Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 8, the Washington attorney general announced a settlement with a Colorado-based collection agency for alleged unlawful debt collection practices in violation of Washington’s Consumer Protection Act and Collection Agency Act, including assessing fees and costs on consumers even when no funds were captured in the garnishment, operating without a license for over a year, and failing to provide legally required garnishment exemptions to state residents. Under the terms of the consent decree, the debt collection agency must pay back approximately $475,000 in restitution to as many as 5,000 state residents and forgive up to $250,000 in fees and costs to resolve the lawsuit. The debt collection agency must also pay $414,000 to the AG’s office for the cost of the investigation and to fund the ongoing work of the office’s Consumer Protection Division. In addition to paying the fines, the agency is also required to: (i) discontinue assessing fees on consumers from whom the company has not collected funds; (ii) provide legally required garnishment exemptions to consumers; and (iii) incorporate legally required evidence when submitting garnishment judgment applications to the court.
FTC alleges subscription service failed to provide access to paid-for services or secure personal data
On June 7, the FTC announced a complaint and proposed consent order against the operators of a movie subscription service to settle allegations that the respondents denied subscribers access to paid-for services and failed to secure subscribers’ personal information. The FTC alleges in its complaint that the respondents violated the FTC Act by employing multiple tactics to prevent subscribers from using the advertised services, including by (i) invalidating subscribers’ passwords while deceptively claiming to have “detected suspicious activity or potential fraud” on the subscribers’ accounts; (ii) imposing a deceptive ticket verification program, which required subscribers to submit photos of physical movie ticket stubs within a certain timeframe in order to view future movies or risk having their subscriptions cancelled; and (iii) using undisclosed financial thresholds known as “trip wires” to block certain subscribers after they reached certain viewing thresholds based on their monthly cost to the company. The FTC also alleged the respondents violated the Restore Online Shoppers’ Confidence Act, by failing to (i) disclose all material terms before obtaining consumers’ billing information; or (ii) obtain consumers’ express informed consent before charging them. Furthermore, the respondents allegedly failed to take reasonable measures to protect subscribers’ personal information, including storing personal data such as financial information and email addresses in unencrypted form and failing to restrict who could access the data, which lead to a data breach in 2019.
An analysis of the FTC’s proposed consent order notes that the respondents are prohibited from misrepresenting their services and must establish a comprehensive information security program that requires them—and any businesses controlled by the respondents —to implement and annually test and monitor safeguards and take steps to address security risks. The respondents must also obtain biennial third-party assessments of its information security program, notify the FTC of any future data breaches, and annually certify that it is complying with the order’s data security requirements. The FTC noted that because certain respondents have filed for bankruptcy, the order does not include monetary relief.
On June 2, the SEC announced whistleblower awards to two individuals totaling nearly $23 million for information and assistance provided in multiple successful enforcement actions. According to the redacted order, the SEC awarded the first whistleblower nearly $13 million for submitting a whistleblower tip that led to the initiation of the investigations. The second whistleblower received approximately $10 million for submitting a tip that contributed to the investigation, but according to the SEC, the whistleblower “unreasonably delayed by waiting several years to report the conduct.” The SEC noted that both whistleblowers provided substantial voluntary assistance in the investigation, including participating in interviews and identifying key individuals and systems involved in the investigations.
Earlier on May 27, the SEC announced that it awarded a whistleblower more than $4 million for voluntarily providing information that prompted the SEC to open an investigation leading to a successful enforcement action. According to the redacted order, the whistleblower provided substantial information to SEC investigative staff, identified key players, provided helpful information and documents, and cooperated with investigative staff. The SEC, however, determined a second claimant to be ineligible for an award, concluding, among other things, that the claimant “provided no information that was used in or otherwise contributed to the Covered Action” nor any “unique information or insight,” which would have led to the success of the enforcement action.
The SEC has awarded more than $928 million to 166 individuals since issuing its first award in 2012.
On June 1, the FTC announced that it submitted its 2020 Annual Financial Acts Enforcement Report to the CFPB. The report covers the FTC’s enforcement activities regarding the Truth in Lending Act (TILA), the Consumer Leasing Act (CLA), and the Electronic Fund Transfer Act (EFTA). Highlights of the enforcement matters covered in the report include:
- TILA and CLA. FTC enforcement actions concerning TILA/Regulation Z and CLA/Regulation M include: (i) efforts to combat deceptive automobile dealer practices; (ii) a payday lending action involving deceptive charges and tactics used to overcharge customers on loan repayments; and (iii) credit repair and debt relief schemes, including a student loan debt relief scheme involving illegal fees and false claims loan payments.
