Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On July 14, the FTC announced an $18 million settlement with a financial services company (defendant) over allegations that it deceived consumers. The FTC originally filed a complaint in 2018 claiming, among other things, that the defendant violated the FTC Act, the Privacy of Consumer Financial Information Rule, and the Gramm-Leach-Bliley Act, by falsely advertising loans with “no hidden fees” and misleading consumers with respect to whether their loan applications had been approved. The complaint also alleged that the defendant withdrew double payments from consumers’ accounts and continued to charge consumers who cancelled automatic payments or paid off their loan, leading to overdraft fees and preventing borrowers from making other payments. Under the terms of the stipulated final order, the defendant is permanently barred from (i) misrepresenting fee amounts, the status of an application, and other material facts concerning any extension of credit; and (ii) making any representation about a specific loan amount prior to accepting a loan application, without clear and conspicuous disclosure of the dollar amount of any prepaid, up-front, or origination fee or the total amount of funds that would be disbursed to the consumer.
On July 12, the FTC announced a settlement with two Florida-based payment processing companies and their CEO (collectively, “defendants”) accused of participating in a student loan debt relief scam. As previously covered by InfoBytes, in 2018, the FTC alleged the student loan debt relief operation violated the FTC Act and the Telemarketing Sales Rule (TSR) by, among other things, falsely claiming borrowers had pre-qualified for federal loan assistance programs that would reduce their monthly debt payments or result in total loan forgiveness and accepting monthly payments that were not applied towards student loans. A settlement was reached last December (covered by InfoBytes here). According to the FTC’s most recent complaint, the defendants allegedly “applied for and obtained merchant accounts for the [scam] by knowingly and repeatedly providing false information to payment processors about the [operation’s] three companies.” The defendants’ payment processing applications, the FTC contended, concealed the fraudulent activity, denied that the operation was offering consumers prohibited debt relief services, and repeatedly ignored warnings and direct evidence that the operation was defrauding consumers.
Under the terms of the settlement order, the defendants are permanently banned from payment processing or acting as an independent sales organization or sales agency. The defendants are also prohibited from assisting and facilitating any unfair and deceptive trade practice, including to obtain payment processing services. In addition, the order imposes a $28.6 million judgment against the defendants, which is partially suspended following the payment of $20,493, due to the defendants’ inability to pay the full amount.
On June 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in May. During the month, the FDIC issued 10 orders and one notice consisting of “two Orders to Pay Civil Money Penalties, four Section 19 Applications, three Orders Terminating Consent Orders, one Order of Prohibition from Further Participation, and Notice of Intention to Prohibit from Further Participation, one Notice of Assessment of Civil Money Penalties, Findings of Fact, Conclusions of Law, Order to Pay, and Notice of Hearing.” Among the orders is a civil money penalty imposed against an Oregon-based bank concerning allegations of unfair and deceptive practices related to a wholly-owned subsidiary’s debt collection practices for commercial equipment financing. As previously covered by InfoBytes, the bank’s subsidiary allegedly violated Section 5 of the FTC Act by, among other things, unfairly and deceptively charging various undisclosed collection fees—such as collection call and letter fees and third-party collection fees—to borrowers with past due accounts. The bank, which did not admit or deny the violations, agreed to voluntarily pay an approximately $1.8 million civil money penalty.
The FDIC also imposed a civil money penalty against an Iowa-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank (i) “[m]ade, increased, extended or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; (ii) “[f]ailed to timely notify the borrower that the borrower should obtain flood insurance, at the borrower’s expense, upon determining that the collateral was not covered by flood insurance at some time during the term of the loan”; and (iii) “[f]ailed to timely purchase flood insurance on the borrower’s behalf when the borrower failed to do so within 45 days of being advised to obtain adequate flood insurance.” The order requires the payment of a $8,000 civil money penalty.
On June 22, the FTC issued a decision and order against a company operating a fertility-tracking mobile app. The order resolved claims that the company shared user’s sensitive health data with various marketing and analytics service providers to the company. The FTC filed a complaint in January claiming, among other things, that the company repeatedly promised to protect users’ personal health data but instead disclosed the data to third parties for years and did not contractually limit how those third parties could use the data. These actions, the FTC claimed, violated the FTC Act as well as frameworks under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, which the company represented to users that it participated in, and require companies to provide notice, choice, and accountability for the transfer of personal data to third parties. Under the terms of the decision and order, the company is required to provide notice to users about the disclosure of their health data, obtain users’ affirmative express consent to share the information, and instruct any third party that received users’ health information to destroy the data. Additionally, the company is prohibited from misrepresenting: (i) the purposes for which it (or any entity to whom it discloses personal data) collects, maintains, uses, or discloses the data; (ii) the extent to which consumers can control the use of the data; (iii) its adherence to any privacy, security, or compliance program; and (iv) the extent to which it “collects, maintains, uses, discloses, deletes, or permits or denies access to any” users’ personal information. The FTC further noted in its announcement that it is “currently undertaking a review of the Health Breach Notification Rule and is actively considering public comments regarding the application of the Rule to mobile applications and other direct-to-consumer technologies that handle consumers’ sensitive health information.”
