Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 6, the Maine governor signed S.P. 275/L.D. 946, which requires certain broadband Internet access services to receive express, affirmative consent from a customer before disclosing, selling, or permitting access to a customer’s personal information. Among other things, the provisions stipulate that a customer may revoke his or her consent at any time, and forbid providers from refusing service or charging a penalty or offering a discount based on the customer’s decision to provide or not provide consent. Furthermore, providers must include a “clear, conspicuous and nondeceptive notice at the point of sale,” as well as on the provider’s public website, concerning the provider’s obligations and the customer’s rights. Requirements for safeguarding customers’ personal information are also outlined. The Act applies only to providers operating in Maine that provide Internet access service to customers that are physically located and billed for services received in Maine. The new law will take effect July 1, 2020.
On May 24, the FTC announced the launch of a dedicated fintech resource page hosted on the agency’s business center website. The fintech page contains the following materials: (i) guidance, including Safeguards Rule and Privacy Rule compliance information; (ii) videos that will be regularly rotated discussing topics such as artificial intelligence and blockchain; (iii) related posts containing relevant information on small business financing and recent fintech enforcement actions; and (iv) legal resources, including relevant cases and staff reports.
On April 29, NYDFS announced its newly created Consumer Protection and Financial Enforcement Division, led by Katherine Lemire as Executive Deputy Superintendent. The new office combines the Enforcement and Financial Frauds division with the Consumer Protection division and is responsible for ensuring compliance, fighting consumer fraud, and assisting NYDFS with the enforcement of the state’s Banking, Insurance and Financial Services laws. The office will have a particular investigative focus on the response to cybersecurity events and the creation of supervisory, regulatory and enforcement policy in the area of financial crimes. Prior to her new role, Lemire served as Assistant United States Attorney in the Southern District of New York where she investigated complex federal crimes, and as a prosecutor in the Manhattan District Attorney’s Office.
On April 11, the Maryland Attorney General announced an administrative proceeding taken against a title company, its owner, and related businesses for allegedly making unlicensed and usurious title loans secured by consumers’ motor vehicles. According to the AG’s charges, the defendants, among other things, allegedly engaged in unfair or deceptive trade practices by offering consumers high-interest, short-term title loans with typical annual interest rates of 360 percent. The AG contends that the loans offered by the defendants qualify as consumer loans under Maryland law and therefore are subject to state interest rate caps. Furthermore, the AG alleges that the defendants were never licensed by the Maryland Commissioner of Financial Regulation to make consumer loans in the state. The AG seeks an order compelling the defendants “to permanently cease and desist from making unlicensed and usurious consumer loans in Maryland, to pay restitution to all affected consumers, and to pay civil penalties.”
On April 16, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert to discuss compliance issues related to Regulation S-P—the SEC’s primary rule regarding privacy notices and safeguard policies—and to provide assistance to registered investment advisors and broker-dealers (registrants) when issuing compliant privacy and opt-out notices. Regulation S-P requires registrants to provide customers with a clear and conspicuous notice accurately reflecting its privacy policies and practices, plus any options to opt out of sharing certain non-public personal information with nonaffiliated third parties. The notice must be sent annually throughout the duration of the customer relationship. Regulation S-P also requires registrants to implement written policies and practices reasonably designed to ensure that customer records and information are secure and protected against unauthorized access. The Risk Alert provides examples of common Regulation S-P compliance deficiencies and weaknesses, and advises registrants to “review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are compliant with Regulation S-P.”
On April 15, the California Attorney General announced a $4.6 million settlement with a rental car company and affiliate resolving a joint investigation with the district attorneys into the company’s violation of state consumer protection laws. According to the AG, the companies, among other things, overcharged customers for rental vehicle repairs and failed to disclose material damage to the rental cars at the time of sale or disposal. Under state law, rental car companies are prohibited from charging customers more than the actual cost of repair, which includes any discounts the company receives according to the complaint. However, the companies frequently billed customers charges that were higher than the actual cost of the repair through the use of third-party repair estimates. Under the terms of the stipulated judgment, which also include comprehensive injunctive terms to prevent future misconduct, the companies—which did not admit liability—have agreed to comply with California laws and are required to pay (i) $1 million in restitution to affected customers; (ii) $3.3 million in civil penalties; and (iii) $300,000 in investigative costs.
FTC obtains $2.7 million judgment against “free samples” operation; settles deceptive marketing matter
On April 11, the FTC announced that the U.S. District Court for the Northern District of Illinois ordered a New York-based office supply operation to pay $2.7 million to resolve allegations that the defendants targeted consumers, such as small businesses, hotels, municipalities, and charitable organizations, by deceptively misrepresenting the terms of their “free samples.” Specifically, the FTC alleged in 2017 that the defendants violated the Telemarketing and Consumer Fraud and Abuse Prevention Act (Telemarketing Act) and the Unordered Merchandise Statute by calling consumers with offers of free product and then billing the consumers after shipping the samples. In some instances, the FTC stated, consumers refused the offer of the free product, but the defendants sent it anyway. Once the samples were shipped, the FTC claimed the defendants sent follow-up invoices demanding payment for the product, and would then send dunning notices and place collection calls. Under the terms of the order, the defendants are permanently banned from advertising, marketing, promoting, offering for sale, or selling any type of unordered merchandise, or from misrepresenting material facts, and are required to pay $2.7 million to be refunded to affected consumers.
