Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Washington Appeals Court disagrees with appellant in a class action data breach; affirms lower court’s decision
On January 8, the Washington State Court of Appeals affirmed superior court rulings granting final approval to a class action settlement, denying a motion to consolidate six class action lawsuits, and approving a class notice plan. According to the opinion, in 2021, the U.S. Department of Health and Human Services notified the respondent company, a nonprofit organization serving low-income individuals, of a data breach that exposed the social security numbers of 163,499 individuals. In 2022, appellant filed a class action lawsuit against the respondent company, one of six such separate class action lawsuits. The appellant filed a motion to consolidate the six pending class action lawsuits, which was denied. Subsequently, plaintiffs in one of the class action lawsuits signed a settlement agreement and release that would release, discharge, and bar all claims asserted in the other class action lawsuits and provide compensation anywhere from $100 to $25,000 to impacted individuals. The appellant plaintiff then filed the instant appeal alleging that the lower court abused its discretion by denying her motion to consolidate the six actions, that the class action plan failed to provide reasonable notice, and that the settlement was not fair, reasonable, or adequate because “the settlement is the product of collusion between the settling parties.” The appellate court disagreed and ultimately upheld the lower court’s rulings.
On January 2, New York Governor Kathy Hochul revealed a proposed plan focused on consumer protection and affordability as the initial part of the Governor’s 2024 State of the State address. The plan includes changes to New York’s consumer protection laws, regulations for buy now pay later products, increased paid medical and disability leave benefits, measures to eliminate co-pays for insulin in specific insurance plans, and legislation addressing medical debt.
Changes to consumer protection laws would give the Attorney General more power to enforce the laws and help the state to address unfair and abusive business practices. Additionally, proposed legislation would require buy now pay later providers to obtain licenses and introduce regulations focusing on disclosure, dispute resolution, credit standards, fee limits, data privacy, and preventing excessive debt.
NYDFS also detailed Governor Hochul’s plan to update and broaden New York’s hospital financial assistance law to provide increased protection against medical debt. The proposed legislation aims to limit hospitals’ ability to sue low-income patients (earning less than 400 percent of the Federal Poverty Level) for medical debt and expand financial assistance programs. It also seeks to cap monthly payments and interest rates on medical debt while enhancing access to financial aid. This consumer protection and affordability plan builds on Governor Hochul and her administration’s efforts to make New York more affordable and livable.
On December 18, the FTC released a report highlighting key takeaways from its October panel discussion on generative artificial intelligence (AI) and “creative industries.” As previously covered by InfoBytes, the FTC hosted a virtual roundtable to hear directly from creators on how generative AI is affecting their work and livelihood given the FTC’s interest in understanding how AI tools impact competition and business practices. The report presents a summary of insights gathered during the roundtable and explains the FTC’s particular jurisdictional interest in regulating AI. The report explains that the FTC has brought several recent enforcement actions relating to AI and how the use of AI can potentially violate Section 5 of the FTC Act, which “prohibits unfair or deceptive acts or practices and unfair methods of competition.” Additionally, the report mentioned how President Biden’s recent Executive Order on the Safe, Secure and Trustworthy Development and Use of AI (covered by InfoBytes here), encourages the FTC to leverage its existing faculties to protect consumers from harms caused by AI and to ensure competition in the marketplace. The FTC’s report explains that it is appropriately taking such actions, both through enforcement actions and by gathering information. The Commission additionally stipulated that training generative AI on “protected expression” made by a creator without the creator’s consent or the sale of that generated output could constitute an unfair method of competition or an unfair or deceptive practice. The FTC added that this may be amplified by actions that involve deceiving consumers, improperly using a creator’s reputation, reducing the value of a creator’s work, exposing private information, or otherwise causing substantial injury to consumers. The Commission further warned that “conduct that may be consistent with other bodies of law nevertheless may violate Section 5.”
On November 7, the FTC and the State of Florida settled with a chargeback company to prevent it from deceiving any consumers who seek to dispute credit card charges. Back in April 2023, the FTC and the State of Florida sued the chargeback company under Section 5 of the FTC Act, 15 U.S.C. § 45, and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA), Chapter 501, Part II, as previously covered by InfoBytes here. A chargeback is a system for consumers to get their money returned when they have a problem with a purchase. The proposed court order was agreed to by the defendants but, before it can go into effect, the order first must be approved by a federal judge. The final judgment totals $150,000 and prevents the defendants from working with several high-risk clients.
