InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC settles with financial services company
On July 14, the FTC announced an $18 million settlement with a financial services company (defendant) over allegations that it deceived consumers. The FTC originally filed a complaint in 2018 claiming, among other things, that the defendant violated the FTC Act, the Privacy of Consumer Financial Information Rule, and the Gramm-Leach-Bliley Act, by falsely advertising loans with “no hidden fees” and misleading consumers with respect to whether their loan applications had been approved. The complaint also alleged that the defendant withdrew double payments from consumers’ accounts and continued to charge consumers who cancelled automatic payments or paid off their loan, leading to overdraft fees and preventing borrowers from making other payments. Under the terms of the stipulated final order, the defendant is permanently barred from (i) misrepresenting fee amounts, the status of an application, and other material facts concerning any extension of credit; and (ii) making any representation about a specific loan amount prior to accepting a loan application, without clear and conspicuous disclosure of the dollar amount of any prepaid, up-front, or origination fee or the total amount of funds that would be disbursed to the consumer.
District Court allows CFPB to pursue 2016 structured settlement claims
On July 12, the U.S. District Court for the District of Maryland issued an opinion denying several motions filed by parties in litigation stemming from a 2016 complaint filed by the CFPB, which alleged the defendants employed abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. As previously covered by InfoBytes, the Bureau claimed the defendants violated the CFPA by encouraging consumers to take advances on their structured settlements and falsely representing that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” After the court rejected several of the defendants’ arguments to dismiss based on procedural grounds and allowed the CFPB’s UDAAP claims against the structured settlement buyer and its officers to proceed, the CFPB filed an amended complaint in 2017 alleging unfair, deceptive, and abusive acts and practices and seeking a permanent injunction, damages, disgorgement, redress, civil penalties and costs.
In the newest memorandum opinion, the court considered a motion to dismiss the amended complaint and a motion for judgment on the pleadings on the grounds that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert), and that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired. The court reviewed, among other things, whether the doctrine of equitable tolling saved the case from dismissal and cited a separate action issued by the Middle District of Pennsylvania which concluded that an “action was timely filed under existing law, at a time where there was no finding that a provision of the Dodd-Frank Act was unconstitutional.” While noting that the ruling was not binding, the court found the facts in that case to be similar to the action at issue and the analysis to be persuasive. As such, the court denied the motion to dismiss and the motion for judgment on the pleadings, and determined that the Bureau may pursue the enforcement action originally filed in 2016.
CFPB settles with fintech over loan scheme operation
On July 12, the CFPB announced a consent order against a Georgia-based fintech company for allegedly enabling contractors and other merchants to take out loans on behalf of thousands of consumers who did not authorize them. According to the CFPB, the respondent allegedly violated the CFPA’s prohibition against unfair acts or practices by (i) servicing and facilitating the origination of unauthorized loans to consumers and (ii) enabling unauthorized loans by, among other things, failing to implement appropriate and effective controls during the loan application, approval, and funding processes. The CFPB noted that over 6,000 complaints were filed between 2014 and 2019 about the respondent, with some consumers claiming to have no prior involvement or knowledge of the respondent before receiving billing statements and collection letters. Under the terms of the consent order, the respondent must verify consumers’ identities and confirm their authorizations before activating loans or disbursing loan proceeds and implement an effective consumer complaint management program, exercising oversight of third-party merchant partners, and implementing uniform standards regarding the write-off of illegal loans. The respondent is also ordered to pay up to approximately $9 million in redress to its victims and a $2.5 million civil money penalty.
FDIC releases May enforcement actions
On June 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in May. During the month, the FDIC issued 10 orders and one notice consisting of “two Orders to Pay Civil Money Penalties, four Section 19 Applications, three Orders Terminating Consent Orders, one Order of Prohibition from Further Participation, and Notice of Intention to Prohibit from Further Participation, one Notice of Assessment of Civil Money Penalties, Findings of Fact, Conclusions of Law, Order to Pay, and Notice of Hearing.” Among the orders is a civil money penalty imposed against an Oregon-based bank concerning allegations of unfair and deceptive practices related to a wholly-owned subsidiary’s debt collection practices for commercial equipment financing. As previously covered by InfoBytes, the bank’s subsidiary allegedly violated Section 5 of the FTC Act by, among other things, unfairly and deceptively charging various undisclosed collection fees—such as collection call and letter fees and third-party collection fees—to borrowers with past due accounts. The bank, which did not admit or deny the violations, agreed to voluntarily pay an approximately $1.8 million civil money penalty.
The FDIC also imposed a civil money penalty against an Iowa-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank (i) “[m]ade, increased, extended or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; (ii) “[f]ailed to timely notify the borrower that the borrower should obtain flood insurance, at the borrower’s expense, upon determining that the collateral was not covered by flood insurance at some time during the term of the loan”; and (iii) “[f]ailed to timely purchase flood insurance on the borrower’s behalf when the borrower failed to do so within 45 days of being advised to obtain adequate flood insurance.” The order requires the payment of a $8,000 civil money penalty.
FTC tackles illegal pyramid scheme
On June 16, the FTC and the Arkansas attorney general filed a complaint against the operators of a “blessing loom” investment program (defendants), alleging that they acted as an illegal pyramid scheme that bilked millions of dollars from thousands of consumers. The joint complaint alleges that the defendants violated the FTC Act, Consumer Review Fairness Act, and the Arkansas Deceptive Trade Practices Act by: (i) participating in a pyramid scheme, which constitutes a deceptive act; (ii) prohibiting the ability of an individual to engage in a covered communication; and (iii) falsely representing goods and services. The complaint alleges that the defendants lured people into enrolling in their program by falsely guaranteeing investment returns as high as 800 percent, with some members allegedly paying as much as $62,700 to participate in the program. In addition, the defendants allegedly, among other things, (i) targeted Black communities and stated in the “[program’s] Bible,” which contains program membership bylaws, that all program members must, with no exceptions, be of African-American descent; (ii) targeted financially distressed consumers; (iii) falsely claimed the program provided “a means to achieve financial freedom and generational wealth”; (vi) attempted to hide their illegal activity from law enforcement and payment processors by forbidding certain payment applications to be used by members; and (v) prohibited members from publishing material related to the program online, such as comments and reviews. The complaint seeks to permanently enjoin the defendants’ illegal operation and requests that the court award redress for injured consumers. The complaint also seeks to impose civil penalties on the defendants under Arkansas state law.
FTC adds charges against small-business financer
On June 14, the FTC announced additional charges against two New York-based small-business financing companies and a related entity and individuals (collectively, “defendants”). Last June, the FTC filed a complaint against the defendants for allegedly violating the FTC Act and engaging in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, and making unauthorized withdrawals from consumers’ accounts (covered by InfoBytes here). The amended complaint alleges that the defendants also violated the Gramm-Leach-Bliley Act’s prohibition on using false statements to obtain consumers’ financial information, including bank account numbers, log-in credentials, and the identity of authorized signers, in order “to withdraw more than the specified amount from consumers’ bank accounts.” Additionally, the FTC’s press release states that the defendants “engaged in wanton and egregious behavior, including laughing at consumer requests for refunds from [the defendants’] unauthorized withdrawals from customer bank accounts; abusing the legal system to seize the business and personal assets of their customers; and threatening to break their customers’ jaws or falsely accusing them of child molestation during collection calls.” The amended complaint seeks a permanent injunction against the defendants, along with civil money penalties and monetary relief including “rescission or reformation of contracts, the refund of monies paid, and other equitable relief.”
FTC alleges subscription service failed to provide access to paid-for services or secure personal data
On June 7, the FTC announced a complaint and proposed consent order against the operators of a movie subscription service to settle allegations that the respondents denied subscribers access to paid-for services and failed to secure subscribers’ personal information. The FTC alleges in its complaint that the respondents violated the FTC Act by employing multiple tactics to prevent subscribers from using the advertised services, including by (i) invalidating subscribers’ passwords while deceptively claiming to have “detected suspicious activity or potential fraud” on the subscribers’ accounts; (ii) imposing a deceptive ticket verification program, which required subscribers to submit photos of physical movie ticket stubs within a certain timeframe in order to view future movies or risk having their subscriptions cancelled; and (iii) using undisclosed financial thresholds known as “trip wires” to block certain subscribers after they reached certain viewing thresholds based on their monthly cost to the company. The FTC also alleged the respondents violated the Restore Online Shoppers’ Confidence Act, by failing to (i) disclose all material terms before obtaining consumers’ billing information; or (ii) obtain consumers’ express informed consent before charging them. Furthermore, the respondents allegedly failed to take reasonable measures to protect subscribers’ personal information, including storing personal data such as financial information and email addresses in unencrypted form and failing to restrict who could access the data, which lead to a data breach in 2019.
