InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC orders tax filing software company to cease and desist following ALJ decision
On January 22, the FTC issued an opinion and order against the maker of a popular tax filing software. The FTC found that the company engaged in unfair and deceptive acts or practices by marketing the software as “free” when it was not available as free to more than two-thirds of consumers and ordered the company to “cease and desist making the deceptive claims.”
The FTC’s opinion and order were issued after its de novo review following the September 2023 ruling from an administrative law judge (“ALJ”), in the FTC’s March 2022 administrative complaint against the company (previously reported by InfoBytes here), in which the ALJ found that the company engaged in deceptive advertising.
The company is a publicly traded corporation that offers a variety of software programs. The software in question is a program that assists customers with preparing and filing their taxes. The FTC alleged that since 2016 the company marketed its tax filing software in violation of Section 5 of the FTC Act through television and online ads, stating consumers could file their taxes for free when less than one-third of taxpayers were eligible for the company’s free edition of the software.
The FTC took issue with the company’s claim that the software was “free” when it restricted its eligibility for the free version to those with “simple tax returns.” While the definition of “simple tax returns” has changed over time, in 2022 it was limited to filed returns that included a Form 1040 with limited attached schedules. However, the FTC alleged most taxpayers do not have “simple tax returns” as defined by the company, including those with mortgage or property income, investment income, or charitable donations over $300.
According to the FTC, from 2016 to 2022, the company ran “dozens” of unique ads through television, radio, the internet, social media, and other advertising channels, that garnered “billions of impressions.” The company and its ad agency understood that advertising its product as free would be a “powerful” lure to entice new customers, stating “Lead with [f]ree to raise heads and drive traffic and acquisition[.]” Although disclaimers are present in the ads, the FTC alleged the company’s disclaimers are inadequate to “cure the misrepresentations” faced by the consumer.
The company continued to market its products as free for three years after multiple lawsuits were filed by the Los Angeles City Attorney and the County Counsel for the County of Santa Clara, California, alleging unfair and deceptive marketing of free versions of the software. Various state Attorneys General opened subsequent investigations that led the company to enter into a settlement agreement with all fifty states pursuant to which the company agreed to pay $141 million and submit to restrictions on its advertising and marketing of the software. Among other restrictions, the FTC’s final order prohibits the company from making any misrepresentations of the cost of its products and services, or the requirement that a consumer use its paid products or services in order to accurately file their taxes online or claim a credit or deduction. Additionally, the order imposes record-keeping and reporting requirements that will remain effective for a period of twenty years after the issuance date of the order.
FDIC issues December 2023 enforcement actions
On January 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in December 2023. During that month, the FDIC made public 12 orders consisting of “four orders of termination of deposit insurance; three orders terminating consent orders; two consent orders; one order terminating supervisory prompt corrective action directive; one order of prohibition from further participation; one order to pay a civil money penalty (CMP); and one Decision and Order to Prohibit from Further Participation and Assessment of Civil Money Penalty.”
Included is a consent order with a Mississippi-based bank for alleged Bank Secrecy Act violations, along with violations of a previous consent order from 2020, imposing a $600,000 civil money penalty. Also included is a consent order with a Kentucky-based bank, alleging the bank engaged in “unsafe or unsound banking practices and violations of law or regulation” relating to, among other things, the Bank Secrecy Act. The bank neither admitted nor denied the allegations but agreed to create a written plan to recover its losses from the bank’s relationship with a third-party loan program, to reduce the bank’s risk position in the program, and to stop granting any extensions of credit through adversely classified or criticized loans related to the third-party loan program. The consent order additionally requires the bank’s board to assess the sufficiency of the bank’s allowance for credit losses (ACL), ensuring the establishment of an appropriate ACL and to uphold and accurately report it. Specifically, “management shall review updated credit risk metrics and loss data for the third-party loan programs referenced in the ROE and ensure appropriate provisions to the ACL relative to this information.”
FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General
On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”
This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.
