Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC finalizes action against e-commerce platform for data breach cover up

    Federal Issues

    On June 24, the FTC announced a final decision and order against two limited liability companies (respondents) accused of allegedly failing to secure consumers’ sensitive personal data and covering up a major breach. As previously covered by InfoBytes, the respondents—former and current owners of an online customized merchandise platform—allegedly violated the FTC Act by, among other things, misrepresenting that they implemented reasonable measures to protect customers’ personal information against unauthorized access and misrepresenting that appropriate steps were taken to secure consumer account information following security breaches. The complaint further alleged that respondents failed to apply readily available protections against well-known threats or adequately respond to security incidents, which resulted in the respondents’ network being breached multiple times. Under the terms of the final settlement, one of the respondents is required to pay $500,000 to victims of the data breaches. The other respondent is required to provide notice to consumers impacted by a 2019 data breach. Among other things, the order prohibits respondents from misrepresenting their privacy and security measures and requires that respondents implement comprehensive information security programs that are assessed by an independent third party.

    Federal Issues Privacy/Cyber Risk & Data Security FTC Enforcement Data Breach FTC Act Deceptive UDAP

    Share page with AddThis
  • Fed announces enforcement actions against Minnesota and Arkansas state banks

    On June 21, the Federal Reserve Board released civil penalty orders against two state banks, both relating to alleged violations of the National Flood Insurance Act (NFIA) and its implementing regulation, Regulation H. The first civil penalty order, against a Minnesota-based bank, assessed a $4,950 penalty for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The second civil penalty order, against an Arkansas-based bank, assessed a $13,950 penalty for an alleged pattern or practice of violations of Regulation H without specifying the number or precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.

    Bank Regulatory Federal Reserve Flood Insurance Enforcement National Flood Insurance Act Regulation H

    Share page with AddThis
  • States reach $1.25 million data breach settlement with cruise line

    State Issues

    On June 22, a coalition of state attorneys general from 45 states and the District of Columbia announced a $1.25 million settlement with a Florida-based cruise line, resolving allegations that it compromised the personal information of employees and consumers as a result of a data breach. According to the announcement, in March 2020 the company publicly reported that the breach involved an unauthorized actor gaining access to certain employee email accounts. The breach notifications sent to the AGs' offices stated the company first became aware of suspicious email activity in late May of 2019, approximately 10 months before it reported the breach. An ensuing multistate effort focused on the company’s email security practices and compliance with state breach notification statutes. The announcement explained that “’unstructured’ data breaches, like the [company’s] breach, involve personal information stored via email and other disorganized platforms” and that “[b]usinesses lack visibility into this data, making breach notification more challenging and causing further risks for consumers with the delays.”

    Under the terms of the settlement, the company has agreed to provisions designed to strengthening its email security and breach response practices, including, among other things: (i) implementing and maintaining a breach response and notification plan; (ii) requiring email security training for employees; (ii) instituting multi-factor authentication for remote email access; (iii) requiring the use of strong, complex passwords, password rotation, and secure password storage for password policies and procedures; (iv) maintaining enhanced behavior analytics tools to log and monitor potential security events on the company’s network; and (v) undergoing an independent information security assessment, consistent with past data breach settlements.

    State Issues Enforcement State Attorney General Data Breach Settlement Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Special Alert: DOJ settles claims of algorithmic bias

    Federal Issues

    On June 21,  the United States Department of Justice announced that it had secured a “groundbreaking” settlement resolving claims brought against a large social media platform for allegedly engaging in discriminatory advertising in violation of the Fair Housing Act. The settlement is one of the first significant federal actions involving claims of algorithmic bias and may indicate the complexity of applying “disparate impact” analysis under the anti-discrimination laws to complex algorithms in this area of increasingly intense regulatory focus.

    Federal Issues DOJ Special Alerts Fair Housing Act Algorithms Advertisement Enforcement Settlement Disparate Impact Discrimination

    Share page with AddThis
  • SEC settles allegations regarding robo-adviser service

    Securities

    On June 13, the SEC announced a settlement with three subsidiaries of a financial services holding company (collectively, “respondents”) regarding their robo-adviser service. The order, which the respondents consented to without admitting or denying the findings, imposes a civil money penalty of $135 million and a total of $52 million in disgorgement. The order also provides that the respondents must cease and desist from committing or causing any future violations of the antifraud provisions in the Investment Advisers Act.

    Securities Enforcement Cease and Desist Investment Advisers Act Robo-Advisor Service

    Share page with AddThis
  • District Court issues judgment against student debt relief operation

    Courts

    On June 10, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief operation. As previously covered by InfoBytes, in 2019, the Bureau, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015, the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by, among other things, misrepresenting: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments.

    Under the terms of the final judgment, in addition to various forms of injunctive relief, the individual defendant must pay a $1 civil money penalty to the Bureau and $5,000 each to Minnesota, North Carolina, and California. The individual defendant is also “liable, jointly and severally, in the amount of $95,057,757, for the purpose of providing redress to Affected Consumers,” although his obligation to pay this amount is “suspended based on [his] inability to pay.”