On June 16, the FTC and the Arkansas attorney general filed a complaint against the operators of a “blessing loom” investment program (defendants), alleging that they acted as an illegal pyramid scheme that bilked millions of dollars from thousands of consumers. The joint complaint alleges that the defendants violated the FTC Act, Consumer Review Fairness Act, and the Arkansas Deceptive Trade Practices Act by: (i) participating in a pyramid scheme, which constitutes a deceptive act; (ii) prohibiting the ability of an individual to engage in a covered communication; and (iii) falsely representing goods and services. The complaint alleges that the defendants lured people into enrolling in their program by falsely guaranteeing investment returns as high as 800 percent, with some members allegedly paying as much as $62,700 to participate in the program. In addition, the defendants allegedly, among other things, (i) targeted Black communities and stated in the “[program’s] Bible,” which contains program membership bylaws, that all program members must, with no exceptions, be of African-American descent; (ii) targeted financially distressed consumers; (iii) falsely claimed the program provided “a means to achieve financial freedom and generational wealth”; (vi) attempted to hide their illegal activity from law enforcement and payment processors by forbidding certain payment applications to be used by members; and (v) prohibited members from publishing material related to the program online, such as comments and reviews. The complaint seeks to permanently enjoin the defendants’ illegal operation and requests that the court award redress for injured consumers. The complaint also seeks to impose civil penalties on the defendants under Arkansas state law.
On June 14, the FTC announced additional charges against two New York-based small-business financing companies and a related entity and individuals (collectively, “defendants”). Last June, the FTC filed a complaint against the defendants for allegedly violating the FTC Act and engaging in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, and making unauthorized withdrawals from consumers’ accounts (covered by InfoBytes here). The amended complaint alleges that the defendants also violated the Gramm-Leach-Bliley Act’s prohibition on using false statements to obtain consumers’ financial information, including bank account numbers, log-in credentials, and the identity of authorized signers, in order “to withdraw more than the specified amount from consumers’ bank accounts.” Additionally, the FTC’s press release states that the defendants “engaged in wanton and egregious behavior, including laughing at consumer requests for refunds from [the defendants’] unauthorized withdrawals from customer bank accounts; abusing the legal system to seize the business and personal assets of their customers; and threatening to break their customers’ jaws or falsely accusing them of child molestation during collection calls.” The amended complaint seeks a permanent injunction against the defendants, along with civil money penalties and monetary relief including “rescission or reformation of contracts, the refund of monies paid, and other equitable relief.”
On June 4, the U.S. Court of Appeals for the Second Circuit overturned a district court’s decision, holding that a debt collector’s offer to settle an outstanding debt did not require informing the consumer that the balance could increase as a result of interest and fees. The plaintiff allegedly incurred credit card debt, which was then placed with the defendant for collection. The defendant sent the plaintiff a collection letter offering to settle the account for less than what was owed. The plaintiff sued, alleging that the letter violated Section 1692e of the FDCPA because it did not specify that interest was accruing on the balance. The district court, relying on the 2nd Circuit’s 2016 decision in Avila v. Riexinger & Associates, held that the defendant violated the FDCPA because the letter did not indicate that the balance would increase as a result of interest and fees.
On appeal, the 2nd Circuit clarified that its Avila decision discussed two exceptions, or “safe harbors,” to the requirement for debt collectors to disclose the possibility of interest and fees accruing, which are if the collection notice: (i) “ accurately informs the consumer that the amount of the debt stated in the letter will increase over time”; or (ii) “clearly states that the holder of the debt will accept payment in the amount set forth in full satisfaction of the debt if payment is made by a specified date.” The 2nd Circuit pointed out that the “payment of an amount that the collector indicates will fully satisfy a debt excludes the possibility of further debt to pay.” The appellate court further held that “a settlement offer need not enumerate the consequences of failing to meet its deadline or rejecting it outright so long as it clearly and accurately informs a debtor that payment of a specified sum by a specified date will satisfy the debt.” Therefore, the appellate court concluded that the collection notice to the consumer did not violate FDCPA section 1692e “because it extended a settlement offer that, if accepted through payment of the specified amount(s) by the specified date(s), would have cleared [the plaintiff’s] account.”
