InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC adds charges against small-business financer
On June 14, the FTC announced additional charges against two New York-based small-business financing companies and a related entity and individuals (collectively, “defendants”). Last June, the FTC filed a complaint against the defendants for allegedly violating the FTC Act and engaging in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, and making unauthorized withdrawals from consumers’ accounts (covered by InfoBytes here). The amended complaint alleges that the defendants also violated the Gramm-Leach-Bliley Act’s prohibition on using false statements to obtain consumers’ financial information, including bank account numbers, log-in credentials, and the identity of authorized signers, in order “to withdraw more than the specified amount from consumers’ bank accounts.” Additionally, the FTC’s press release states that the defendants “engaged in wanton and egregious behavior, including laughing at consumer requests for refunds from [the defendants’] unauthorized withdrawals from customer bank accounts; abusing the legal system to seize the business and personal assets of their customers; and threatening to break their customers’ jaws or falsely accusing them of child molestation during collection calls.” The amended complaint seeks a permanent injunction against the defendants, along with civil money penalties and monetary relief including “rescission or reformation of contracts, the refund of monies paid, and other equitable relief.”
Washington AG announces settlement with debt collection agency
On June 8, the Washington attorney general announced a settlement with a Colorado-based collection agency for alleged unlawful debt collection practices in violation of Washington’s Consumer Protection Act and Collection Agency Act, including assessing fees and costs on consumers even when no funds were captured in the garnishment, operating without a license for over a year, and failing to provide legally required garnishment exemptions to state residents. Under the terms of the consent decree, the debt collection agency must pay back approximately $475,000 in restitution to as many as 5,000 state residents and forgive up to $250,000 in fees and costs to resolve the lawsuit. The debt collection agency must also pay $414,000 to the AG’s office for the cost of the investigation and to fund the ongoing work of the office’s Consumer Protection Division. In addition to paying the fines, the agency is also required to: (i) discontinue assessing fees on consumers from whom the company has not collected funds; (ii) provide legally required garnishment exemptions to consumers; and (iii) incorporate legally required evidence when submitting garnishment judgment applications to the court.
FTC alleges subscription service failed to provide access to paid-for services or secure personal data
On June 7, the FTC announced a complaint and proposed consent order against the operators of a movie subscription service to settle allegations that the respondents denied subscribers access to paid-for services and failed to secure subscribers’ personal information. The FTC alleges in its complaint that the respondents violated the FTC Act by employing multiple tactics to prevent subscribers from using the advertised services, including by (i) invalidating subscribers’ passwords while deceptively claiming to have “detected suspicious activity or potential fraud” on the subscribers’ accounts; (ii) imposing a deceptive ticket verification program, which required subscribers to submit photos of physical movie ticket stubs within a certain timeframe in order to view future movies or risk having their subscriptions cancelled; and (iii) using undisclosed financial thresholds known as “trip wires” to block certain subscribers after they reached certain viewing thresholds based on their monthly cost to the company. The FTC also alleged the respondents violated the Restore Online Shoppers’ Confidence Act, by failing to (i) disclose all material terms before obtaining consumers’ billing information; or (ii) obtain consumers’ express informed consent before charging them. Furthermore, the respondents allegedly failed to take reasonable measures to protect subscribers’ personal information, including storing personal data such as financial information and email addresses in unencrypted form and failing to restrict who could access the data, which lead to a data breach in 2019.
An analysis of the FTC’s proposed consent order notes that the respondents are prohibited from misrepresenting their services and must establish a comprehensive information security program that requires them—and any businesses controlled by the respondents —to implement and annually test and monitor safeguards and take steps to address security risks. The respondents must also obtain biennial third-party assessments of its information security program, notify the FTC of any future data breaches, and annually certify that it is complying with the order’s data security requirements. The FTC noted that because certain respondents have filed for bankruptcy, the order does not include monetary relief.
