Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB proposes T&C registry for nonbanks

    Agency Rule-Making & Guidance

    On January 11, the CFPB announced a proposed rule to create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights.” The terms and conditions—which would be made publicly available—would include those that address waivers of consumer claims, liability limits, legal action limits, class action bans, arbitration agreements, liquidated damages clauses, as well as other waivers of consumer rights.

    The Bureau explained that its proposal is intended to “facilitate public awareness and oversight” about what nonbanks are putting in form contracts. “Some companies slip terms and conditions into their form contracts that try to take away consumer protections, try to limit how consumers exercise their rights, or try to quiet consumer complaints or criticism,” the Bureau stated in its announcement. “[M]ore broadly, the terms and conditions potentially undermine consumer financial protection law.”

    The Bureau provided several examples of such terms and conditions, including: (i) unlawful mandatory arbitration agreements that are included in servicemember loan contracts; (ii) credit monitoring service agreements that “undermine credit reporting rights” by prohibiting consumers from pursuing legal action, including class action lawsuits, for FCRA violations; (iii) occurrences where lenders use clauses that waive liability for bank fees that borrowers incur due to repeated payment collection attempts; (iii) mortgage contracts that make “deceptive” use of waivers and limitations that are inconsistent with TILA restrictions; and (v) terms and conditions that try to quiet consumer complaints or criticism.

    All supervised nonbanks, including those operating in payday lending, private student loan origination, mortgage lending and servicing, student loan servicing, automobile financing, consumer reporting, consumer debt collection, and international remittances would be subject to the rule. However, the Bureau is proposing certain exemptions for nonbanks with lower levels of receipts. Comments on the proposal are due 30 days after publication in the Federal Register.

    “[T]the registry would help regulators and law enforcement more easily detect when companies are offering products and services using prohibited, void, and restricted contract terms described above. This would be especially useful to state and tribal regulators with limited resources to alert or take action against companies violating the law,” CFPB Director Rohit Chopra said in an accompanying statement, adding that the Bureau plans to “use data from the registry to identify supervised nonbanks and the risks their terms and conditions pose, prioritize which firms to examine, and plan the scope of those exams.”

    House Financial Services Committee Chairman Patrick McHenry (R-NC) slammed the proposal, saying the “proposed registry of terms and conditions will facilitate the naming and shaming of firms to empower progressive activists. Requiring nonbank financial firms to register publicly with the Bureau is unprecedented—no other industry is required to make public such detailed contract information. The days of Congress giving Director Chopra a free pass for his reckless actions have come to an end.”

    The proposed registry follows a proposal announced in December by the Bureau that would create a database of enforcement actions taken against certain nonbank covered entities, which would include all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices. (Covered by InfoBytes here.)

    Agency Rule-Making & Guidance Federal Issues CFPB Nonbank Consumer Finance Consumer Protection Supervision House Financial Services Committee

  • District Court gives preliminary approval to $11.5 million FCRA settlement

    Courts

    On January 6, the U.S. District Court for the Northern District of Georgia granted preliminary approval of a $11.5 million settlement in a class action FCRA suit, resolving allegations that a credit reporting agency (CRA) reported inaccurate or incomplete criminal and civil records. According to the plaintiffs’ motion for preliminary approval of the proposed settlement and memorandum in support, the defendant violated the FCRA by attributing criminal records to consumers that did not belong to them. The plaintiffs further alleged that “misattribution resulted from [the defendant’s] unreasonable procedures related to its using or failure to use certain identifying information in its matching algorithm.” In addition, the plaintiffs claimed that the defendant failed to report favorable dispositions in landlord-tenant records. The plaintiffs also alleged that the defendant “did not obtain complete and up-to-date public records from the source, instead relying on old or incomplete data obtained from its vendor(s) or retrieved through automated processes.” If final approval of the settlement is granted, attorney fees will account for about a third of the $11.5 million settlement amount. The estimated number of people who could benefit from the settlement is approximately 90,000, with awards for this group ranging from $40 to $800. The defendant will also be obliged under the settlement to provide data needed to identify members of the class. Further, class members whose names were misreported as tied to felonies or sex offenses, or who disputed their criminal records, will be paid higher payments than those linked to misdemeanors, lower-level offenses, or eviction records.