FTC alleges subscription service failed to provide access to paid-for services or secure personal data
On June 7, the FTC announced a complaint and proposed consent order against the operators of a movie subscription service to settle allegations that the respondents denied subscribers access to paid-for services and failed to secure subscribers’ personal information. The FTC alleges in its complaint that the respondents violated the FTC Act by employing multiple tactics to prevent subscribers from using the advertised services, including by (i) invalidating subscribers’ passwords while deceptively claiming to have “detected suspicious activity or potential fraud” on the subscribers’ accounts; (ii) imposing a deceptive ticket verification program, which required subscribers to submit photos of physical movie ticket stubs within a certain timeframe in order to view future movies or risk having their subscriptions cancelled; and (iii) using undisclosed financial thresholds known as “trip wires” to block certain subscribers after they reached certain viewing thresholds based on their monthly cost to the company. The FTC also alleged the respondents violated the Restore Online Shoppers’ Confidence Act, by failing to (i) disclose all material terms before obtaining consumers’ billing information; or (ii) obtain consumers’ express informed consent before charging them. Furthermore, the respondents allegedly failed to take reasonable measures to protect subscribers’ personal information, including storing personal data such as financial information and email addresses in unencrypted form and failing to restrict who could access the data, which lead to a data breach in 2019.
An analysis of the FTC’s proposed consent order notes that the respondents are prohibited from misrepresenting their services and must establish a comprehensive information security program that requires them—and any businesses controlled by the respondents —to implement and annually test and monitor safeguards and take steps to address security risks. The respondents must also obtain biennial third-party assessments of its information security program, notify the FTC of any future data breaches, and annually certify that it is complying with the order’s data security requirements. The FTC noted that because certain respondents have filed for bankruptcy, the order does not include monetary relief.
On May 17, the FTC announced settlements to resolve litigation against the remaining defendants involved in a student loan debt-relief operation charged with allegedly engaging in deceptive and abusive practices by collecting advance fees and making false promises to consumers that they could lower or eliminate loan payments or balances. As previously covered by InfoBytes, the FTC filed complaints against two groups of defendants involved in the debt-relief operation claiming the defendants, among other things, charged consumers advance fees and enrolled consumers in a high-interest financing program without making required disclosures. These actions, the FTC, contended, violated the FTC Act, TILA, and the Telemarketing Sales Rule (TSR), and stipulated orders were entered against several of the defendants in 2019. The terms of the stipulated final orders reached with the remaining defendants (see here and here) prohibit the defendants from (i) engaging in transactions involving secured or unsecured debt relief products and services; (ii) making misrepresentations and unsubstantiated claims regarding any products and services; (iii) violating the TSR; and (iv) collecting any further payments from consumers who purchased debt-relief services prior to the entry of the order. Additionally, certain defendants are required to pay a more than $24.5 million monetary judgment, which will be partially suspended due to inability to pay. One of the defendants is also required to pay $11,500, which will go towards consumer redress.
On May 10, the FDIC announced that an Oregon-based bank has agreed to settle allegations of unfair and deceptive practices in violation of Section 5 of the FTC Act related to a wholly owned subsidiary’s debt collection practices for commercial equipment financing. According to the FDIC, the subsidiary unfairly and deceptively charged various undisclosed collection fees—such as collection call and letter fees and third-party collection fees—to borrowers with past due accounts. The FDIC additionally claimed that some of the subsidiary’s collection practices were also unfair and deceptive, including (i) placing excessive and sequential collection calls to borrowers even after requests were made to stop the calls; (ii) disclosing borrowers’ debt information to third parties; and (iii) telling borrowers that their commercial debt would be reported as delinquent to the consumer reporting agencies (CRAs), even though its policy and practice was to not report such delinquencies to the CRAs. Under the terms of the settlement order, the bank, which does not admit nor deny the violations, will voluntarily pay an approximately $1.8 million civil money penalty.
- Jeffrey P. Naimon to provide “Fair lending update” at the Colorado Mortgage Lenders Association Operational and Compliance Forum
- Jonice Gray Tucker to discuss “Justice for all: Achieving racial equity through fair lending” at CBA Live
- Warren W. Traiger to discuss “On the horizon for CRA modernization” at CBA Live
- Jonice Gray Tucker to discuss "Fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss “State law regulatory and enforcement trends” at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute