InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB obtains new judgments against debt-relief defendants
On May 11, the U.S. District Court for the Central District of California obtained two additional judgments in an action by the CFPB against a mortgage lender and several related individuals and companies (collectively, “defendants”) for alleged violations of the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), and Fair Credit Reporting Act (FCRA). These are the latest judgments reached with defendants in the ongoing litigation. (See InfoBytes coverage on previously announced settlements here, here, here, and here.)
As previously covered by InfoBytes, the Bureau filed a complaint in January 2020 claiming the defendants violated the FCRA by, among other things, illegally obtaining consumer reports from a credit reporting agency for millions of consumers with student loans by representing that the reports would be used to “make firm offers of credit for mortgage loans” and to market mortgage products, but instead, the defendants allegedly resold or provided the reports to companies engaged in marketing student loan debt-relief services. The defendants also allegedly violated the TSR by charging and collecting advance fees for their debt-relief services. The CFPB further claimed that the defendants violated the TSR and CFPA when they used telemarketing sales calls and direct mail to encourage consumers to consolidate their loans, and falsely represented that consolidation could lower student-loan interest rates, improve borrowers’ credit scores, and change their servicer to the Department of Education.
The May 11 stipulated final judgment entered against a group of corporate defendants, as well as an associated individual, requires the defendants to pay more than $18 million in consumer redress. Payment will be suspended, however, upon satisfaction of certain outlined obligations. The defendants, who neither admitted nor denied the allegations, are also obligated to pay a $125,000 civil money penalty to the Bureau, and are permanently enjoined from offering or providing debt-relief services or from using or obtaining consumer reports for any purpose. Additionally, the individual defendant is banned from using or obtaining benefit from consumer information contained in prescreened consumer reports.
On the same day, a second stipulated final judgment was entered against one of the individual defendants. The judgment requires the individual defendant to pay more than $3.4 million in redress to affected consumers, which will be partially suspended upon satisfaction of certain outlined obligations, along with a $1 civil money penalty. The individual defendant, who also neither admitted nor denied the allegations, is permanently enjoined from offering or providing debt relief services, from participating or engaging in the telemarketing of any consumer financial product or service, or from using or obtaining prescreened consumer reports for any purpose.
CFPB charges debt-settlement company with TSR and CFPA violations
On May 17, the CFPB announced a settlement with a Massachusetts-based debt-settlement company for allegedly violating the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act (CFPA). As previously covered by InfoBytes, the Bureau alleged the company violated the TSR and/or the CFPA by, among other things, (i) requesting and receiving payment of fees for services before renegotiating, settling, reducing, or otherwise altering the terms of at least one debt pursuant to an agreement or before a consumer had made a payment under their agreement; (ii) misrepresenting to consumers that it would not charge fees for its services until it settled a debt and consumers made payments under the settlement to the creditor; (iii) charging fees based on the amount of debt after enrollment instead of the amount of debt at the time of enrollment; and (iv) failing to disclose the amount of time it would take the company to make a settlement offer or the amount of debt the consumer would need to accumulate to make a settlement offer to each creditor. The CFPB’s original complaint had sought an injunction against the company as well as damages, redress, disgorgement of ill-gotten gains, and the imposition of civil money penalties.
The judgment, ordered by the court on May 19, requires the company to: (i) pay a $7.7 million judgment, which would be partially suspended upon the company paying harmed consumers $5.4 million; (ii) stop its deceptive practices and; (iii) pay a $1 civil money penalty.
Washington increases fines for Consumer Protection Improvement Act violations
On May 10, the Washington governor signed into law SB 5025, a bill that increases fines for unfair methods of competition and unfair or deceptive acts or practices under the state’s Consumer Protection Improvement Act (Act). Among other things, the bill (i) increases the maximum civil penalty for persons who violate the terms of any injunction issued under the Act from $25,000 to $125,000; (ii) increases the maximum civil penalty for violations of RCW 19.86.030 or 19.86.040 to $180,000 for individuals (previously $100,000) and $900,000 for persons other than individuals (previously $500,000); (iii) increases the maximum civil penalty for violations of RCW 19.86.020 to $7,500 from $2,000; and (iv) provides that unlawful acts or practices targeting or impacting individuals or communities based on characteristics including “age, race, national origin, citizenship or immigration status, sex, sexual orientation, presence of any sensory, mental, or physical disability, religion, veteran status, or status as a member of the armed forces” carry an enhanced penalty of $5,000. Additionally, by December 1, 2022, the Washington attorney general is required to “evaluate the efficacy of the maximum civil penalty amounts established in this section in deterring violations of the consumer protection act and the difference, if any, between the current penalty amounts and the penalty amounts adjusted for inflation, and provide the legislature with a report of its findings and any recommendations.” The Act goes into effect July 25.
