Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC’s CRA evaluation rates fintech bank “needs to improve” for alleged FTC Act violations

    On September 5, the FDIC released the list of nonmember banks examined for compliance with the Community Reinvestment Act (CRA), which is intended to “encourage insured banks and thrifts to meet local credit needs.” Included in the list was a fintech bank that the FDIC rated as “Needs to Improve” for reasons involving its overall record of helping meet the credit needs of underserved communities. According to the FDIC’s CRA performance evaluation of the Utah-based bank, the FDIC adjusted the CRA rating from “Satisfactory” to “Needs to Improve” due to illegal credit practices that resulted in violations of Section 5 of the FTC Act, Unfair or Deceptive Acts or Practices that were present during the time of the evaluation period. The FDIC found that the bank’s actions impacted a significant number of customers across the bank’s fuel card programs, and that the practices were sustained for multiple years. The FDIC also noted that, after the bank was notified of the violations, it implemented corrective measures, including customer restitution.

     

    Bank Regulatory CRA FDIC Fintech Compliance FTC Act Unfair Deceptive

  • FTC temporarily halts unlawful business opportunity scheme

    Federal Issues

    On August 22, the FTC announced that the U.S. District Court for the Southern District of California recently issued a temporary restraining order against a business opportunity operation for allegedly engaging in deceptive practices. According to the FTC’s complaint, the operation made claims in violation of the FTC Act, the FTC’s Business Opportunity Rule, and the Consumer Review Fairness Act of 2016 by, among other things; (i) making false claims that they offered a “venture capital-backed” and “artificial intelligence-integrated” e-commerce business opportunity for consumers to buy into; (ii) falsely promoting themselves as e-commerce experts and self-made millionaires who have assisted others in generating tens of millions of dollars; (iii) relying on false business projections, including that customers would make a “$4k-$6k consistently monthly net profit”; (iv) false claims about the use of AI tools to maximize revenues; and (v) false endorsements, including false claims of success on social media by an affiliate marketer.  The court’s temporary restraining order prohibited the operation from conducting business, froze its assets, appointed a temporary receiver, and required the operation to turn over business records to the FTC.  Beyond the temporary restraining order, the FTC is seeking preliminary and permanent injunctive relief, monetary relief, and additional relief as determined by the court. The FTC also highlighted that its ability to provide these refunds would not be possible if the action hadn't predated the 2021 Supreme Court ruling (covered by InfoBytes here) that the FTC lacks authority under Section 13(b) of the FTC Act to seek monetary relief in federal court. The FTC used the opportunity to encourage Congress to restore its ability to seek monetary relief in federal court.

    Federal Issues FTC FTC Act Enforcement Marketing Deceptive State Issues

  • District Court files temporary restraining order to stop scammers in FTC suit

    Federal Issues

    On August 21, the FTC announced it has stopped California-based scammers (defendants) who allegedly preyed on students seeking debt relief by pretending to be affiliated with the Department of Education. According to the August 14 complaint, since at least 2019, the defendants allegedly targeted students and illegally collected $8.8 million in advance fees in exchange for student loan debt relief services that did not exist. The defendants allegedly misled consumers by charging them for services that are free through the Department of Education, claiming consumers needed to pay fees or make payments to access federal student loan forgiveness, using names like "Biden Loan Forgiveness," that does not correspond to any actual government program. For instance, one consumer was asked to pay $375 for a processing fee to have up to $20,000 in loans forgiven because of a Pell Grant. Another was told they would get a $10,000 reduction in their loan balance and a new repayment plan with six $250 monthly payments under the “student loan forgiveness program.” The FTC alleges violations of Section 5 of the FTC Act, which prohibits deceptive acts or practices, TCPA, and the Gramm-Leach-Bliley Act. The complaint also alleges that the defendants used such misrepresentations to illegally obtain consumers’ banking information, and typically collected hundreds of dollars in unlawful advance fees—sometimes through remotely created checks in violation of the Telemarketing Sales Rule. The U.S. District Court of the Central District of California filed a temporary restraining order, resulting in an asset freeze, among other things. The FTC seeks preliminary, and permanent injunctive relief, monetary relief, and other relief.

    Federal Issues Courts Enforcement FTC Department of Education Student Lending Consumer Protection FTC Act TCPA Gramm-Leach-Bliley Deceptive

  • FTC, HHS say tracking technology may impermissibly disclose personal health data

    Privacy, Cyber Risk & Data Security

    On July 20, the FTC and U.S. Department of Health and Human Services for Civil Rights issued a joint letter cautioning hospitals and telehealth providers of the risks related to the use of online tracking technologies within their systems that may impermissibly disclose consumers’ personal data to third parties. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said “when consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties.” According to the letter, recent research has highlighted concerns about the use of technology to track users’ online activities and sensitive data including, health conditions, diagnoses, medications, medical treatments, frequency of visits to health care professionals, and where an individual seeks medical treatment. The FTC warned that the impermissible disclosures of personal data can result in identity theft, financial loss, discrimination, and more. The letter included a reminder that under the FTC Act and the FTC Health Breach Notification Rule, even if they are not covered by HIPAA, hospitals and telehealth providers remain obligated to protect against impermissible disclosures of personal health information.

    Privacy, Cyber Risk & Data Security Federal Issues FTC FTC Act Consumer Protection Health Breach Notification Rule Department of Health and Human Services

  • E-commerce company fined $25 million for alleged COPPA violations

    Federal Issues

    On July 19, the DOJ and FTC announced that a global e-commerce tech company has agreed to pay a penalty for alleged privacy violations related to its smart voice assistant’s data collection and retention practices. The agencies sued the company at the end of May for violating the Children’s Online Privacy Protection Act Rule and the FTC Act, alleging it repeatedly assured users that they could delete collected voice recordings and geolocation information but actually held onto some of this information for years to improve its voice assistant’s algorithm, thus putting the data at risk of harm from unnecessary access. (Covered by InfoBytes here.)

    The stipulated order requires the company to pay a $25 million civil money penalty. The order also imposes injunctive relief requiring the company to (i) identify and delete any inactive smart voice assistant children’s accounts unless requested to be retained by a parent; (ii) notify parents whose children have accounts about updates made to its data retention and deletion practices and controls; (iii) cease making misrepresentations about its “retention, access to or deletion of geolocation information or voice information, including children’s voice information” and delete this information upon request of the user or parent; and (iii) disclose its geolocation and voice information retention and deletion practices to consumers. The company must also implement a comprehensive privacy program specific to its use of users’ geolocation information.

    Federal Issues Privacy, Cyber Risk & Data Security DOJ FTC Enforcement COPPA FTC Act Consumer Protection

  • FTC fines company $7.8 million over health data and third-party advertisers

    Federal Issues

    On July 14, the FTC finalized an order against an online counseling service, requiring it to pay $7.8 million and prohibiting the sharing of consumers’ health data for advertising purposes. The FTC alleged that the respondent shared consumers’ sensitive health data with third parties despite promising to keep such information private (covered by InfoBytes here). The FTC said it will use the settlement funds to provide partial refunds to affected consumers. The order not only bans the respondent from disclosing health data for advertising and marketing purposes but also prohibits the sharing of consumers’ personal information for re-targeting. The order also stipulates that the respondent must now obtain consumers’ affirmative express consent before disclosing personal information, implement a comprehensive privacy program with certain data protection measures, instruct third parties to delete shared data, and adhere to a data retention schedule.

    Federal Issues Privacy, Cyber Risk & Data Security FTC Enforcement Consumer Protection Telehealth FTC Act Deceptive Advertisement Third-Party

  • Agencies charge crypto platform and former executives

    Federal Issues

    On July 13, the FTC announced a proposed settlement to resolve allegations that a crypto platform engaged in unfair and deceptive acts or practices in violation of the FTC Act. The FTC also alleges that the defendants violated the Gramm-Leach-Bliley Act by acquiring customer information from a financial institution regarding someone else by providing false or misleading statements. The New Jersey-based crypto company offers various cryptocurrency products and services to customers, such as interest-bearing accounts, personal loans backed by cryptocurrency deposits, and a cryptocurrency exchange. On the heels of its bankruptcy filing in July 2022, the FTC lodged a complaint in federal court alleging that three former executives falsely promised that deposits would be “safer” than bank deposits and always available for withdrawal, and that the platform posed “no risk” or “minimal risk.”

    The proposed stipulated order imposes a $4.72 million judgment against the corporate defendants, which is suspended based on their financial condition. The order also bans the corporate defendants from, among other things, “advertising, marketing, promoting, offering, or distributing, or assisting in the advertising, marketing, promoting, offering, or distributing of any product or service that can be used to deposit, exchange, invest, or withdraw assets, whether directly or through an intermediary.” 

    Other agencies also took action against the company and its former CEO on the same day, including the SEC, which alleges the company sold unregistered crypto asset securities in one of its program offerings. The SEC’s complaint further alleges the company made false and misleading statements and engaged in market manipulation. Additionally, the DOJ unsealed an indictment charging the former CEO and the company’s former chief revenue officer with conspiracy, securities fraud, market manipulation, and wire fraud for illicitly manipulating the price of the company’s token. Additionally, the CFTC filed a civil complaint charging the company and former CEO with fraud and material misrepresentations in connection with the operation of the company’s digital asset-based finance platform. The CFTC alleges the company operated as an unregistered commodity pool operator (CPO), and its former CEO operated as an unregistered associated person of a CPO. The complaint also accuses the former CEO of violating the Commodity Exchange Act and CFTC regulations, among other things. According to the press release, the company agreed to resolve the complaint, while the former CEO is continuing litigation.

    Federal Issues Digital Assets Securities Fintech Cryptocurrency FTC FTC Act Gramm-Leach-Bliley Enforcement Consumer Protection Deceptive SEC CFTC DOJ

  • FTC updates its Endorsement Guide after 14 years

    Federal Issues

    On June 29, the FTC announced the finalized updated version if its Endorsement Guide, to help the agency combat deceptive reviews and endorsements. The FTC says its endorsement guides, which were previously updated in 2009, advise businesses on what practices are considered unfair and deceptive in violation of the FTC Act. The FTC explained that the current, updated version takes into consideration comments solicited earlier this year, to reflect the ways advertisers now reach consumers. The revisions: (i) “articulate[] a new principle regarding procuring, suppressing, boosting, organizing, publishing, upvoting, downvoting, or editing consumer reviews so as to distort what consumers think of a product”; (ii) “address[] incentivized reviews, reviews by employees, and fake negative reviews of a competitor;” (iii) “add[] a definition of ‘clear and conspicuous’ and saying that a platform’s built-in disclosure tool might not be an adequate disclosure”; (iv) “[change] the definition of ‘endorsements’ to clarify the extent to which it includes fake reviews, virtual influencers, and tags in social media;” (v) “better explain[] the potential liability of advertisers, endorsers, and intermediaries”; and (vi) highlight[] that child-directed advertising is of special concern. The FTC concurrently issued an updated version of its guidance regarding frequently asked questions about its endorsement guides.

     

    Federal Issues FTC Advertisement FTC Act

  • FTC orders sweepstakes company to pay $18.5 million for using “dark patterns”

    Federal Issues

    On June 26, the FTC filed a complaint against a sweepstakes company alleging they used “dark patterns” (via the use of “manipulative phrasing and website design”) to trick consumers into purchasing products in order to enter the increase the chances of winning the company’s sweepstakes. The FTC further claimed the defendant engaged in other unlawful practices in violation of the FTC Act, including (i) failing to disclose the true price of goods and failing to inform consumers they were responsible for return shipping costs for unwanted products; (ii) misleading consumers with fictitious email subject lines; and (iii) sharing consumer data with third parties despite disclosing in its privacy policy prior to January 2019 that it did sell or rent consumer data to third parties.

    Under the terms of the proposed court order filed June 27 stipulating to an injunction, monetary judgement, and other relief, the defendant would be required to pay $18.5 million in monetary relief and make numerous changes to its email and internet operations. Among other things, the defendant would be required to clearly and conspicuously disclose on every shopping page that a purchase is not required to enter a sweepstakes and that purchasing will not help a consumer win. Consumers would also be required, in many cases, to acknowledge this disclosure when responding to a call to action that results in an order. The defendant must also clearly disclose material costs and terms of purchase, as well as any additional fees, and cancellation and return policies. Additionally, the defendant would be required to delete all consumer data collected prior to January 1, 2019, unless required for processing transactions, and stop misrepresenting its data collection and sharing practices.

    Federal Issues FTC Enforcement Dark Patterns FTC Act CAN-SPAM Act

  • DOJ and FTC find UDAPs in handling of women’s health data

    Federal Issues

    On June 23, the DOJ and FTC announced the government has obtained substantial injunctive relief, and that the department will collect $100,000 in civil penalties, from an Illinois-based healthcare corporation pursuant to a stipulated federal court order. In the complaint, the United States claimed that the corporation violated Section 5 of the FTC Act, in which the defendant engaged in unfair and deceptive acts in connection with its period and ovulation tracking mobile app. The government alleged that the corporation shared consumers’ persistent identifiers and sensitive personal information to third-party companies without user notice or consent. Additionally, the corporation allegedly failed to disclose how those third-party companies would use consumers’ personal information. The complaint also alleges the corporation failed to take “reasonable measures” surrounding data and privacy risk when they integrated third-party software into the mobile application, and that they violated the HBNR.

    The order entered by the court requires that the corporation: (i) “implement a comprehensive privacy and data security program with safeguards to protect consumer data”; (ii) “hire an independent third-party to regularly assess its compliance with the privacy program for a period of 20 years”; (iii) “[is] enjoined from sharing health information with third-parties for advertising purposes, from sharing health information with third-parties for other purposes without obtaining users’ affirmative express consent, and from making misrepresentations about [the corporation’s] privacy practices”; and (iv) comply with the HBNR’s notification provisions in any future breach of Security.

    Federal Issues Courts Privacy, Cyber Risk & Data Security Department of Justice FTC FTC Act Consumer Protection

Pages

Upcoming Events