SEC awards $27 million in whistleblower awards
On June 2, the SEC announced whistleblower awards to two individuals totaling nearly $23 million for information and assistance provided in multiple successful enforcement actions. According to the redacted order, the SEC awarded the first whistleblower nearly $13 million for submitting a whistleblower tip that led to the initiation of the investigations. The second whistleblower received approximately $10 million for submitting a tip that contributed to the investigation, but according to the SEC, the whistleblower “unreasonably delayed by waiting several years to report the conduct.” The SEC noted that both whistleblowers provided substantial voluntary assistance in the investigation, including participating in interviews and identifying key individuals and systems involved in the investigations.
Earlier on May 27, the SEC announced that it awarded a whistleblower more than $4 million for voluntarily providing information that prompted the SEC to open an investigation leading to a successful enforcement action. According to the redacted order, the whistleblower provided substantial information to SEC investigative staff, identified key players, provided helpful information and documents, and cooperated with investigative staff. The SEC, however, determined a second claimant to be ineligible for an award, concluding, among other things, that the claimant “provided no information that was used in or otherwise contributed to the Covered Action” nor any “unique information or insight,” which would have led to the success of the enforcement action.
The SEC has awarded more than $928 million to 166 individuals since issuing its first award in 2012.
FTC shares 2020 enforcement report with CFPB
On June 1, the FTC announced that it submitted its 2020 Annual Financial Acts Enforcement Report to the CFPB. The report covers the FTC’s enforcement activities regarding the Truth in Lending Act (TILA), the Consumer Leasing Act (CLA), and the Electronic Fund Transfer Act (EFTA). Highlights of the enforcement matters covered in the report include:
- TILA and CLA. FTC enforcement actions concerning TILA/Regulation Z and CLA/Regulation M include: (i) efforts to combat deceptive automobile dealer practices; (ii) a payday lending action involving deceptive charges and tactics used to overcharge customers on loan repayments; and (iii) credit repair and debt relief schemes, including a student loan debt relief scheme involving illegal fees and false claims loan payments.
- EFTA. The FTC reported eight new or ongoing cases related to EFTA/Regulation E. These include: (i) negative option plans involving, among other things, companies applying recurring charges to consumers’ debit or credit card numbers for goods or services without obtaining proper written authorization; and (ii) use of robocalls for marketing deceptive products.
Additionally, the report addresses the FTC’s research and policy efforts related to truth in lending and leasing, and electronic fund transfer issues, including (i) collaboration with Department of Defense’s interagency group on preauthorized electronic fund transfer issues; (ii) a small business financing forum that provided “an overview of small business lending and the emergence of new online options available to businesses seeking finance”; and (iii) the FTC’s Military Task Force’s work on military consumer protection issues. The report also outlines the FTC’s consumer and business education efforts, which include several blog posts warning of new scams and practices.
FDIC releases April enforcement actions
On May 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in April. During the month, the FDIC issued 10 orders consisting of “two Orders to Pay Civil Money Penalties, one Section 19 Application, one Order Terminating Consent Order, and one Order of Prohibition from Further Participation.” Among the orders is a civil money penalty imposed against a Washington-based bank related to alleged violations of the Flood Disaster Protection Act (FDPA) for “failing to obtain adequate flood insurance on buildings and/or the buildings’ contents securing designated loans at the time the Bank made, increased, extended, or renewed the loans.” The order requires the payment of a $17,000 civil money penalty.
The FDIC also imposed a civil money penalty against a California-based bank related to alleged violations of the FDPA. Among other things, the FDIC claims that the bank (i) failed to notify the borrower to obtain flood insurance; and (ii) failed to purchase flood insurance on the borrower’s behalf. The order requires the payment of a $281,000 civil money penalty.