On October 17, the CFPB announced an enforcement action against a nonbank international money transfer provider for alleged deceptive practices and illegal consumer waivers. According to the consent order, the company facilitated remittance transfers through its app that required consumers to sign a “remittance services agreement,” which included a clause protecting the company from liability for negligence over $1,000. The Bureau alleged that such waiver violated the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, including Subpart B, known as the Remittance Transfer Rule, by (i) requiring consumers sign an improper limited liability clause to waive their rights; (ii) failing to provide contact and cancellation information in disclosures, and other required terms; (iii) failing to provide a timely receipt when payment is made for a transfer; (iv) failing to develop and maintain required policies and procedures for error resolution; (v) failing to investigate and determine whether an error occurred, possibly preventing consumers from receiving refunds or other remedies they were entitled to; and (vi) failing to accurately disclose exchange rates and the date of fund availability. The CFPB further alleged that the company’s representations regarding the speed (“instantly” or “within seconds”) and cost (“with no fees”) of its remittance transfers to consumers were inaccurate and constituted violations of CFPA. The order requires the company to pay a $1.5 million civil money penalty and provide an additional $1.5 in consumer redress. The company must also take measures to ensure future compliance.
On October 7, the California governor approved SB 478 (the “Act”), enacting amendments to the Consumers Legal Remedies Act designed to prohibit “drip pricing,” which involves advertising a price that is lower than the actual price a consumer will have to pay for a good or service. The Act, with specified exceptions, will make advertising the price of a good or service excluding additional fees or charges other than taxes, unlawful. The California Legislature declared that the Act is not intended to prohibit any particular method of determining prices for goods or services, including algorithmic or dynamic pricing. Instead, it is intended to regulate how prices are advertised, displayed, and/or offered.
The Act is effective July 1, 2024.
On August 30, a California Appeals Court (Appeals Court) reversed a lower court’s ruling that a mere alleged debt, whether or not actually due or owing – as opposed to a debt that is, in fact, actually due or owing – is insufficient to state a claim under the Rosenthal Fair Debt Collection Practices Act (Rosenthal Act). Enacted in 1977, the Rosenthal Act aims “to prohibit debt collectors from engaging in unfair or deceptive acts or practices in the collection of consumer debts.” Plaintiff purchased a home with a previously-installed solar energy system. The previous homeowner and plaintiff reached an agreement whereby the prior homeowner would purchase the energy produced through the system through monthly payments. However, the defendant, the provider of the solar energy system, sent late payment notices to plaintiff demanding that he make monthly payments. Although plaintiff did not engage in a “consumer credit transaction” with the defendant, the Appeals Court found that the plaintiff’s receipt of statements and notices from the defendant constituted money “alleged to be due or owing,” as required to state a claim under the Rosenthal Act. In holding that the plaintiff’s claim “has merit,” the Appeals Court emphasized that the Rosenthal Act was specifically designed to “eliminate the recurring problem of debt collectors dunning the wrong person or attempting to collect debts which the consumer has already paid,” and “[i]t is difficult to conceive of a more unfair debt collection practice than dunning the wrong person”.
On September 5, the FDIC released the list of nonmember banks examined for compliance with the Community Reinvestment Act (CRA), which is intended to “encourage insured banks and thrifts to meet local credit needs.” Included in the list was a fintech bank that the FDIC rated as “Needs to Improve” for reasons involving its overall record of helping meet the credit needs of underserved communities. According to the FDIC’s CRA performance evaluation of the Utah-based bank, the FDIC adjusted the CRA rating from “Satisfactory” to “Needs to Improve” due to illegal credit practices that resulted in violations of Section 5 of the FTC Act, Unfair or Deceptive Acts or Practices that were present during the time of the evaluation period. The FDIC found that the bank’s actions impacted a significant number of customers across the bank’s fuel card programs, and that the practices were sustained for multiple years. The FDIC also noted that, after the bank was notified of the violations, it implemented corrective measures, including customer restitution.