    Courts FCRA Credit Reporting Agency Settlement

  • 9th Circuit reverses decision in COPPA suit

    Courts

    In December, the U.S. Court of Appeals for the Ninth Circuit reversed and remanded a district court’s decision to dismiss a suit alleging that a multinational technology company used persistent identifiers to collect children’s data and track their online behavior surreptitiously and without their consent in violation of the Children’s Online Privacy Protection Act (COPPA). According to the opinion, the company used targeted advertising “aided by sophisticated technology that delivers curated, customized advertising based on information about specific users.” The opinion further explained that “the company’s technology ‘depends partly on what [FTC] regulations call ‘persistent identifiers,’ which is information ‘that can be used to recognize a user over time and across different Web sites or online services.’” The opinion also noted that in 2013, the FTC adopted regulations under COPPA that barred the collection of children’s “persistent identifiers” without parental consent. The plaintiff class claimed that the company used persistent identifiers to collect data and track their online behavior surreptitiously and without their consent, and alleged state law claims arising under the constitutional, statutory, and common law of California, Colorado, Indiana, Massachusetts, New Jersey, and Tennessee, in addition to COPPA violations. The district court ruled that the “core allegations” in the third amended complaint were squarely covered, and preempted, by COPPA.

    On appeal, the 9th Circuit considered whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulations. To determine this, the appellate court examined the language of COPPA’s preemption clause, which states that state and local governments cannot impose liability for interstate commercial activities that is “inconsistent with the treatment of those activities or actions” under COPPA. The opinion noted that the 9th Circuit has long held “that a state law damages remedy for conduct already proscribed by federal regulations is not preempted,” and that the statutory term “inconsistent” in the preemption context refers to contradictory state law requirements, or to requirements that stand as obstacles to federal objectives. The appellate court stated that it was not “persuaded that the insertion of ‘treatment’ in the preemption clause here evinces clear congressional intent to create an exclusive remedial scheme for enforcement of COPPA requirements.” The opinion noted that because “the bar on ‘inconsistent’ state laws implicitly preserves ‘consistent’ state substantive laws, it would be nonsensical to assume Congress intended to simultaneously preclude all state remedies for violations of those laws.” As such, the appellate court held that “COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe the same conduct forbidden by, COPPA. Express preemption therefore does not apply to the children’s claims.”

    Courts Appellate Ninth Circuit COPPA Privacy, Cyber Risk & Data Security FTC State Issues

  • District Court issues judgment against debt-collection law firm

    Federal Issues

    On January 11, the U.S. District Court for the Southern District of New York entered a proposed stipulated final judgment and order against a defendant New York debt-collection law firm. As previously covered by InfoBytes, the Bureau’s complaint alleged that between 2014 and 2016 the defendant initiated over 99,000 collection lawsuits in an attempt to collect debts by relying on “non-attorney support staff, automation, and both a cursory and deficient review of account files,” in violation of both the FDCPA and the Consumer Financial Protection Act. The Bureau alleged the lawsuits contained names and signatures of attorneys despite those attorneys “not being meaningfully involved in reviewing the merits of the lawsuits,” including not reviewing pertinent documentation related to the debts, such as account applications, billing statements, payment histories, and the terms and conditions governing an account. Moreover, the defendant allegedly did not perform reviews of the contracts related to debt sales, despite filing lawsuits on behalf of debt buyers that have been accused of unlawful debt collection practices.

    In order to continue with debt-collection litigation, for each collection suit, the settlement requires the defendant to possess documents with specific information about the debt, including the name of the original creditor, evidence that the consumer authorized the debt, the chain of assignment supporting any sale of the debt, and a break-down of how the debt amount was calculated. The defendant must also certify that the attorney whose name appears on the complaint reviewed the supporting documentation and ensure the complaint is consistent with that documentation. Any pending lawsuit in which the defendant does not certify its compliance with the specific information and meaningful attorney review requirements must be voluntarily dismissed. The also order requires the defendant to pay a $100,000 penalty to the Bureau.

    Federal Issues Courts CFPB Enforcement Debt Collection CFPA FDCPA Consumer Finance

  • Education Dept. releases IDR proposal

    Federal Issues

    On January 10, the Department of Education (DOE) announced a notice of proposed rulemaking (NPRM) to reduce the cost of federal student loan payments. According to the DOE, the regulations fulfill President Biden’s plan to provide student debt relief for approximately 40 million borrowers and to make the student loan system more manageable for student borrowers. As previously covered by InfoBytes, the three-part debt relief plan was announced in August to provide, among other things, up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the DOE, and up to $10,000 in debt cancellation to non-Pell Grant recipients for borrowers making less than $125,000 a year or less than $250,000 for married couples. Plaintiffs, whose loans are ineligible for debt forgiveness under the program, sued the DOE and the DOE secretary claiming the agency violated the Administrative Procedure Act’s notice-and-comment rulemaking procedures and arbitrarily decided the program’s eligibility criteria. Plaintiffs further contended that the DOE secretary does not have the authority under the HEROES Act to implement the program. Specifically, the NPRM would establish that those making less than $30,577 as an individual or a family of four making less than $62,437 would have their monthly payments reduced to $0.

