged barred plaintiff from recovering on the loan under the wrongful-conduct rule.
The circuit court determined that the fees and charges associated with the loan constituted disguised interest, making the total interest the plaintiff was seeking above the legal 25% limit and “criminally usurious.” However, the court agreed with the defendant that the usury savings clause was enforceable and the note was not facially usurious. Nevertheless, “the court agreed that the appropriate remedy is to relieve [defendant] of its obligation to pay the interest on the loan but not its obligation to repay the principal.”
The Michigan Supreme Court held that in determining whether a loan agreement imposes illegal rates of interest, a usury savings clause is ineffective if the loan agreement requires a borrower to pay an illegal interest rate, even if the interest is labeled as a “fee” or something else. Further, the court held that enforcing usury savings clauses would undermine the state’s usury laws because it would nullify the statutory remedies for usury, which would relieve lenders of their obligation to ensure that their loans have a legal interest rate. The court also held that a lender is not criminally liable for seeking to collect on an unlawful interest rate in a lawsuit. The court reasoned that seeking relief through the court of law is generally encouraged over extrajudicial means. According to the opinion, the court held that “[t]he appropriate remedy for a lender’s abusive lawsuit is success for the borrower in that lawsuit and appropriate civil sanctions, not a criminal conviction for usury.”
9th Circuit partially reverses FDCPA dismissal
On July 14, the U.S. Court of Appeals for the Ninth Circuit partially affirmed and partially reversed a district court’s dismissal of an FDCPA suit. The district court reviewed plaintiff’s claims under the FDCPA, which alleged that defendants violated the bankruptcy court’s order discharging his debt and knowingly filed a baseless debt collection lawsuit. The district court determined that the claims should be dismissed because (i) debtors do not have a private right of action for violations of the Bankruptcy Code; and (ii) the claim was time-barred due to the FDCPA’s one-year statute of limitations. On appeal, the 9th Circuit affirmed the dismissal of the plaintiff’s claims based on a violation of his bankruptcy discharge order but reversed the dismissal of the plaintiff’s baseless lawsuit claim, holding that it was not barred by the FDCPA’s statute of limitations.
The 9th Circuit reasoned that the plaintiff “correctly asserts that some litigation acts can constitute independent FDCPA violations and that each such violation triggers its own one-year statute of limitations under the FDCPA.” In making its decision “to determine whether a litigation act constitutes an independent violation of the FDCPA and thus has its own statute of limitations,” the appellate court derived a test, stating: “Under this test, if a debt collector decides to take a certain action during litigation, courts must assess whether that act was the debt collector’s ‘last opportunity to comply’ with the FDCPA.” Because the appellate court determined that service and filing are separate FDCPA violations and plaintiff brought suit within one year of defendants’ state law claim, the 9th Circuit held that plaintiff’s action was timely.