Broker-dealer settles with SEC for failing to file SARs
On May 12, the SEC announced a settlement with a broker-dealer for allegedly violating the Securities and Exchange Act by failing to consistently implement its anti-money laundering (AML) program and file Suspicious Activity Reports (SARs) despite knowing individuals were attempting to gain unauthorized access to retirement accounts. According to the SEC’s order, from September 2015 through October 2018, the broker-dealer allegedly knew that individuals were attempting to gain access, or had gained access, to plan participants’ retirement accounts through the use of improperly obtained personal identifying information. The SEC alleged that, despite this knowledge, the broker-dealer failed to file approximately 130 SARs in cases where it had detected the suspicious activity and, in the roughly 297 SARs that it did file, failed to include certain required information linked to the bad actors, such as URL addresses, IP addresses, and other electronic identifying information. The order requires the broker-dealer, who has neither admitted nor denied the SEC’s allegations, to cease and desist from future violations and pay a $1.5 million penalty. The SEC acknowledged the broker-dealer’s significant cooperation in the investigation and subsequent remedial efforts.
SEC issues more than $25.6 million in whistleblower awards
On May 12, the SEC announced a whistleblower award totaling around $3.6 million in connection with a successful enforcement action. According to the redacted order, the whistleblower provided new information that lead to the initial charges as well as “ongoing assistance as the Commission’s investigation progressed.”
Earlier on May 10, the SEC also announced whistleblower awards totaling approximately $22 million in connection with a successful enforcement action. According to the redacted order, the SEC awarded a whistleblower approximately $18 million for providing (i) information that led to the opening of the investigation brought against a financial services firm, and (ii) ongoing assistance during the investigation. The second whistleblower received a $4 million award for submitting information after the investigation began. The SEC noted that both whistleblowers provided information and cooperation that “allowed the Commission to better understand complex transactions related to the matters under investigation.”
The SEC has awarded approximately $842 million to 157 individuals since issuing its first award in 2012.
NYDFS, insurance company reach $1.8 million cyber breach settlement
On May 13, NYDFS announced a settlement with an insurance company to resolve allegations that the broker violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to implement multi-factor authentication or reasonably equivalent or more secure access controls. Under Part 500.12(b), covered entities are required to implement such protocols (see FAQs here). NYDFS’s investigation also revealed that the insurance company falsely certified its compliance with the cybersecurity regulation for 2018. Under the terms of the consent order, the company will pay a $1.8 million civil monetary penalty and will undertake improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged the broker’s “commendable” cooperation throughout the examination and investigation and stated that the broker had demonstrated its commitment to remediation.
FDIC fines Oregon-based bank for unfair and deceptive collection practices
On May 10, the FDIC announced that an Oregon-based bank has agreed to settle allegations of unfair and deceptive practices in violation of Section 5 of the FTC Act related to a wholly owned subsidiary’s debt collection practices for commercial equipment financing. According to the FDIC, the subsidiary unfairly and deceptively charged various undisclosed collection fees—such as collection call and letter fees and third-party collection fees—to borrowers with past due accounts. The FDIC additionally claimed that some of the subsidiary’s collection practices were also unfair and deceptive, including (i) placing excessive and sequential collection calls to borrowers even after requests were made to stop the calls; (ii) disclosing borrowers’ debt information to third parties; and (iii) telling borrowers that their commercial debt would be reported as delinquent to the consumer reporting agencies (CRAs), even though its policy and practice was to not report such delinquencies to the CRAs. Under the terms of the settlement order, the bank, which does not admit nor deny the violations, will voluntarily pay an approximately $1.8 million civil money penalty.
CFPB denies lending agency’s petition to set aside CID
On April 26, the CFPB denied a petition by a title lending company to set aside a civil investigative demand (CID) issued by the Bureau in February. The CID requested information from the company to determine, among other things, whether “consumer-lending companies or title-loan companies, in connection with the extension of credit, servicing of loans, processing of payments, or collection of debt, have made false or misleading representations” to consumers. On February 25, the company had petitioned the Bureau to set aside the CID, arguing, in part, that (i) the Bureau failed to provide the company “‘with fair notice as to the nature of the Bureau’s investigation,” as required under section 1052(c)(2) of the Consumer Financial Protection Act (CFPA); (ii) the CID did not enable the company to adequately assess “the relevance or the burdensomeness of the individual requests”; and (iii) part of the Bureau’s investigation related to the company’s sale of non-filing insurance (NFI), which is a particular concern “because NFI is a topic that appears to be completely outside of the Bureau’s authority,” as the CFPA does not authorize the Bureau to regulate the business of insurance.
