InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC tells three companies to stop claims about deposit insurance
On June 15, the FDIC sent letters ordering three companies and certain of their officers to cease and desist from using the agency’s logo and making false and misleading statements about FDIC deposit insurance. The companies are required to take immediate corrective action to address the allegedly misleading statements. The FDIC maintained that the banks and/or its officers made false and misleading statements in English and Spanish suggesting that they are FDIC-insured. For one of the companies, the FDIC alleged that the company stated that insurance would protect customers’ cryptocurrency assets; that it had and that the company claimed a partner relationship with an FDIC-insured bank without identifying the insured institution in its consumer-facing materials; and that its false FDIC insurance claims were made through social media posts by the company and its chief marketing officer. Under the Federal Deposit Insurance Act, the announcement added, persons are prohibited “from representing or implying that an uninsured product is FDIC-insured or from knowingly misrepresenting the extent and manner of deposit insurance.” The FDIC requested a response within 15 days for two of the companies and 5 days for one.
CFPB looking at privacy implications of worker surveillance
On June 20, the CFPB released a statement announcing it will be “embarking on an inquiry into the data broker industry and issues raised by new technological developments.” The Bureau requested information in March about entities that purchase information from data brokers, the negative impacts of data broker practices, and the issues consumers face when they wish to see or correct their personal information. (Covered by InfoBytes here.) The findings from this inquiry will help the Bureau understand how employees’ personal information can find its way into the data broker market.
With similar intentions, the White House Office of Science and Technology Policy (OSTP) released a request for information (RFI) to learn more about the automated tools employers use to monitor, screen, surveil, and manage their employees. The OSTP blog post cited to an increase in the use of technologies that handle employees’ sensitive information and data. The OSTP also highlighted the Biden administration’s Blueprint for an AI Bill of Rights (covered by InfoBytes here), which underscored the importance of building in protections when developing new technologies and understanding associated risks. Responses to the RFI will be used to “inform new policy responses, share relevant research, data, and findings with the public, and amplify best practices among employers, worker organizations, technology vendors, developers, and others in civil society,” the OSTP said.
The CFPB’s response to the RFI described the agency’s concerns regarding risks to employees’ privacy, noting that it has long received complaints from the public about the lack of transparency and inaccuracies in the employment screening industry. Specifically mentioned are FCRA protections for consumers and guidelines around the sale of personal data. The Bureau also commented that employees may not be at liberty to determine how their information is used, or sold, and have no opportunity for recourse when inaccurately reported information affects their earnings, access to credit, ability to rent a home or buy a car, and more.
McHenry objects to FSOC’s proposed designation framework
On June 15, House Financial Services Committee Chairman Patrick McHenry sent a letter to Treasury Secretary Janet Yellen urging the Financial Stability Oversight Council (FSOC), which Yellen chairs, to “revisit” its proposals on nonbank financial firm risks. As previously covered by InfoBytes, in April, FSOC released a proposed analytic framework for financial stability risks to provide greater public transparency on how it identifies, assesses, and addresses potential risks “regardless of whether the risk stems from activities or firms.” The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards.
McHenry’s letter raised concerns with FSOC’s decision to evaluate risks based on an entity’s size and not its activities. According to McHenry, FSOC’s April proposals will essentially undo changes it made in 2019, which incorporated principles considering a financial institution’s systematic risk rather than merely its size. In his announcement accompanying the letter, McHenry elaborated on his concerns, stating that “allowing FSOC to extend its supervisory reach beyond prudential institutions to nonbank entities in this way could pose significant regulatory consequences for our financial system.” McHenry claimed these institutions may engage in different activities, thus presenting different risks, and said the proposals do not take this into account. McHenry also argued that expanding the Fed’s oversight jurisdiction is not a “panacea for financial stability.”
SBA clarifies PPP eligibility of payroll costs
On June 13, the SBA added question #72 to its Paycheck Protection Program (PPP) Frequently Asked Questions clarifying whether “the amounts paid by a borrower to a third-party payer for the third-party payer’s employees to operate the borrower considered eligible payroll expenses for the purpose of calculating the maximum loan amount.” Previous guidance released in 2020 (FAQ #10) relayed that “payroll documentation provided by the payroll provider that indicates the amount of wages and payroll taxes reported to the IRS by the payroll provider for the borrower’s employees will be considered acceptable PPP loan payroll documentation.” However, because FAQ #10 was issued three days after the PPP began accepting applications and there have been conflicting interpretations of the guidance, the SBA administrator determined additional clarification was necessary.