- EFTA. The FTC reported eight new or ongoing cases related to EFTA/Regulation E. These include: (i) negative option plans involving, among other things, companies applying recurring charges to consumers’ debit or credit card numbers for goods or services without obtaining proper written authorization; and (ii) use of robocalls for marketing deceptive products.
Additionally, the report addresses the FTC’s research and policy efforts related to truth in lending and leasing, and electronic fund transfer issues, including (i) collaboration with Department of Defense’s interagency group on preauthorized electronic fund transfer issues; (ii) a small business financing forum that provided “an overview of small business lending and the emergence of new online options available to businesses seeking finance”; and (iii) the FTC’s Military Task Force’s work on military consumer protection issues. The report also outlines the FTC’s consumer and business education efforts, which include several blog posts warning of new scams and practices.
On May 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in March. During the month, the FDIC issued 10 orders consisting of “two Orders to Pay Civil Money Penalties, one Section 19 Application, one Order Terminating Consent Order, and one Order of Prohibition from Further Participation.” Among the orders is a civil money penalty imposed against a Washington-based bank related to alleged violations of the Flood Disaster Protection Act (FDPA) for “failing to obtain adequate flood insurance on buildings and/or the buildings’ contents securing designated loans at the time the Bank made, increased, extended, or renewed the loans.” The order requires the payment of a $17,000 civil money penalty.
The FDIC also imposed a civil money penalty against a California-based bank related to alleged violations of the FDPA. Among other things, the FDIC claims that the bank (i) failed to notify the borrower to obtain flood insurance; and (ii) failed to purchase flood insurance on the borrower’s behalf. The order requires the payment of a $281,000 civil money penalty.
On May 27, the CFPB announced a settlement with a Florida-based lender and the CEO of the company (collectively, “defendants”) to resolve allegations that the defendants violated the Consumer Financial Protection Act by misrepresenting the risks associated with their deposit product and the annual percentage rate (APR) associated with their consumer loans. The settlement resolves a complaint against the defendants filed in the U.S. District Court for the Southern District of Florida in November 2020 (covered by InfoBytes here). The CFPB alleged that the company took deposits from consumers to fund loans, claiming their deposits would have a fixed and guaranteed 15 percent annual percentage yield and would be deposited at FDIC-insured institutions. However, according to the complaint, the representations were false in that the funds were not held in FDIC-insured accounts and the rate of return was not guaranteed. The CFPB also alleged that most deposited funds were used to fund short-term, high-interest personal loans that were deceptively marketed as having an APR of 440 percent when the actual APRs are alleged to have been more than 900 percent, well in excess of the rate permitted under Florida’s criminal-usury law, causing the loans to be uncollectable and creating risk that obligations could not be met to depositors who sought to withdraw their deposited funds. The complaint claimed that the defendants had loaned a total of more than $30 million to consumers since 2017.
Under the terms of the stipulated order, the defendants are (i) subject to a judgment for monetary relief and damages for the full amount defendants received from consumers who purchased their financial products and services, around $1 million, plus all interest due to consumers under the terms of the advertised products and services purchased; and (ii) required to pay a $100,000 civil money penalty. The order also permanently bans the defendants from engaging in deposit-taking activity and from making deceptive statements to consumers.
On May 21, the CFPB announced a settlement with a California-based auto-loan lender to resolve allegations that the company engaged in unfair practices with respect to its Loss Damage Waiver (LDW) product, in violation of the Consumer Financial Protection Act. The CFPB alleged that the company engaged in unfair practices by illegally charging interest for late payments on its LDW product without customers’ knowledge. According to the consent order, if consumers had insufficient insurance coverage for their vehicles, the company would add the LDW product to their accounts. For these consumers, the cost of the LDW product was added to the principal of the loan, resulting in an increase to the total loan balance and the amortized loan payment. The company allegedly disclosed the increase in the consumer’s monthly payment as an LDW fee but failed to disclose to consumers that interest accrues on late payments of that fee. The Bureau alleged that the company’s practice of charging consumers interest for late LDW fee payments without their consent caused “substantial injury that was not reasonably avoidable or outweighed by any countervailing benefit to consumers or to competition.”
