InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC to modernize guidance on preventing digital deception
On June 3, the FTC announced that it is soliciting public comment on modernizing the agency’s business guidance titled “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,” which was published in 2013 and provides guidance to businesses on digital advertising and marketing. In seeking public comment on possible revisions, the FTC is seeking information on the technical and legal issues that consumers, the FTC’s law enforcement partners, and others believe should be addressed. The issues include, among other things: (i) the usage of sponsored and promoted advertising on social media; (ii) advertising embedded in games and virtual reality and microtargeted advertisements; and (iii) the usage of dark patterns, manipulative user interface designs used on websites and mobile apps, and digital advertising that pose unique risks to consumers. According to the Commission, this effort “is one of a number of initiatives the FTC is undertaking to tackle dark patterns and digital deception, including issuing a click-to-cancel policy statement, proposing strengthened advertising guidelines against fake and manipulated reviews, arming staff with new tools to investigate dark patterns, and authorizing a Notice of Penalty Offense against deceptive reviews.” Comments close on August 2.
FTC secures TRO against credit repair scheme
On May 31, the FTC announced that the U.S. District Court for the Eastern District of Maryland granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices that scammed consumers out of more than $213 million. According to the FTC’s complaint, the operation targeted consumers with low credit scores promising its products could remove all negative information from their credit reports and significantly increase credit scores. The operation allegedly violated the FTC Act, the Credit Repair Organizations Act, and the Telemarketing Sales Rule by, among other things, (i) making misrepresentations regarding its credit repair services; (ii) selling a product that purportedly sends rent payment information to credit bureaus even though “this information is not generally part of consumers’ credit score and many credit bureaus don’t accept this kind of information directly from consumers”; (iii) charging illegal advance fees; (iv) failing to provide consumers required information such as refund and cancellation policies; and (v) recruiting consumers to sell credit repair products to other consumers as part of a pyramid scheme even though few consumers ever received the promised earnings (and many consumers actually lost money as agents). Beyond the temporary restraining order, the FTC is seeking a permanent injunction, monetary relief, and other equitable relief.
FTC takes action against telemarketing operation
On May 25, the FTC announced an action resolving allegations against a subscription scam operation and its officers (collectively, “defendants”) that allegedly deceptively used telemarketing schemes on consumers. According to the complaint, which was filed in the U.S. District Court for the District of Nevada, the defendants allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR) by calling consumers to claim that they were conducting a survey and offering “free” or low-cost magazine subscriptions. After the survey, the defendants allegedly sent consumers a bill falsely stating that they agreed to pay several hundred dollars for the magazine subscriptions. According to the FTC, there was a “no-cancellation policy,” and the defendants allegedly harassed consumers when they refused to pay the exorbitant bills, including by threatening to initiate collection actions or threatening to submit derogatory information about them to the major credit bureaus. The proposed order follows a 2010 permanent injunction that was entered against the same defendants, which prohibited them from committing future violations. The recent order requires the defendants to pay a suspended judgment of $14.4 million and requires them to give up all claims to money already paid to the FTC. Additionally, the defendants are required to monitor their compliance with the proposed order “and may face significant contempt remedies if they violate its terms.” The FTC noted that the original monetary relief was vacated after the Supreme Court’s decision in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here). The FTC pointed out that the “settlement of this matter for a suspended judgment of $14.47 million, after originally having been awarded $24 million at trial, demonstrates the challenges since the Supreme Court’s AMG decision.”
District Court enters consent order in 2016 CFPB structured settlement action
On May 18, the U.S. District Court for the District of Maryland approved a consent order against defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, in 2016 the Bureau initiated an enforcement action against the defendants alleging that they violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court denied the defendants’ motions to dismiss the Bureau’s amended complaint, which argued that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert). The defendants had also argued that that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). Under the terms of the May 18 consent order, the individual defendant, who “had an ownership interest in [the company] and served in executive positions at [the defendants] from their inception to their dissolution" is prohibited from, among other things, participating or assisting others in participating in transfer of payment streams from structured-settlement holders and referring consumers to a specific individual or for-profit entity for advice concerning any structured-settlement transaction, including for independent professional advice. The individual defendant must also pay a $5,000 civil money penalty.
Social media company to pay $150 million to settle FTC, DOJ data security probe
On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”
Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.