CFPB settles with company over misrepresenting deposit risks, loan APRs
On May 27, the CFPB announced a settlement with a Florida-based lender and the CEO of the company (collectively, “defendants”) to resolve allegations that the defendants violated the Consumer Financial Protection Act by misrepresenting the risks associated with their deposit product and the annual percentage rate (APR) associated with their consumer loans. The settlement resolves a complaint against the defendants filed in the U.S. District Court for the Southern District of Florida in November 2020 (covered by InfoBytes here). The CFPB alleged that the company took deposits from consumers to fund loans, claiming their deposits would have a fixed and guaranteed 15 percent annual percentage yield and would be deposited at FDIC-insured institutions. However, according to the complaint, the representations were false in that the funds were not held in FDIC-insured accounts and the rate of return was not guaranteed. The CFPB also alleged that most deposited funds were used to fund short-term, high-interest personal loans that were deceptively marketed as having an APR of 440 percent when the actual APRs are alleged to have been more than 900 percent, well in excess of the rate permitted under Florida’s criminal-usury law, causing the loans to be uncollectable and creating risk that obligations could not be met to depositors who sought to withdraw their deposited funds. The complaint claimed that the defendants had loaned a total of more than $30 million to consumers since 2017.
Under the terms of the stipulated order, the defendants are (i) subject to a judgment for monetary relief and damages for the full amount defendants received from consumers who purchased their financial products and services, around $1 million, plus all interest due to consumers under the terms of the advertised products and services purchased; and (ii) required to pay a $100,000 civil money penalty. The order also permanently bans the defendants from engaging in deposit-taking activity and from making deceptive statements to consumers.
CFPB settles with auto lender over unfair LDW practices
On May 21, the CFPB announced a settlement with a California-based auto-loan lender to resolve allegations that the company engaged in unfair practices with respect to its Loss Damage Waiver (LDW) product, in violation of the Consumer Financial Protection Act. The CFPB alleged that the company engaged in unfair practices by illegally charging interest for late payments on its LDW product without customers’ knowledge. According to the consent order, if consumers had insufficient insurance coverage for their vehicles, the company would add the LDW product to their accounts. For these consumers, the cost of the LDW product was added to the principal of the loan, resulting in an increase to the total loan balance and the amortized loan payment. The company allegedly disclosed the increase in the consumer’s monthly payment as an LDW fee but failed to disclose to consumers that interest accrues on late payments of that fee. The Bureau alleged that the company’s practice of charging consumers interest for late LDW fee payments without their consent caused “substantial injury that was not reasonably avoidable or outweighed by any countervailing benefit to consumers or to competition.”
Under the terms of the consent order, the company is required to provide $565,813 of relief to 5,782 impacted consumers, as well as pay a $50,000 civil money penalty. The order also permanently enjoins the company from charging interest on LDW fees without “clearly and conspicuously disclosing the material terms and conditions to consumers.”
OCC releases enforcement actions and terminations
On May 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included in the release is a formal agreement entered into with a Pennsylvania-based bank on April 20 in connection with alleged unsafe or unsound practices relating to oversight, internal controls, audit, and information technology controls. The agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) develop, implement, and adhere to a written risk-based, internal information, technology audit program. The agreement further provides that the technology audit program must be performed by an independent and qualified party and must include fundamental elements of a sound audit program.
SEC issues $59 million in whistleblower awards
On May 19, the SEC announced that it awarded a whistleblower more than $28 million for providing information that, according to the redacted order, prompted the SEC and another agency to open investigations that resulted in significant enforcement actions. The SEC notes that under its whistleblower program, individuals who provide information to other agencies “may be eligible for an award in the related action if they are also eligible for an award in the underlying SEC action.”
Earlier, on May 17, the SEC announced whistleblower awards to four individuals totaling nearly $31 million for information provided in two different enforcement actions. According to the first redacted order, the SEC jointly awarded nearly $27 million to two claimants who voluntarily provided new information and ongoing assistance throughout an investigation that led to successful enforcement actions. In the second redacted order, the SEC awarded two other whistleblowers a total of approximately $3.8 million. The first whistleblower received a roughly $3.75 million award for voluntarily providing “original information to the Commission that contributed to an existing investigation” that led to a successful enforcement action. The second whistleblower received approximately $750,000 for providing “information that the staff previously lacked and that was useful in negotiating a settlement of one of the proceedings.” Though both whistleblowers independently provided information that was relevant in the ongoing investigation, the whistleblower who received the larger award supplied information and assistance that was more significant to the enforcement action.
The SEC has awarded approximately $901 million to 163 individuals since issuing its first whistleblower award in 2012.