After reviewing a September 2022 decision issued by the SBA Office of Hearings and Appeals, the administrator published FAQ #72, stating “payroll costs paid by a borrower to a third-party payer for the third-party’s employees to operate the borrower are eligible payroll costs for the purpose of calculating the borrower’s maximum loan amount, as long as the employees were not otherwise counted towards payroll costs on a PPP loan received by the third-party payer.” The administrator further explained that “payroll cost documentation which shows that a borrower paid a third-party payer for the employees of the third-party to operate the borrower will be permitted to support eligible payroll costs for the purpose of calculating the maximum loan amount as long as the employees were not otherwise counted towards payroll costs on another PPP loan, and all other PPP requirements are met, including the submission of payroll documentation that indicates the amount of wages and payroll taxes reported to the IRS by the third-party payer.”
FTC sues genetic testing company over privacy failures
On June 16, the FTC filed an administrative complaint against a California-based genetic testing company for allegedly deceiving consumers about its privacy and data security practices. Marking the FTC’s first case to focus on both the privacy and security of genetic information, the complaint claims the respondent (which sells DNA health test kits and provides health reports to consumers that include personal information) failed to secure genetic and health data and misled consumers about its ability to delete consumers’ data. These alleged actions contradicted claims made by the respondent on its website that personal health information is collected, processed, and stored “in a responsible, transparent and secure environment.” Additionally, the FTC alleged that the respondent failed to implement a policy to ensure DNA samples were destroyed by contract laboratories and made changes to its privacy policy that retroactively expanded the types of third parties authorized to share consumers’ data without notifying consumers or obtaining their consent. “The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said in the announcement.
The respondent is further accused of storing unencrypted personal health information on a publicly accessible cloud storage repository. Several warnings about storing unencrypted data were allegedly sent to the respondent before customers were notified.
Under the terms of the proposed consent order, the respondent will be required to pay $75,000 to go towards consumer refunds. The respondent must also strengthen its protection measures, cease misrepresenting the extent of its security or privacy practices, and instruct third-party contract laboratories to delete all DNA samples that have been retained longer than 180 days. Additionally, the respondent must obtain consumers’ affirmative express consent before sharing health data with third parties, notify the FTC should consumers’ personal health information be compromised, and implement a comprehensive information security program to address the identified alleged security failures.
Fed publishes master accounts database
On June 16, the Federal Reserve Board published the Master Account and Services Database, which provides comprehensive, searchable information on which financial institutions have access to Federal Reserve Bank master accounts and financial services. The Fed explained that a master account is an account with a Reserve Bank, in which the Reserve Bank receives deposits for a financial institution. The Reserve Bank also provides financial services to financial institutions, similar to that of banks that provide services for its customers, like collecting checks, electronically transferring funds, and distributing and receiving cash and coin.
In the press release, the Fed explained the two components of the database: “The first component consists of financial institutions that currently have access to Reserve Bank master accounts and services. The second component consists of financial institutions that have requested access to master accounts and services after December 23, 2022, or had a request pending on that date, as well as the status of each request.” Both components of the database—the existing account database and the access requests database—will be updated quarterly.
CFPB finds issues in servicemember use of payment apps
On June 20, the CFPB released its Office of Servicemember Affairs Annual Report, highlighting financial threats associated with military families’ use of digital payment apps. The report analyzed complaints submitted by military families, veterans, and servicemembers (totaling 66,400 complaints in 2022 alone, a 55 percent increase from 2021). Notably, servicemembers’ complaints exceeded the percentage filed by all consumers for topics including debt collection, credit cards, mortgages, and more.
Top complaints are linked to: (i) fraud and scams when using digital payment apps; (ii) identity theft and unauthorized account access; and (iii) failure of digital payment app providers to provide timely solutions to servicemember complaints. The Bureau explained that servicemembers can be exposed to greater risks of fraud and scams when using a digital payment app—“[o]ften during a permanent change of duty station, servicemembers face the need to secure housing, a new automobile, or daycare during a short window, which often requires them to conduct more online transactions using digital payment apps.” The Bureau also found that servicemembers are prime targets for identity theft, noting that servicemembers complained that digital payment service providers give insufficient support in response to their complaints.