    According to the NPRM, the DOE is proposing to amend the regulations governing income-contingent repayment plans by amending the Revised Pay as You Earn (REPAYE) repayment plan. The NPRM noted that the DOE is looking to restructure and rename the repayment plan regulations under the William D. Ford Federal Direct Loan Program, including combining the Income Contingent Repayment (ICR) and the Income-Based Repayment (IBR) plans under the umbrella term of IDR plans. The NPRM would ensure that a borrower’s balance would not grow due to accumulation of unpaid interest if the borrowers otherwise make their monthly payments. Additionally, the NPRM would also establish that for individuals who borrow $12,000 or less, loan forgiveness can occur after making the equivalent of 10 years of payments. That period increases by one year for each additional $1,000 that is borrowed. The DOE released a Fact Sheet on increasing college accountability, which clarifies information on identifying the lowest-financial-value programs, protecting students and delivering value through greater accountability, increasing collaboration with accreditors, and building a record of action.

    The DOE also released a request for information (RFI) to solicit comments on identifying the best ways to calculate the metrics that may be used to identify low-financial-value programs and inform technical considerations. Finally, the DOE released a Fact Sheet on transforming IDR. Among other things, the Fact Sheet discusses decreasing undergraduate loan payments, stopping unpaid interest accumulation, and lowering the number of monthly payments required to receive forgiveness for borrowers with smaller loan balances. Comments are due 30 days after publication in the Federal Register.

    Federal Issues Agency Rule-Making & Guidance Department of Education Student Lending Income-Driven Repayment Federal Register Administrative Procedure Act HEROES Act Consumer Finance

  • FTC seeks to ban noncompete clauses

    Federal Issues

    On January 5, the FTC announced a notice of proposed rulemaking (NPRM) regarding banning the use of noncompete clauses in employment contracts. Among other things, the NPRM, would make it illegal for employers to: (i) enter into, or attempt to enter into, a noncompete agreement with a worker; (ii) maintain a noncompete agreement with a worker; or (iii) represent to a worker that the worker is subject to a noncompete agreement. The NPRM also would require employers to rescind existing noncompete agreements and notify workers that those agreements are no longer in effect. The NPRM extends to both paid and unpaid workers as well as independent contractors. It also extends to non-disclosure agreements or agreements to repay training costs upon early termination of employment if such agreements amount de facto to a noncompete. Finally, the NPRM extends to noncompetes related to the sale of a business unless they involve a person who owns at least 25 percent of the sold business. The ban would be pursuant to Sections 5 and 6(g) of the FTC Act, which declare “unfair methods of competition in or affecting commerce” to be unlawful, and authorize the FTC to issue rules prohibiting such methods.

    According to FTC Chair Lina M. Khan, noncompete clauses “block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand.” She noted that by ending noncompete clauses, “the FTC’s proposed rule would promote greater dynamism, innovation, and healthy competition.” According to Commissioner Christine S. Wilson’s dissent, the NPRM is a “radical departure from hundreds of years of legal precedent that employs a fact-specific inquiry into whether a noncompete clause is unreasonable in duration and scope, given the business justification for the restriction.”

    Comments are due by March 10.

    Federal Issues Agency Rule-Making & Guidance FTC FTC Act Noncompete

  • CFPB says ruling on funding structure doesn’t affect debt collector’s CID

    Federal Issues

    In December, the CFPB denied a petition by a debt collection agency to set aside a civil investigative demand (CID) issued last October. The company challenged the Bureau’s authority to issue the CID on the grounds that the agency’s funding mechanism is unconstitutional. The company’s argument relied on a decision issued by the U.S. Court of Appeals for the Fifth Circuit on October 19 (covered by a Buckley Special Alert), which found that the Bureau is unconstitutionally funded and vacated the CFPB’s Payday Lending Rule. The Bureau submitted a petition for a writ of certiorari in November asking the U.S. Supreme Court to review the 5th Circuit decision (covered by InfoBytes here).

    The debt collection agency and the CFPB held a “meet and confer” at the end of October, and the company argued that during the meet and confer the parties did not agree on two of the company’s objections: (i) the inadequate Notification of Purpose Pursuant to 12 C.F.R. §1080.5 contained in the CID; and (ii) the Bureau’s unconstitutional funding mechanism. The company filed a petition to set aside the CID, arguing that because the Bureau’s funding mechanism is unconstitutional, the Bureau lacks enforcement authority and the CID should be set aside in its entirety. The company claimed a similar nexus exists between the Bureau’s unconstitutional funding mechanism and the concrete harm suffered by the company. Just as the Payday Lending Rule was vacated by the 5th Circuit and set aside as unenforceable, “but for the Bureau’s unconstitutional spending, the CID would not have been issued,” the company said.

    In rejecting the company’s arguments, the Bureau commented that it “has consistently taken the position that the administrative process … for petitioning to modify or set aside a CID is not the proper forum for raising and adjudicating challenges to the constitutionality of the Bureau’s statute.” In declining to set aside the CID on constitutional grounds, the Bureau wrote that should it later determine that it is necessary to obtain a court order compelling compliance with the CID, the company will have an opportunity to raise any constitutional arguments as a defense in district court.

