Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC, Florida file complaint against grant funding operation

    Federal Issues

    On June 27, the FTC and the Florida attorney general filed a complaint against a Florida-based grant funding company and its owner (collectively, “defendants”) alleging that the defendants violated the Consumer Protection Act, the FTC Act, and the Florida Deceptive Unfair Trade Practices Act. According to the complaint, the defendants deceptively marketed grant writing and consulting services to minority-owned small businesses by, among other things, (i) promising grant funding that did not exist and/or was never awarded; (ii) misleading customers about the status of grant awards; and (iii) failing to honor a “money-back guarantee” and suppressing customer complaints. The complaint also alleged that the owner relied on funds that she acquired through the federal Paycheck Protection Program Covid-19 stimulus program to start the company. The U.S. District Court for the Middle District of Florida issued a restraining order with asset freeze, appointment of a temporary receiver, and other equitable relief order against the defendants, which also prohibits them from engaging in grant funding business activities.

    Federal Issues State Issues FTC Enforcement State Attorney General Florida Covid-19 FTC Act Deceptive UDAP

    Share page with AddThis
  • FTC finalizes action against e-commerce platform for data breach cover up

    Federal Issues

    On June 24, the FTC announced a final decision and order against two limited liability companies (respondents) accused of allegedly failing to secure consumers’ sensitive personal data and covering up a major breach. As previously covered by InfoBytes, the respondents—former and current owners of an online customized merchandise platform—allegedly violated the FTC Act by, among other things, misrepresenting that they implemented reasonable measures to protect customers’ personal information against unauthorized access and misrepresenting that appropriate steps were taken to secure consumer account information following security breaches. The complaint further alleged that respondents failed to apply readily available protections against well-known threats or adequately respond to security incidents, which resulted in the respondents’ network being breached multiple times. Under the terms of the final settlement, one of the respondents is required to pay $500,000 to victims of the data breaches. The other respondent is required to provide notice to consumers impacted by a 2019 data breach. Among other things, the order prohibits respondents from misrepresenting their privacy and security measures and requires that respondents implement comprehensive information security programs that are assessed by an independent third party.

    Federal Issues Privacy/Cyber Risk & Data Security FTC Enforcement Data Breach FTC Act Deceptive UDAP

    Share page with AddThis
  • FDIC updates Consumer Compliance Examination Manual’s UDAAP provisions

    On June 17, the FDIC announced updates to its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff when evaluating financial institutions’ compliance with federal consumer protection laws and regulations. The June update modifies Section VII Unfair, Deceptive, or Abusive Acts or Practices to reflect the FDIC’s existing supervisory authority regarding UDAP and UDAAP under Section 5 of the FTC Act, and Sections 1031 and 1036 of the Dodd-Frank Act, respectively. Among other updates, the new Section VII changes language related to the Equal Credit Opportunity Act and Fair Housing Act to add a reference to Dodd-Frank UDAAP provisions. The updated section provides the following:

    ECOA prohibits discrimination in any aspect of a credit transaction against persons on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to contract), the fact that an applicant’s income derives from any public assistance program, and the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The FHA prohibits creditors involved in residential real estate transactions from discriminating against any person on the basis of race, color, religion, sex, handicap, familial status, or national origin. FTC UDAPs and Dodd-Frank UDAAPs that target or have a disparate impact on consumers in one of these prohibited basis groups may violate the ECOA or the FHA, as well as the FTC Act or the Dodd-Frank Act. Moreover, some state and local laws address discrimination against additional protected classes, e.g., handicap in non-housing transactions, or sexual orientation. Such conduct may also violate the FTC Act or the Dodd-Frank Act.

    With respect to the legal standards for “unfair” and “deceptive” under the FTC Act and Dodd-Frank, Section VII notes that these standards are “substantially similar.”

    Bank Regulatory Federal Issues FDIC Examination UDAAP UDAP Compliance FTC Act Dodd-Frank Fair Lending Discrimination ECOA Fair Housing Act

    Share page with AddThis
  • FTC bans MCA providers, returns $2.7 million to consumers

    Federal Issues

    On June 6, the FTC obtained a stipulated court order permanently banning a company and owner from participating in the merchant cash advance and debt collection industries. As previously covered by InfoBytes, last June the FTC filed an amended complaint against two New York-based small-business financing companies and a related entity and individuals (including the settling defendants), claiming the defendants engaged in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, deceiving consumers about personal guarantees, forcing consumers and businesses to sign confessions of judgment, providing less funding than promised due to undisclosed fees, and making unauthorized withdrawals from consumers’ accounts. Under the terms of the stipulated order, the settling defendants are required to pay a more than $2.7 million monetary judgment to go towards refunds for harmed consumers and must vacate any judgments against former customers and release any liens against their customers’ property. The announcement notes that the settling defendants are also “prohibited from misleading consumers about any key facts about any good or service, including any fees, the total cost of the product, and other facts that reflect their deceptions in this case.”

    Earlier in January, a stipulated order was entered against two other defendants (covered by InfoBytes here), which permanently banned them from participating in the merchant cash advance and debt collection industries and required the payment of a $675,000 monetary judgment.

    Federal Issues Enforcement FTC Merchant Cash Advance Debt Collection Consumer Finance Small Business Lending FTC Act UDAP Deceptive Unfair

    Share page with AddThis
  • FTC shares 2021 enforcement report with CFPB

    Federal Issues

    On June 3, the FTC announced that it submitted its 2021 Annual Financial Acts Enforcement Report to the CFPB. The report covers FTC enforcement activities regarding the Truth in Lending Act (TILA), the Consumer Leasing Act (CLA), and the Electronic Fund Transfer Act (EFTA). Highlights of the enforcement matters covered in the report include, among other things:

    • Automobile Credit and Leasing. The report discussed the FTC’s July 2021 settlement with the owners of car dealerships in Arizona and New Mexico (collectively, “defendants”) resolving claims that the defendants misrepresented consumer information on finance applications and misrepresented financial terms in advertisements in violation of TILA and CLA (covered by InfoBytes here).
    • Payday Lending. The report highlighted the FTC’s settlement against a payday lending enterprise for allegedly overcharging consumers millions of dollars, deceiving them about the terms of their loans, and failing to make required loan disclosures. According to the report, the owners and operators of the settling entities are banned from making loans or extending credit, nearly all debt held by the company will be deemed paid in full, and the companies involved are being liquidated, with the proceeds to be used to provide redress to consumers harmed by the company.
    • Credit Repair and Debt Relief. The report discussed the FTC’s settlement with the operators of a student loan debt relief scheme, who were charged with falsely promising consumers the company could lower or eliminate student loan balances, illegally imposing upfront fees for credit repair services, and signing consumers up for high-interest loans to pay the fees without making required loan disclosures in violation of TILA. The order bans the defendants from providing debt relief services and collecting any further payments from consumers who purchased the services, and requires the defendants to return money to be used to refund consumers.

    Additionally, the report addressed the FTC’s research and policy efforts and highlighted the FTC’s Military Task Force’s work on military consumer protection issues.

    Federal Issues FTC CFPB Enforcement TILA CLA EFTA Consumer Finance UDAP

    Share page with AddThis
  • FTC secures TRO against credit repair scheme

    Federal Issues

    On May 31, the FTC announced that the U.S. District Court for the Eastern District of Maryland granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices that scammed consumers out of more than $213 million. According to the FTC’s complaint, the operation targeted consumers with low credit scores promising its products could remove all negative information from their credit reports and significantly increase credit scores. The operation allegedly violated the FTC Act, the Credit Repair Organizations Act, and the Telemarketing Sales Rule by, among other things, (i) making misrepresentations regarding its credit repair services; (ii) selling a product that purportedly sends rent payment information to credit bureaus even though “this information is not generally part of consumers’ credit score and many credit bureaus don’t accept this kind of information directly from consumers”; (iii) charging illegal advance fees; (iv) failing to provide consumers required information such as refund and cancellation policies; and (v) recruiting consumers to sell credit repair products to other consumers as part of a pyramid scheme even though few consumers ever received the promised earnings (and many consumers actually lost money as agents). Beyond the temporary restraining order, the FTC is seeking a permanent injunction, monetary relief, and other equitable relief.