OCC issues proposed rule for bank merger approvals
On January 29, the OCC announced a proposed rule for bank merger approvals under the Bank Merger Act (BMA). The OCC proposed changes to 12 CFR 5.33 to reflect its view that a business combination is a significant corporate transaction.
The OCC suggested two key changes to its business combination regulation (12 CFR 5.33). First, it proposed removing the expedited review procedures outlined in § 5.33(i). Currently, this provision automatically approves certain filings after the 15th day following the close of the comment period, but the OCC believes that no business combinations subject to § 5.33 should be approved solely based on elapsed time. Additionally, the OCC suggests removing paragraph (d)(3), as it pertains to defining applications eligible for expedited review. Second, the OCC proposes the removal of § 5.33(j), which outlines four scenarios allowing an applicant to use the OCC's streamlined business combination application instead of the full Interagency Bank Merger Act Application. The streamlined application seeks information on similar topics, but only requires detailed information if the applicant answers affirmatively to specific yes-or-no questions. Currently, a transaction eligible for the streamlined application also qualifies for expedited review, a feature the OCC is proposing to eliminate. Additionally, a new policy statement (proposed as Appendix A to 12 CFR part 5, subpart C) is introduced to provide clarity and guidance on general principles used by the OCC in reviewing applications under the BMA. The policy statement also covers considerations for financial stability, resources, prospects, and convenience and needs factors. Criteria for deciding whether to hold a public meeting on a BMA application were also outlined.
Comments from the public are due 60 days from the date of publication in the Federal Register.
FTC obtains injunction and monetary judgment against telemarketing company
On January 31, the U.S. District Court for the Northern District of Illinois finalized, in actions brought by the FTC, a permanent injunction and monetary judgment against a telemarketing company and certain individuals for violating the FTC Act, 15 U.S.C. § 45, and the Telemarketing and Consumer Fraud and Abuse Prevention Act, specifically the Telemarketing Sales Rule (“TSR”). The FTC’s motion for summary judgment was granted by the court, whereby the defendants were ordered to pay a monetary judgment for a civil penalty of $28,681,863.88 in favor of the FTC, and the defendants were permanently banned from participating in telemarketing or assisting and facilitating others engaged in telemarketing to consumers. The court found that the defendants violated the TSR by “initiating or causing the initiation of outbound telephone calls to consumers whose telephone numbers were on the National Do Not Call Registry… and by assisting and facilitating their inbound transfer partners’ violations of the TSR.” This final action comes after the FTC was granted its initial order for permanent injunction and other relief in November 2023.
CFPB reflects on 2023 enforcement actions; states upcoming enforcement goals
On January 29, the CFPB released a blog post on its enforcement actions from 2023, as well as its outlook for 2024. In 2023, the CFPB reportedly filed 29 enforcement actions and resolved six final orders on previously filed lawsuits. Compensation-wise, the Bureau required entities to pay approximately $3.07 billion in compensation to consumers and nearly $500 million in civil money penalties. The CFPB highlights some key enforcement actions from 2023, such as helping protect servicemembers from loan exploitation, as previously covered in Infobytes here, and taking action against the alleged illegal junk advance fees from credit repair services, also covered in Infobytes here.
Looking forward to 2024, the CFPB stated its intent to increase its capacity. The Bureau’s outlook falls in line with previous comments from a CFPB representative in an FTC panel, covered by InfoBytes here. The blog post provides greater detail, outlining the Bureau’s plans to hire more technology experts to help enforce the law against emerging technologies, as well as expanding its enforcement capacity by adding more attorneys, analysts, paralegals, and economists, among others.
White House provides three-month update on its AI executive order
On January 29, President Biden released a statement detailing how federal agencies have fared in complying with Executive Order 14110 regarding artificial intelligence (AI) development and safety. As previously covered by InfoBytes, President Biden’s Executive Order from October 30, 2023, outlined how the federal government can promote AI safely and in a secure way to protect U.S. citizens’ rights.