    Federal Issues CFPB Enforcement CID Debt Collection Constitution Appellate Fifth Circuit Funding Structure

  • FTC finalizes data breach order with online alcohol marketplace

    Federal Issues

    On January 10, the FTC announced it has finalized an order with a company that operates an online alcohol marketplace, along with its CEO, related to a data breach that allegedly exposed the personal information of roughly 2.5 million consumers. As previously covered by InfoBytes, the FTC alleged the respondents were alerted to problems with the company’s data security procedures following an earlier security incident in 2018, which involved hackers accessing company servers to mine cryptocurrency until the company changed its cloud computing account login information. The FTC asserted, however, that the company failed to take appropriate measures to address its security problems even though it publicly claimed it had appropriate security protections in place. Among other things, the respondents allegedly violated the FTC Act by (i) failing to implement basic security measures or put in place reasonable safeguards to secure the personal information it collected and stored; (ii) storing critical database information, including login credentials, on an unsecured platform; (iii) failing to monitor its network for security threats or unauthorized attempts to access or remove personal data; and (iv) exposing customers to hackers, identity thieves, and malicious actors who use personal information to open fraudulent lines of credit or commit other fraud. The respondents neither admit nor deny the allegations.

    The terms of the final decision and order prohibit the company from making any misrepresentations in connection with any offered product or service related to how it collects, uses, discloses, maintains, deletes, or permits or denies access to personal information. Additionally, the company is required to destroy any collected personal data that is not necessary for providing products or services to consumers, and must refrain from collecting or maintaining personal information unless it is necessary for specific purposes provided in a data retention schedule. The company must also implement and maintain a comprehensive information security program, establish security safeguards to protect against specified security incidents, obtain initial and biennial third-party information security assessments, and publicly detail on its website information on its data collection practices. The order also requires the CEO to implement an information security program at any relevant business for which he is a majority owner, CEO, or senior officer with information security responsibilities.

    Federal Issues Privacy, Cyber Risk & Data Security FTC Enforcement

  • DOJ says court will oversee social media company’s housing ads into 2026

    Federal Issues

    On January 9, the DOJ informed a New York federal judge that it had reached a follow-up agreement with a global social media company to ensure its compliance with a June 2022 settlement that required the company to stop using a tool that allowed advertisers to exclude certain users from seeing housing ads based on their sex and estimated race/ethnicity. Explaining that the tool violated the Fair Housing Act, the letter said the company agreed to allow the tool to expire and agreed to build a system to reduce variances in its housing ad delivery system related to sex and estimated race/ethnicity. A follow-up agreement reached between the parties on compliance targets established that the company will be subject to court oversight and regular compliance review through June 27, 2026. The company released a statement following the settlement announcing it is making changes “in part to address feedback we’ve heard from civil rights groups, policymakers and regulators about how our ad system delivers certain categories of personalized ads, especially when it comes to fairness.” The company further noted that “while HUD raised concerns about personalized housing ads specifically, we also plan to use this method for ads related to employment and credit. Discrimination in housing, employment and credit is a deep-rooted problem with a long history in the US, and we are committed to broadening opportunities for marginalized communities in these spaces and others.” 

    Federal Issues DOJ Enforcement Courts Discrimination Settlement Fair Housing Act Advertisement

  • District Court approves $11 million data breach settlement

    Privacy, Cyber Risk & Data Security

    On January 4, the U.S. District Court for the Northern District of Texas granted final approval of an $11 million class action settlement resolving allegations related to a February 2021 data breach that compromised more than 4.3 million customers’ personally identifiable information, including names, Social Security numbers, driver’s license numbers, dates of birth, and username/password information. According to plaintiffs’ amended complaint, the defendant insurance software providers failed to notify affected individuals about the data breach until on or after May 10, 2021, despite commencing an investigation in March. Plaintiffs maintained that the defendants’ alleged failure to comply with FTC cybersecurity guidelines and industry data protection standards put at risk their financial and personal records, and said they now face years of constant surveillance to prevent potential identity theft and fraud. Under the terms of the settlement (see also plaintiffs’ memorandum of law in support of the motion for final approval), class members will each receive up to $5,000 for out-of-pocket expenses, including up to eight hours of lost time at $25/hour, as well as 12 months of financial fraud protection. Members of a California subclass will receive additional benefits of between $100 and $300 each. The defendants are also responsible for paying each named plaintiff a $2,000 service award and must pay over $3 million in attorney fees, costs, and expenses.

    Privacy, Cyber Risk & Data Security Courts Settlement Data Breach State Issues Class Action California FTC

Pages

Upcoming Events