On August 22, the CFPB announced it is suing a lending company and its subsidiaries that provide installment loans as a refinance option to consumers who have difficulty paying their existing loans. According to the complaint, the Bureau claims that through an array of underwriting, sales, and servicing practices, the company would encourage consumers with limited loan options to repeatedly refinance their existing loans, securing fees with each successful round of refinancing. The CFPB alleges the company and its subsidiaries generated over 40 percent of its net revenue through the loan costs and fees it derived from “churning” consumers in repeated refinances. The complaint includes details of the sales tactics, and how a district supervisor “plainly tells their employees that if they don’t refinance their delinquent customers, they’re not going to meet their monthly growth goals.” In addition, the company allegedly marketed the option to refinance existing loans as a “fresh start” and “solution” to their problems. The Bureau alleges that the company violated CFPA and engaged in unfair and abusive acts and practices.
The Bureau seeks redress for consumers, injunctive relief, and a civil money penalty.
On July 26, the CFPB released its Summer 2023 issue of Supervisory Highlights, which covers enforcement actions in areas such as auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday lending and remittances from June 2022 through March 2023. The Bureau noted significant findings regarding unfair, deceptive, and abusive acts or practices and findings across many consumer financial products, as well as new examinations on nonbanks.
- Auto Origination: The CFPB examined auto finance origination practices of several institutions and found deceptive marketing of auto loans. For example, loan advertisements showcased cars larger and newer than the products for which actual loan offers were available, which misled consumers.
- Auto Servicing: The Bureau’s examiners identified unfair and abusive practices at auto servicers related to charging interest on inflated loan balances resulting from fraudulent inclusion of non-existent options. It also found that servicers collected interest on the artificially inflated amounts without refunding consumers for the excess interest paid. Examiners further reported that auto servicers engaged in unfair and abusive practices by canceling automatic payments without sufficient notice, leading to missed payments and late fee assessments. Additionally, some servicers allegedly engaged in cross-collateralization, requiring consumers to pay other unrelated debts to redeem their repossessed vehicles.
- Consumer Reporting: The Bureau’s examiners found that consumer reporting companies failed to maintain proper procedures to limit furnishing reports to individuals with permissible purposes. They also found that furnishers violated regulations by not reviewing and updating policies, neglecting reasonable investigations of direct disputes, and failing to notify consumers of frivolous disputes or provide accurate address disclosures for consumer notices.
- Debt Collection: The CFPB's examinations of debt collectors (large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons) uncovered violations of the FDCPA and CFPA, such as unlawful attempts to collect medical debt and deceptive representations about interest payments.
- Deposits: The CFPB's examinations of financial institutions revealed unfair acts or practices related to the assessment of both nonsufficient funds and line of credit transfer fees on the same transaction. The Bureau reported that this practice resulted in double fees being charged for denied transactions.
- Fair Lending: Recent examinations through the CFPB's fair lending supervision program found violations of ECOA and Regulation B, including pricing discrimination in granting pricing exceptions based on competitive offers and discriminatory lending restrictions related to criminal history and public assistance income.
- Information Technology: Bureau examiners found that certain institutions engaged in unfair acts by lacking adequate information technology security controls, leading to cyberattacks and fraudulent withdrawals from thousands of consumer accounts, causing substantial harm to consumers.
- Mortgage Origination: Examiners found that certain institutions violated Regulation Z by differentiating loan originator compensation based on product types and failing to accurately reflect the terms of the legal obligation on loan disclosures.
- Mortgage Servicing: Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations related to loss mitigation timing, misrepresenting loss mitigation application response times, continuity of contact procedures, Spanish-language acknowledgment notices, and failure to provide critical loss mitigation information. Additionally, some servicers reportedly failed to credit payments sent to prior servicers after a transfer and did not maintain policies to identify missing information after a transfer.
- Payday Lending: The CFPB identified unfair, deceptive, and abusive acts or practices, including unreasonable limitations on collection communications, false collection threats, unauthorized wage deductions, misrepresentations regarding debt payment impact, and failure to comply with the Military Lending Act. The report also highlighted that lenders reportedly failed to retain evidence of compliance with disclosure requirements under Regulation Z. In response, the Bureau directed lenders to cease deceptive practices, revise contract language, and update compliance procedures to ensure regulatory compliance.
- Remittances: The CFPB evaluated both depository and non-depository institutions for compliance with the EFTA and its Regulation E, including the Remittance Rule. Examiners found that some institutions failed to develop written policies and procedures to ensure compliance with the Remittance Rule's error resolution requirements, using inadequate substitutes or policies without proper implementation.