    Courts CFPB Enforcement Consumer Finance Settlement Debt Relief TSR CFPA FDCPA State Issues State Attorney General

    Share page with AddThis
  • CFPB settles with student-loan debt relief company

    Federal Issues

    On June 9, the CFPB filed a stipulated final judgment and order in the U.S. District Court for the Southern District of California resolving allegations that the operator of a student-loan debt relief company engaged in unfair debiting of consumer accounts, in violation of the CFPA. According to the complaint, in 2016, the defendant founded a student debt relief company, which “did not solicit new consumers, but instead obtained student-loan account and billing information for hundreds of former [student debt relief operation] consumers without the knowledge or consent of those consumers.” As previously covered by InfoBytes, in 2016, the CFPB filed a consent order against a San Diego-based student debt relief operation for alleged violations of the CFPA, the TSR, and Regulation P by deceiving borrowers into paying fees for federal loan benefits and misrepresenting to consumers that it was affiliated with the Department of Education. The CFPB alleged that the defendant led a debt collection scheme by withdrawing $39 per month, and collecting hundreds of thousands of dollars in total fees from student borrowers’ bank accounts, without authorization, after previously obtaining their names and account information from the former student loan debt relief business. According to the CFPB, “under this scheme, [the defendant’s] company had unlawfully debited more than $240,000 from hundreds of student borrowers’ accounts.” Under the terms of the settlement, the defendant is permanently banned from engaging in debt relief services and must pay a $175,000 penalty to the CFPB.

    Federal Issues Enforcement CFPB Student Lending Debt Relief Consumer Education CFPA UDAAP TSR Regulation P Consumer Finance

    Share page with AddThis
  • FTC bans MCA providers, returns $2.7 million to consumers

    Federal Issues

    On June 6, the FTC obtained a stipulated court order permanently banning a company and owner from participating in the merchant cash advance and debt collection industries. As previously covered by InfoBytes, last June the FTC filed an amended complaint against two New York-based small-business financing companies and a related entity and individuals (including the settling defendants), claiming the defendants engaged in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, deceiving consumers about personal guarantees, forcing consumers and businesses to sign confessions of judgment, providing less funding than promised due to undisclosed fees, and making unauthorized withdrawals from consumers’ accounts. Under the terms of the stipulated order, the settling defendants are required to pay a more than $2.7 million monetary judgment to go towards refunds for harmed consumers and must vacate any judgments against former customers and release any liens against their customers’ property. The announcement notes that the settling defendants are also “prohibited from misleading consumers about any key facts about any good or service, including any fees, the total cost of the product, and other facts that reflect their deceptions in this case.”

    Earlier in January, a stipulated order was entered against two other defendants (covered by InfoBytes here), which permanently banned them from participating in the merchant cash advance and debt collection industries and required the payment of a $675,000 monetary judgment.

    Federal Issues Enforcement FTC Merchant Cash Advance Debt Collection Consumer Finance Small Business Lending FTC Act UDAP Deceptive Unfair

    Share page with AddThis
  • FTC shares 2021 enforcement report with CFPB

    Federal Issues

    On June 3, the FTC announced that it submitted its 2021 Annual Financial Acts Enforcement Report to the CFPB. The report covers FTC enforcement activities regarding the Truth in Lending Act (TILA), the Consumer Leasing Act (CLA), and the Electronic Fund Transfer Act (EFTA). Highlights of the enforcement matters covered in the report include, among other things:

    • Automobile Credit and Leasing. The report discussed the FTC’s July 2021 settlement with the owners of car dealerships in Arizona and New Mexico (collectively, “defendants”) resolving claims that the defendants misrepresented consumer information on finance applications and misrepresented financial terms in advertisements in violation of TILA and CLA (covered by InfoBytes here).
    • Payday Lending. The report highlighted the FTC’s settlement against a payday lending enterprise for allegedly overcharging consumers millions of dollars, deceiving them about the terms of their loans, and failing to make required loan disclosures. According to the report, the owners and operators of the settling entities are banned from making loans or extending credit, nearly all debt held by the company will be deemed paid in full, and the companies involved are being liquidated, with the proceeds to be used to provide redress to consumers harmed by the company.
    • Credit Repair and Debt Relief. The report discussed the FTC’s settlement with the operators of a student loan debt relief scheme, who were charged with falsely promising consumers the company could lower or eliminate student loan balances, illegally imposing upfront fees for credit repair services, and signing consumers up for high-interest loans to pay the fees without making required loan disclosures in violation of TILA. The order bans the defendants from providing debt relief services and collecting any further payments from consumers who purchased the services, and requires the defendants to return money to be used to refund consumers.

    Additionally, the report addressed the FTC’s research and policy efforts and highlighted the FTC’s Military Task Force’s work on military consumer protection issues.

    Federal Issues FTC CFPB Enforcement TILA CLA EFTA Consumer Finance UDAP

    Share page with AddThis
  • HUD announces $65,000 payment for FHA violations

    Federal Issues

    On June 2, HUD announced a conciliation agreement with a mortgage lender to resolve allegations that it engaged in discriminatory lending practices based on race and national origin, in violation of the Fair Housing Act (FHA). The agreement arises from a complaint filed with HUD by the National Community Reinvestment Coalition (NCRC), which alleged that testing in the Seattle-Tacoma area revealed that Black and Hispanic testers were treated differently than White testers who sought housing loans. While the respondent denied that it provided less favorable treatment to testers based on race or national origin, it has agreed to pay $65,000 to NCRC and will “contribute an additional $10,000 to a Seattle-area non-profit organization specializing in providing financial literacy and housing education and counseling for persons in majority-minority census tracts in the Seattle-Tacoma-Bellevue metropolitan area.” The respondent will also conduct an event in the Seattle metro area to improve homeownership rates of Black homebuyers and will provide additional fair lending training to employees. The conciliation agreement does not constitute an admission by respondent or evidence of a finding by HUD of a violation of the FHA.

    Federal Issues HUD Enforcement Consumer Finance Fair Lending Mortgages Fair Housing Act Discrimination

    Share page with AddThis

Pages

Upcoming Events