Under the terms of the consent order, the company is required to provide $565,813 of relief to 5,782 impacted consumers, as well as pay a $50,000 civil money penalty. The order also permanently enjoins the company from charging interest on LDW fees without “clearly and conspicuously disclosing the material terms and conditions to consumers.”
On May 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included in the release is a formal agreement entered into with a Pennsylvania-based bank on April 20 in connection with alleged unsafe or unsound practices relating to oversight, internal controls, audit, and information technology controls. The agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) develop, implement, and adhere to a written risk-based, internal information, technology audit program. The agreement further provides that the technology audit program must be performed by an independent and qualified party and must include fundamental elements of a sound audit program.
On May 19, the SEC announced that it awarded a whistleblower more than $28 million for providing information that, according to the redacted order, prompted the SEC and another agency to open investigations that resulted in significant enforcement actions. The SEC notes that under its whistleblower program, individuals who provide information to other agencies “may be eligible for an award in the related action if they are also eligible for an award in the underlying SEC action.”
Earlier, on May 17, the SEC announced whistleblower awards to four individuals totaling nearly $31 million for information provided in two different enforcement actions. According to the first redacted order, the SEC jointly awarded nearly $27 million to two claimants who voluntarily provided new information and ongoing assistance throughout an investigation that led to successful enforcement actions. In the second redacted order, the SEC awarded two other whistleblowers a total of approximately $3.8 million. The first whistleblower received a roughly $3.75 million award for voluntarily providing “original information to the Commission that contributed to an existing investigation” that led to a successful enforcement action. The second whistleblower received approximately $750,000 for providing “information that the staff previously lacked and that was useful in negotiating a settlement of one of the proceedings.” Though both whistleblowers independently provided information that was relevant in the ongoing investigation, the whistleblower who received the larger award supplied information and assistance that was more significant to the enforcement action.
The SEC has awarded approximately $901 million to 163 individuals since issuing its first whistleblower award in 2012.
On May 19, acting FTC Chairwoman Rebecca Kelly Slaughter published a letter reaffirming the need to restore the Commission’s ability to return money to harmed consumers following the U.S. Supreme Court’s decision in FTC v. AMG Capital Management. As previously covered by InfoBytes, on April 22, the Court unanimously held that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement.” Last month, Slaughter testified before both House and Senate subcommittees on the need for Congressional action to clarify Section 13(b) and affirmatively confirm the FTC’s authority to seek permanent injunctions and other equitable relief for violations of any law under its enforcement authority (covered by InfoBytes here).
Slaughter’s letter, directed to Senators Maria Cantwell (D-WA) and Roger Wicker (R-MS)—the chair and ranking member of the Senate Committee on Commerce, Science, and Transportation, respectively—addressed several issues raised by the U.S. Chamber of Commerce concerning recently introduce legislation (see H.R. 2668), which is intended to restore the FTC’s ability under Section 13(b) to seek consumer compensation in antitrust and consumer protection cases. Among other things, Slaughter disagreed with the Chamber’s position that Congress always intended for Section 13(b) to be used only in so-called “fraud cases.” She pointed to a 1994 action, in which Congress “directly ratified the FTC’s reliance on Section 13(b) in all manner of cases by expanding its venue and service of process provisions without placing any limitations on the types of cases to which Section 13(b) applies,” and noted that to date, the FTC has obtained billions of dollars of monetary relief for consumers, many of which were in non-fraud consumer protection cases. According to Slaughter, limiting the FTC’s ability to seek monetary relief to only “cases involving ‘egregious’ frauds” would allow companies and individuals “adjudicated to have engaged in unfair, deceptive, or anticompetitive practices” to keep money earned from unlawful conduct at the expense of harmed consumers.
Slaughter also emphasized that limiting Section 13(b) to only ongoing or imminent conduct does not make sense. Waiting for violations to recur in order to obtain a federal court injunction, Slaughter argued, “creates weak incentives for compliance, and is an inefficient enforcement mechanism that will result only in more consumer harm.” In addressing the Chamber’s concern that statutory fix proposals lack a statute of limitations for monetary relief under Section 13(b), Slaughter emphasized that H.R. 2668 would provide a 10-year limit on monetary relief.