FDIC rule seeks to thwart misrepresentations about deposit insurance
On May 17, the FDIC approved a final rule implementing its authority to prohibit any person or organization from making misrepresentations about FDIC deposit insurance or misusing the FDIC’s name or logo. According to the FDIC, the final rule responds to the “increasing number of instances where individuals or entities have misused the FDIC’s name or logo, or have made false or misleading representations about deposit insurance.” To promote transparency on the FDIC’s processes for investigating and enforcing potential breaches of prohibitions under Section 18(a)(4) of the Federal Deposit Insurance Act, the final rule clarifies the agency’s procedures for identifying, investigating, and where necessary, taking formal and informal action to address potential violations, and establishes a primary point-of-contact for receiving complaints and inquiries about potential misrepresentations regarding deposit insurance. The final rule takes effect 30 days after publication in the Federal Register.
In response, the CFPB released Consumer Financial Protection Circular 2022-02 to provide that covered firms are likely in violation of the CFPA’s prohibition on deceptive acts or practices “if they misuse the name or logo of the FDIC or engage in false advertising or make material misrepresentations to the public about deposit insurance, regardless of whether such conduct (including the misrepresentation of insured status) is engaged in knowingly.” As previously covered by InfoBytes, the newly introduced circulars serve as policy statements for other agencies with consumer financial protection responsibilities. Specifically, the Bureau warned that (i) “[m]isrepresenting the FDIC logo or name will typically be a material misrepresentation”; (ii) claiming “financial products or services are ‘regulated’ by the FDIC or ‘insured’ or ‘eligible for’ FDIC insurance are likely deceptive if those claims expressly or implicitly indicate that the product or service is FDIC-insured when that is not in fact the case” (e.g. emerging financial products and services including digital assets and crypto-assets); and (iii) misusing the FDIC’s name or logo creates harm for firms that engage in honest advertising and marketing. CFPB Director Rohit Chopra, as an FDIC board member, announced the Bureau’s support for the final rule. “Misrepresentation claims about deposit insurance are particularly relevant today,” Chopra noted. “FDIC staff has noted an uptick in potential violations in recent years. We are especially concerned about potential misconduct involving novel technologies, including so-called stablecoins and other crypto-assets. While new technologies may yield significant benefits for households, workers, and small businesses, they nonetheless pose risks to consumers who may be baited by misrepresentations or false advertisements about deposit insurance.”
Acting Comptroller of the Currency Michael J. Hsu specifically called out the timeliness of the final rule in light of changes in the marketplace, technological developments, and rapidly evolving consumer behaviors. The final rule “is especially important in light of the growth of nonbank crypto firms and fintechs and their relationships with banks,” Hsu stated. “The potential for consumer confusion about the status of cash held at these firms is high and this final rule will help provide clarity.”
FTC temporarily halts unlawful credit repair operation
On May 6, the FTC announced that the U.S. District Court for the Middle District of Florida granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices. According to the FTC’s complaint, the operation violated the FTC Act, the CROA, and the TSR by, among other things; (i) making misrepresentations regarding credit repair services; (ii) making misrepresentations regarding a money-making opportunity associated with a government benefit related to Covid-19; (iii) making untrue or misleading representations to consumers, which included increasing their credit score; (vi) charging for the performance of credit repair services that the defendants agreed to perform prior to such services being fully performed; (v) making untrue or misleading statements with respect to their sales pitch on credit worthiness, credit standing, or credit capacity to consumer reporting agencies, creditors, and potential creditors; and (vi) charging illegal advance fees. Beyond the temporary restraining order, the FTC is seeking a permanent injunction, the appointment of a receiver, immediate access to business premises, an asset freeze, and other equitable relief.