An analysis of the FTC’s proposed consent order notes that the respondents are prohibited from misrepresenting their services and must establish a comprehensive information security program that requires them—and any businesses controlled by the respondents —to implement and annually test and monitor safeguards and take steps to address security risks. The respondents must also obtain biennial third-party assessments of its information security program, notify the FTC of any future data breaches, and annually certify that it is complying with the order’s data security requirements. The FTC noted that because certain respondents have filed for bankruptcy, the order does not include monetary relief.
FDIC fines Oregon-based bank for unfair and deceptive collection practices
On May 10, the FDIC announced that an Oregon-based bank has agreed to settle allegations of unfair and deceptive practices in violation of Section 5 of the FTC Act related to a wholly owned subsidiary’s debt collection practices for commercial equipment financing. According to the FDIC, the subsidiary unfairly and deceptively charged various undisclosed collection fees—such as collection call and letter fees and third-party collection fees—to borrowers with past due accounts. The FDIC additionally claimed that some of the subsidiary’s collection practices were also unfair and deceptive, including (i) placing excessive and sequential collection calls to borrowers even after requests were made to stop the calls; (ii) disclosing borrowers’ debt information to third parties; and (iii) telling borrowers that their commercial debt would be reported as delinquent to the consumer reporting agencies (CRAs), even though its policy and practice was to not report such delinquencies to the CRAs. Under the terms of the settlement order, the bank, which does not admit nor deny the violations, will voluntarily pay an approximately $1.8 million civil money penalty.
FTC settles with photo app developer over its facial recognition technology
On May 7, the FTC announced a final settlement with the developer of a California-based photo app (defendant) for allegedly deceiving consumers concerning its use of facial recognition technology and its retention of the photos and videos of users who previously deactivated their accounts. The FTC filed a complaint in January claiming, among other things, that the defendant violated the FTC Act by misleading users about their ability to control the face recognition feature and remove photos after account deletion. According to the FTC’s complaint, the defendant automatically activated its face recognition feature for all mobile app users except those consumers who lived in Texas, Illinois, Washington and the European Union. The FTC alleged that the defendant also failed to keep its promise to delete the photos and videos of users who deactivated their accounts and instead retained them indefinitely. Under the terms of the stipulated final order, the defendant must “clearly and conspicuously disclose to the User from whom Respondent has collected the Biometric Information, separate and apart from any ’privacy policy,’ ’terms of use‘ page, or other similar document, all purposes for which Respondent will use, and to the extent applicable, share, the Biometric Information; and obtain the affirmative express consent of the User from whom Respondent collected the Biometric Information.” The settlement also calls for the deletion of all photos and videos that were collected from users who requested deactivation of their accounts.
CFPB alleges deceptive advertising by NJ reverse-mortgage company
On April 27, the CFPB announced a consent order against a nationwide, New Jersey-based mortgage broker and direct lender for allegedly sending deceptive loan advertisements to hundreds of thousands of older borrowers. According to the CFPB, the respondent’s advertisements and letters violated the Mortgage Acts and Practices Advertising Rule (MAP Rule), TILA, and the CFPA, by, among other things; (i) misrepresenting the costs of reverse mortgages, including fees, associated taxes, and insurance; (ii) failing to inform borrowers that if they did not continue to pay taxes or insurance they were at risk of losing their homes; (iii) creating the impression that consumers had a preexisting relationship with the lender; and (iv) informing consumers that they were preapproved for specific loan amounts and likely to obtain particular terms or refinancing. Under the terms of the consent order, the respondent is required to pay a $140,000 civil money penalty. Additionally, an advertising compliance official must review the respondent’s mortgage advertisement template before it is put into use in an advertisement “to ensure that it is compliant with the MAP Rule, Regulation Z, TILA, the CFPA,” as well as the consent order. The respondent must also develop and provide the CFPB a “comprehensive compliance plan designed to ensure that Respondent’s mortgage advertising complies with all applicable Federal consumer financial laws and the terms of this Order.”