    Federal Issues FTC Enforcement Consumer Finance Credit Repair Fees Courts FTC Act CROA TSR UDAP Deceptive

    Share page with AddThis
  • FTC takes action against telemarketing operation

    Federal Issues

    On May 25, the FTC announced an action resolving allegations against a subscription scam operation and its officers (collectively, “defendants”) that allegedly deceptively used telemarketing schemes on consumers. According to the complaint, which was filed in the U.S. District Court for the District of Nevada, the defendants allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR) by calling consumers to claim that they were conducting a survey and offering “free” or low-cost magazine subscriptions. After the survey, the defendants allegedly sent consumers a bill falsely stating that they agreed to pay several hundred dollars for the magazine subscriptions. According to the FTC, there was a “no-cancellation policy,” and the defendants allegedly harassed consumers when they refused to pay the exorbitant bills, including by threatening to initiate collection actions or threatening to submit derogatory information about them to the major credit bureaus. The proposed order follows a 2010 permanent injunction that was entered against the same defendants, which prohibited them from committing future violations. The recent order requires the defendants to pay a suspended judgment of $14.4 million and requires them to give up all claims to money already paid to the FTC. Additionally, the defendants are required to monitor their compliance with the proposed order “and may face significant contempt remedies if they violate its terms.” The FTC noted that the original monetary relief was vacated after the Supreme Court’s decision in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here). The FTC pointed out that the “settlement of this matter for a suspended judgment of $14.47 million, after originally having been awarded $24 million at trial, demonstrates the challenges since the Supreme Court’s AMG decision.”

    Federal Issues FTC Telemarketing Deceptive UDAP Enforcement FTC Act TSR

    Share page with AddThis
  • Social media company to pay $150 million to settle FTC, DOJ data security probe

    Federal Issues

    On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”

    Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.

    Federal Issues Privacy/Cyber Risk & Data Security FTC DOJ Enforcement UDAP Deceptive FTC Act EU-US Privacy Shield Swiss-U.S. Privacy Shield Settlement

    Share page with AddThis
  • FTC temporarily halts unlawful credit repair operation

    Federal Issues

    On May 6, the FTC announced that the U.S. District Court for the Middle District of Florida granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices. According to the FTC’s complaint, the operation violated the FTC Act, the CROA, and the TSR by, among other things; (i) making misrepresentations regarding credit repair services; (ii) making misrepresentations regarding a money-making opportunity associated with a government benefit related to Covid-19; (iii) making untrue or misleading representations to consumers, which included increasing their credit score; (vi) charging for the performance of credit repair services that the defendants agreed to perform prior to such services being fully performed; (v) making untrue or misleading statements with respect to their sales pitch on credit worthiness, credit standing, or credit capacity to consumer reporting agencies, creditors, and potential creditors; and (vi) charging illegal advance fees. Beyond the temporary restraining order, the FTC is seeking a permanent injunction, the appointment of a receiver, immediate access to business premises, an asset freeze, and other equitable relief.

    Federal Issues FTC FTC Act TSR CROA UDAP Enforcement Deceptive

    Share page with AddThis
  • National retailers must pay $5.5 million to resolve deceptive product representation

    Federal Issues

    On May 10, the DOJ announced that two national retailers agreed to pay a $2.5 million and a $3 million civil penalty (see here and here) to resolve allegations that they engaged in false labeling and marketing tactics by presenting rayon textile products as bamboo. As previously covered by InfoBytes, the DOJ on behalf of the FTC, filed complaints (see here and here) against the defendants, which alleged that since at least 2015, the companies made false or unsubstantiated representations in violation of the FTC Act by improperly labeling and marketing textile fiber products as “made of bamboo” in both product titles and descriptions. In addition to paying the civil money penalties, the defendants are prohibited from making deceptive claims, including false and/or unsubstantiated claims, relating to bamboo fiber products, and are prohibited from engaging in future violations of the FTC Act, Textile Act and Textile Rules.

    Federal Issues DOJ FTC Enforcement UDAP Deceptive FTC Act Penalty Offense Authority

    Share page with AddThis