To address the emerging risks, the Bureau recommended that digital payment app providers invest in privacy and security technology for their apps to combat fraudulent activity. The Bureau also suggested providers improve their responsiveness, especially in the case of military families who may be on a tight timeline during a permanent change of station or deployment. The Bureau also recommended that providers implement tailored policies on fraud losses and automatic fraud detection in recognition of the unique circumstances military families face.
HUD says company offering homeowner aid violated FHA
On June 13, HUD announced a Charge of Discrimination against several entities and individuals accused of allegedly violating the Fair Housing Act by discriminating against New York City homeowners on the basis of race, color, or national origin. According to HUD, the seven complainants alleged that the respondents targeted them with offers of mortgage and foreclosure prevention assistance. Respondents allegedly filed illegitimate liens and instructed telemarketers to use “affinity marketing” to build relationships with elderly, vulnerable, and distressed homeowners by bringing up shared national origin and cultural practice. Homeowners who accepted respondents’ purported loan modification services were convinced to sign documents that unknowingly sold their homes to two entities named as respondents, HUD said, explaining that respondents would then attempt to force homeowners to vacate their homes. These efforts were disproportionately concentrated in neighborhoods with a high majority of persons of color (specifically persons of Black and Caribbean descent), HUD noted, adding that in order to persuade lenders to approve the short sale, some of the respondents would allegedly create private real estate listings for homeowners’ properties and present them to the bank as public listings, while falsely claiming no offers had been received in order to secure minimal sales prices. Homeowners were also allegedly promised that the short sales were part of the loan modification services and that the property would be transferred back into their names or that of a family member after a certain period, and that they would be able to remain in their homes until the title was returned. In fact, however, respondents intended to flip the properties for profit.
The charge will be heard by a U.S. administrative law judge unless a party elects to have the case heard in federal district court. HUD requested that the respondents be enjoined from continuing to discriminate against any person because of race, color, or national origin, and asked for damages to fully compensate the complainants, as well as the maximum civil penalty for each respondent.
Property manager settles with DOJ on SCRA violations
On June 13, the DOJ announced a settlement with a property management company resolving allegations that it charged nine servicemembers early termination fees after receiving military orders to relocate, in violation of the Servicemembers Civil Relief Act (SCRA) (see DOJ complaint here.) The SCRA affords protections to servicemembers who terminate a lease upon entering military service or receiving military orders to relocate, and prohibits landlords from imposing early termination charges on such servicemembers. Under the terms of the proposed consent order, the defendant will be required to pay $51,587 to the servicemembers and an additional $22,500 civil penalty. The DOJ also noted that the company must repair the servicemembers’ tenant database entries, implement new policies and procedures that comply with the SCRA, and train its employees on the SCRA.
Colorado bill amends student loan provisions and UCCC licensing renewal deadlines
On June 5, the Colorado governor signed SB 23-248 (the “Act”), which addresses consumer protection in certain credit transactions. Among other things, the bill amends, repeals, and adds sections around lender nomenclature in the Colorado Student Loan Equity Act. The Act defines the terms “private education creditor” and “creditor” as (i) “any person engaged in the business of making or extending private education credit obligation”; (ii) “a holder of a private education credit obligation”; or (iii) “a seller, lessor, lender, or person that makes or arranges a private education credit obligation and to whom the private education credit obligation is initially payable or the assignee of a creditor’s right to payment.” Several exemptions are outlined. The Act also establishes the term “refinanced” to mean when “an existing private education credit obligation is satisfied and replaced by a new private education credit obligation undertaken by the same consumer.” In subsequent sections, words like “lender” and “loan,” amongst other things, are replaced with the newly defined terms. The Act also amends certain provisions relating to Uniform Consumer Credit Code (UCCC) licensing renewal and fee due dates. Specifically, all supervised lender licensees must file for renewal and pay the appropriate renewal fees by July 1 annually, where previously the renewal due date was January 1 each year.
The Act takes effect the day after the expiration of the 90-day period following adjournment of the general assembly.