The statement notes that federal agencies have (i) used the Defense Production Act to have AI developers report vital information to the Department of Commerce; (ii) proposed a draft rule for U.S. cloud companies to provide computing power for foreign AI training, and (iii) completed risk assessments for “vital” aspects of society. The statement further outlines how the NSF (iv) managed a pilot program to ensure that AI resources are equitably accessible to the research and education communities; (v) began the EducateAI initiative to create AI educational opportunities in K-12 through undergraduate institutions; (vi) promoted the funding of a new Regional Innovation Engines to assist in creating breakthrough clinical therapies; (vii) the OPM launched the Tech Talent Task Force to accelerate hiring data scientists in the government, and (viii) the DHHS established an AI Task Force to provide “regulatory clarity” in health care. Lastly, the statement provides additional information on various agency activities that have been completed in response to the Executive Order. More on this can be found at ai.gov.
FFIEC publishes proposed extension of reporting obligations
On January 26, the Federal Financial Institutions Examination Council (FFIEC) approved the OCC, Fed, and FDIC’s publication for public comment of a proposal to extend several information collection items for three years. As previously covered by InfoBytes, the FFIEC last month put forth a similar three-year proposal on FFIEC 002 which affected the three Call Reports (FFIEC 031, 041, and 051). While this proposal includes those same four items, it adds two more: the Regulatory Capital Reporting for Institutions Subject to the Advanced Capital Adequacy Framework (FFIEC 101), and the Market Risk Regulatory Report for Institutions Subject to the Market Risk Capital Rule (FFIEC 102). The proposed changes include a new confidential report (FFIEC 102a) titled the Market Risk Regulatory Report that would “collect information necessary for the agencies to evaluate [an]… institution’s implementation of the market risk rule and validate a [bank’s] internal models used in preparing the FFIEC 102.” The revisions are related to the agencies’ capital rule proposal published on September 18, 2023. Comments are requested by March 25, 2024, and the revisions are planned to be effective as of September 30, 2025.
New York Governor proclaims January 21-27 as Data Privacy Awareness Week
On January 26, New York Governor, Kathy Hochul, issued a proclamation establishing January 21-27, 2024, as Data Privacy Awareness Week in partnership with several state agencies, including NYDFS. Generally celebrated as a Data Privacy Day, this will be the first time that the event expands to an entire week. This proclamation addresses ways that citizens can protect their personal information against bad actors. The week is designed to help “educate the public” and heighten the importance of data privacy. The press release highlights how consumers can keep their personal information private and protect themselves, including: keeping applications up to date; using unique and complex passwords for every account; enabling multi-factor authentication on devices; exercising caution when opening unsolicited links in emails or messages; limiting the amount of personal data collected by websites; considering what personal information is shared on social media; setting up a virtual private network, or VPN; and being careful when using public wi-fi networks.
California Attorney General investigates streaming services for CCPA violations
On January 26, California State Attorney General Rob Bonta announced an investigative initiative by issuing letters to businesses operating streaming apps and devices, accusing them of non-compliance with the California Consumer Privacy Act (CCPA). The focus of the investigation is the evaluation of streaming services’ adherence to the CCPA's opt-out requirements, in particular those businesses that sell or share consumer personal information. The investigation targets businesses failing to provide a direct mechanism for consumers wishing to prevent the sale of their data.
AG Bonta urged consumers to know about and exercise their rights under the CCPA, emphasizing the right to instruct businesses not to sell their personal information. The CCPA grants California consumers enhanced rights regarding the collection, sharing, and disclosure of their personal information by businesses, and compliance responsibilities include responding to consumer requests and providing necessary notices about privacy practices. AG Bonta noted that the right to opt-out under the CCPA mandates that businesses selling or sharing personal data for targeted advertising must facilitate an easy and minimal-step process for consumers to exercise their right. For example, users should be able to easily navigate their streaming service’s mobile application settings to enable the “Do Not Sell My Personal Information” option. The expectation is that this choice remains effective across various devices if users are logged into their accounts when electing to opt-out. Finally, Bonta added that consumers should be given easy access to a streaming service’s privacy policy outlining their CCPA rights.