The Bureau rejected the company’s request to set aside or modify the CID, finding that: (i) the Bureau notified the company that it is investigating conduct in connection with the extension of credit, servicing of loans, processing of payments, or collection of debt’ as potential violations of §§ 1031 and 1036 of the CFPA, the Truth in Lending Act, the Military Lending Act, as well as a prior consent order to which the company is still subject; (ii) the company’s defenses are premature at the investigative stage, even if they “could be raised in defense against the potential legal claims contemplated by the CID”; (iii) although the company complained about the purported “vagueness of the description of the subjects of the investigation” and “whether all of the potential violations applied to the [c]ompany or only a portion,” the Bureau is not required to identify the subject of law enforcement investigations in its CIDs; and (iv) the notification at issue is “far more specific” than the notification of purpose in a different matter referenced by the company, and “identifies the precise conduct under investigation while expressly noting the conduct was committed ‘in connection with the extension of credit, servicing of loans, processing of payments, or collection of debt.’”
CFPB enters $34.1 million in judgments against debt-relief companies
On May 7, the U.S. District Court for the Central District of California entered two default judgments totaling more than $34.1 million in an action by the CFPB against a mortgage lender and several related individuals and companies (collectively, “defendants”) for alleged violations of the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), and Fair Credit Reporting Act (FCRA). Settlements have already been reached with the chief operating officer/part-owner of one of the defendant companies, as well as certain other defendants (covered by InfoBytes here, here, and here).
As previously covered by InfoBytes, the Bureau filed a complaint in 2020 claiming the defendants violated the FCRA by, among other things, illegally obtaining consumer reports from a credit reporting agency for millions of consumers with student loans by representing that the reports would be used to “make firm offers of credit for mortgage loans” and to market mortgage products, but instead, the defendants allegedly resold or provided the reports to companies engaged in marketing student loan debt-relief services. The defendants also allegedly violated the TSR by charging and collecting advance fees for their debt-relief services. The CFPB further claimed that the defendants violated the TSR and CFPA when they used telemarketing sales calls and direct mail to encourage consumers to consolidate their loans, and falsely represented that consolidation could lower student-loan interest rates, improve borrowers’ credit scores, and change their servicer to the Department of Education.
The May 7 default judgment entered against the student loan debt-relief companies requires the collective payment of more than $19.6 million in consumer redress and more than $11.3 million in civil money penalties to the Bureau. The companies are also permanently enjoined from offering or providing debt-relief services or from using or obtaining consumer reports for any purpose. Moreover, the companies and any associated individuals may not disclose, use, or benefit from consumer information contained in or derived from prescreened consumer reports for use in marketing debt-relief services.
A second default judgment was entered the same day against one of the individual defendants. The judgment requires the individual defendant to pay a more than $3.2 million civil money penalty and permanently enjoins him from providing debt relief services or from using or obtaining prescreened consumer reports for any purpose.
FTC settles with photo app developer over its facial recognition technology
On May 7, the FTC announced a final settlement with the developer of a California-based photo app (defendant) for allegedly deceiving consumers concerning its use of facial recognition technology and its retention of the photos and videos of users who previously deactivated their accounts. The FTC filed a complaint in January claiming, among other things, that the defendant violated the FTC Act by misleading users about their ability to control the face recognition feature and remove photos after account deletion. According to the FTC’s complaint, the defendant automatically activated its face recognition feature for all mobile app users except those consumers who lived in Texas, Illinois, Washington and the European Union. The FTC alleged that the defendant also failed to keep its promise to delete the photos and videos of users who deactivated their accounts and instead retained them indefinitely. Under the terms of the stipulated final order, the defendant must “clearly and conspicuously disclose to the User from whom Respondent has collected the Biometric Information, separate and apart from any ’privacy policy,’ ’terms of use‘ page, or other similar document, all purposes for which Respondent will use, and to the extent applicable, share, the Biometric Information; and obtain the affirmative express consent of the User from whom Respondent collected the Biometric Information.” The settlement also calls for the deletion of all photos and videos that were collected from users who requested deactivation of their accounts.