Connecticut issues CDO against unlicensed small-dollar marketplace lender
On May 4, the Connecticut Banking Commissioner issued a temporary cease and desist order against an unlicensed California-based marketplace lender after determining it had reason to believe the respondent allegedly violated several provision of the Connecticut General Statutes, as well as Section 1036 of the CFPA. The respondent operates a mobile application to help consumers take out small-dollar loans and solicits lenders via its website through advertisements claiming it “takes the work out of lending by vetting and organizing a marketplace of loan requests” where “[b]orrowers set their own terms and provide appreciation tips to lenders who agree to fund a loan, allowing for mutually beneficial financial outcomes.” Consumers initiate loans on the respondent’s platform for a certain amount, which includes optional monetary tips for both the lender and the respondent of up to 12 and 9 percent of the loan amount respectively. The Commissioner’s investigation noted that while the respondent touted the tips as being optional and not required for submitting a loan request or receiving funding, 100 percent of the loans originated to Connecticut consumers from June 2018 to August 2021 included a tip. When the tips were factored into the finance charge, the APRs of the Connecticut consumers’ loans ranged from 43 percent to over 4,280 percent. During the identified time period, loan disclosures identified the amount of the tips for each loan; however, starting in April 2021, the revised disclosures and promissory notes removed any itemization of the tips, and promissory notes allegedly “failed to indicate any obligation of the borrower to pay tips on their loans.” According to the Commissioner, the corresponding disclosures “stated that only one payment, for the principal loan amount, was due at the end of the loan,” however on the loan’s due date, the total loan amount including tips was withdrawn from the consumer’s account. Additionally, disclosures allegedly informed consumers that the APR on the loans was zero percent even though all the loans carried much higher APRs.
The Commissioner further concluded that the respondent prohibited direct communication between consumers and lenders and charged several fees on delinquent loans, including late fees and recovery fees for its collection efforts. Moreover, at least one of the contracted collection agencies was not licensed in the state, nor was the respondent licensed as a small loan company in Connecticut, and nor did it qualify for a licensure exemption.
In issuing its order to cease and desist, order to make restitution, and notice of intent to impose a civil penalty and other equitable relief, the Commissioner stated that the respondent’s “offering, soliciting, brokering, directly or indirectly arranging, placing or finding a small loan for a prospective Connecticut borrower, without the required license” constitutes at least 1,600 violations of the Connecticut General Statutes. The Commissioner cited additional violations, which included engaging in unlicensed activities such as lead generation and debt collection, and cited the respondent for providing false and misleading information related to the terms and costs of the loan transactions in violation of both state law and the CFPA’s prohibition against deceptive acts or practices. In addition to ordering the respondent to immediately cease and desist from engaging in the alleged violations, the Commissioner ordered the respondent to repay any amounts received from Connecticut consumers in connection with their loan, plus interest.
National retailers must pay $5.5 million to resolve deceptive product representation
On May 10, the DOJ announced that two national retailers agreed to pay a $2.5 million and a $3 million civil penalty (see here and here) to resolve allegations that they engaged in false labeling and marketing tactics by presenting rayon textile products as bamboo. As previously covered by InfoBytes, the DOJ on behalf of the FTC, filed complaints (see here and here) against the defendants, which alleged that since at least 2015, the companies made false or unsubstantiated representations in violation of the FTC Act by improperly labeling and marketing textile fiber products as “made of bamboo” in both product titles and descriptions. In addition to paying the civil money penalties, the defendants are prohibited from making deceptive claims, including false and/or unsubstantiated claims, relating to bamboo fiber products, and are prohibited from engaging in future violations of the FTC Act, Textile Act and Textile Rules.
CFPB fines bank $10 million over garnishment practices
On May 4, the CFPB announced a consent order against a national bank for allegedly engaging in unfair and deceptive acts or practices in violation of the CFPA by processing out-of-state garnishment orders against its customers’ bank accounts. According to the consent order, since August 2011, the respondent allegedly garnished approximately 3,700 out-of-state accounts. Customers whose accounts were garnished paid at least $592,000 in garnishment fees, the CFPB contended. The respondent allegedly, among other things, misrepresented to customers that their rights to have certain funds exempted from garnishment were governed by the law of the issuing court’s state when, actually, in most states, customers’ own state laws applied. The respondent also allegedly unfairly required customers to “direct” it not to contest garnishment orders and to waive the bank’s liability for its actions regarding the out-of-state garnishment orders, which prevented customers from pursuing legal claims against the respondent for improperly handling garnishment notices. Additionally, the respondent allegedly deceptively represented to customers that since they signed a deposit agreement that included broad language directing respondent not to contest the legal process, customers waived their right to hold the respondent liable for improperly responding to garnishment notices. Under the terms of the consent order, the respondent must, among other things: (i) refund $592,000 in garnishment-related fees to harmed customers; (ii) establish a compliance plan designed to ensure that its garnishment-related conduct pertaining to out-of-state garnishment notices and state exemptions complies with all applicable federal consumer financial laws; (iii) cease communicating to customers that they have purportedly waived any rights regarding garnishment notices as a result of entering into respondent’s deposit agreement; and (iv) pay a $10 million civil penalty to the Bureau.