Separately, on April 10, the FTC announced proposed settlements (see here and here) issued against twelve corporate and four individual defendants for allegedly claiming their “cognitive improvement” supplements increase brain power and performance. According to the complaint, the defendants’ deceptive acts and practices included using “sham news” websites to market false and misleading efficacy claims, such as fraudulent celebrity endorsements and fictitious clinical studies. Furthermore, the FTC alleged that, while the defendants claimed to offer a “100% Money Back Guarantee” on their supplements, consumers found it difficult or nearly impossible to get a refund, and that some consumers were allegedly charged for supplements they ordered but never received. The proposed settlements, among other things, prohibits the specified behavior and impose monetary judgments of $14,564,891 and $11,587,117, both of which will be partially suspended due to the defendants’ inability to pay.
On April 4, the Colorado Court of Appeals reversed the trial court’s ruling assessing civil penalties against a foreclosure law firm for allegedly failing to disclose that its principals had an ownership interest in one of its vendors. The appeals court found that the civil penalty was not warranted because the failure to disclose “did not significantly impact members of the public as actual or potential consumers.” According to the opinion, the State of Colorado brought an enforcement action against a foreclosure law firm and its affiliated vendors, alleging, among other things, that the law firm and its vendors violated the Colorado Consumer Protection Act (the Consumer Act) by making “false or misleading statements of fact concerning the price” of their foreclosure services. The State argued that the relationship between the law firm and its vendors allowed the vendors to charge for services in excess of the market rate, pass on those costs to the law firm’s customers, and share a portion of the inflated costs with the law firm. While the trial court rejected two of the State’s claims against the defendants, it concluded that the law firm committed a deceptive practice under the Consumer Act that, “significantly impact[ed] the public as actual or potential consumers,” by failing to disclose its affiliated relationship with one of the vendors.
On appeal, the appellate court rejected the trial court’s conclusion that the alleged deception significantly impacted the public, noting that the deception was confined to two clients, Fannie Mae and Freddie Mac, in the context of their private agreements with the firm. Because the misrepresentation was in the context of a private relationship, and the tax-paying public were not “consumers of the law firm’s services for purposes of the Consumer Act,” the appellate court found the trial court erred when awarding the civil penalties under the Act. Moreover, the appellate court affirmed the trial court’s rejection of the State’s other claims against the law firm.
On April 2, 10 out of the 11 Maryland Senate Finance Committee members voted in favor of a motion to consider SB 786 as “unfavorable.” The bill would have extended the effectiveness of the Maryland Financial Consumer Protection Commission (MFCPC) through June 30, 2021; however, because the bill cannot be revisited this session, the MFCPC will end June 30, 2019. Other provisions of the bill would have, among other things, addressed (i) mobile home retailer requirements; (ii) certain notice requirements for consumer borrowers; (iii) personal information protections and security breach notifications; (iv) vehicle sales and lending requirements; and (v) currency exchange licensing and regulatory requirements.
On April 3, the FTC announced that the U.S. District Court for the District of Nevada ordered a publisher and conference organizer and his three companies (defendants) to pay more than $50.1 million to resolve allegations that the defendants made deceptive claims about the nature of their scientific conferences and online journals, and failed to adequately disclose publication fees in violation of the FTC Act. Among other things, the FTC alleged, and the court agreed, that the defendants misrepresented that their online academic journals underwent rigorous peer reviews but defendants did not conduct or follow the scholarly journal industry’s standard review practices and often provided no edits to submitted materials. The court determined that the defendants also failed to disclose material fees for publishing authors work when soliciting authors and often did not disclose fees until the work had been accepted for publication. The court also found that the defendants falsely advertised the attendance and participation of various prominent academics and researchers at conferences without their permission or actual affiliation.
In addition to the monetary judgment, the final order grants injunctive relief and (i) prohibits the defendants from making misrepresentations regarding their publications and conferences; (ii) requires that the defendants clearly and conspicuously disclose all costs associated with publication in their journals; and (iii) requires the defendants to obtain express written consent from any individual the defendants represent as affiliated with their products or services.
On the same day, the FTC also announced a settlement with a subscription box snack service to resolve allegations that the company violated the FTC Act by misrepresenting customer reviews as independent and failing to adequately disclose key terms of its “free trial” programs. Specifically, the FTC alleged that the company provided customers with free products and other incentives in exchange for posting positive online reviews and misrepresented that independent customers made the reviews or posts. The company also allegedly offered “free trial” snack boxes without adequately disclosing key terms of the offer, including the stipulation that if the trial was not canceled on time, the customer would be automatically enrolled as a subscriber and charged the “total amount owed for six months of snack box shipments.” The proposed order, among other things, prohibits the specified behavior and requires the company to pay $100,000 in consumer redress.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference