Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Illinois amends Collection Agency Act provisions

    On May 27, the Illinois governor signed HB 5220, which makes various amendments to provisions related to the state’s Collection Agency Act. Among other things, the amendments strike language repealing specified provisions and add, amend, and strike certain definitions, including amending “financial institution” to include “consumer installment lenders, payday lenders, sales finance agencies, and any other industry or business that offers services or products that are regulated under any Act administered by the [Director of the Division of Financial Institutions].” The amendments further provide that an adjudicated finding by the FTC or other federal or state agency that shows a licensee violated the FDCPA or its rules is grounds for disciplinary action. Also, at the discretion of the Secretary (after having first received the recommendation of the Collection Agency Licensing and Disciplinary Board), an “accused person’s license may be suspended or revoked, if the evidence constitutes sufficient grounds for such action.” Moreover, the amendments restore language providing that the Department of Financial and Professional Regulation may obtain written recommendations from the Collection Agency Licensing and Disciplinary Board “regarding standards of professional conduct, formal disciplinary actions, and the formulation of rules affecting these matters.” The Act takes effect January 1, 2023.

    Licensing State Issues Illinois Debt Collection FDCPA State Legislation

    Share page with AddThis
  • Illinois amendments address confidentiality of customer financial records

    State Issues

    On May 13, the Illinois governor signed SB 3971, which makes various amendments to Illinois Banking Act and Savings Bank Act provisions concerning the confidentiality of customer financial records. Among other things, the Act provides that a bank must disclose financial records “only after the bank sends a copy of the subpoena, summons, warrant, citation to discover assets, or court order,” to the person establishing the relationship with the bank if living (or the person’s representative otherwise), at the person’s last known address. Further, such requests must be sent through a third-party commercial carrier or courier, with delivery charge fully prepaid, by hand or by electronic delivery at an email address on file with the bank (provided the person has consented to electronic delivery).

    The Act also stipulates that a bank retain customer financial records “in a manner consistent with prudent business practices and in accordance with this Act and applicable State or Federal laws, rules, and regulations.” A bank may also destroy records (with reasonable precautions taken to ensure the confidentiality of the information contained in the records) except where a retention period is required by law. The Act is effective immediately.

    State Issues State Legislation Illinois Illinois Banking Act Illinois Savings Bank Act Privacy/Cyber Risk & Data Security Consumer Protection

    Share page with AddThis
  • Illinois adopts rules implementing Predatory Loan Prevention Act

    State Issues

    On April 22, the Illinois Department of Financial and Professional Regulation (IDFPR) published in the Illinois Register a notice of adopted rules to implement the Predatory Loan Prevention Act (PLPA or the Act). As previously covered by InfoBytes, the Act was signed into law in March 2021 to prohibit lenders from charging more than 36 percent APR on all non-commercial consumer loans under $40,000, including closed-end and open-end credit, retail installment sales contracts, and motor vehicle retail installment sales contracts. Violations of the Act constitute a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act and carry a potential fine up to $10,000. Additionally, any loan with an APR exceeding 36 percent will be considered null and void.

    In general, the adopted rules require lenders to provide a disclosure to consumers about the 36 percent APR rate cap established by the PLPA, incorporate the APR calculation method required by the PLPA, and amend the rules for reporting of payday loans to the state database. The rules specify that words in the definitions are not defined to have the same meaning as in Regulation Z, including any interpretation by the CFPB. For purposes of calculating the PLPA ARP, the rules specify that the calculation excludes only certain specified bona fide fees, but includes finance charges, loan application fees, and fees imposed for participation in any plan or arrangement for a loan, “even if that charge would be excluded from the finance charge under Regulation Z.”

    The IDFPR made several amendments related to rate cap disclosure notices. These specify that all loan applications must include a separate rate cap disclosure signed by the consumer (disclosures must be provided in English and in the language in which the loan was negotiated) that clearly and conspicuously states: “A lender shall not contract for or receive charges exceeding a 36% annual percentage rate on the unpaid balance of the amount financed for a loan, as calculated under the Illinois Predatory Loan Prevention Act (PLPA APR). Any loan with a PLPA APR over 36% is null and void, such that no person or entity shall have any right to collect, attempt to collect, receive, or retain any principal, fee, interest, or charges related to the loan. The annual percentage rate disclosed in any loan contract may be lower than the PLPA APR.”

    The rules take effect August 1.

    State Issues State Regulators Illinois Predatory Lending Consumer Finance Interest Rate APR

    Share page with AddThis
  • Illinois adopts amendments to Consumer Installment Loan Act

    On April 22, the Office of the Illinois Secretary of State published in the Illinois Register a notice by the Department of Financial and Professional Regulation of adopted amendments to certain parts of its Consumer Installment Loan Act (CILA). Under the amendments, a licensee may obtain a license under the CILA for the exclusive purpose and use of making title secured loans. The amendments also require consumer installment lenders to provide a disclosure to consumers regarding the 36 percent annual percentage rate (APR) rate cap established by the Predatory Loan Prevention Act Annual Percentage Rate. These amendments eliminate small consumer loans and implement rules for reporting, to the state database, consumer installment loans. Additionally, the amendments include the implementation of a new definition and new rules for title-secured loans. The amendments are effective August 1.

    Licensing State Issues Illinois State Regulators Consumer Finance Installment Loans

    Share page with AddThis
  • District Court refuses to enforce choice-of-law provision, allows individual state data privacy claims to proceed

    Privacy, Cyber Risk & Data Security

    On March 30, the U.S. District Court for the Northern District of Illinois denied a global tech company’s bid to dismiss class action Illinois Biometric Information Privacy Act (BIPA) claims. Plaintiffs (Illinois residents) sued the company alleging it violated BIPA by applying image recognition technology to photos uploaded to subscribers’ account without receiving informed written consent. Plaintiffs also claimed the company failed to establish a file retention schedule and deletion guidelines as required by state law. The company argued that the terms of use agreed to by the subscribers contain a choice-of-law provision stating that the laws of Washington State govern the conditions of use and any disputes. The court disagreed, stating that Washington’s biometric protection statute does not provide for a private cause of action and is therefore contrary to Illinois’ fundamental public policy. “The fact that BIPA creates a private cause of action underscores the importance Illinois places on an individual’s right to control their biometric information,” the court said. “Applying Washington law would rob plaintiffs of control over their individual biometric information, instead leaving it to Washington’s attorney general to bring suit.” The court also held that Illinois has a greater material interest in the dispute than Washington. The court allowed the plaintiffs’ claims regarding consent to proceed in federal court but remanded the other claims to the Cook County Circuit Court.

    Privacy/Cyber Risk & Data Security Courts State Issues Washington Illinois BIPA

    Share page with AddThis
  • FTC imposes “record-setting” fine on auto dealer alleging discriminatory junk fees

    Federal Issues

    On April 1, the FTC and the Illinois Attorney General announced a proposed settlement with an Illinois-based multistate auto dealer group for allegedly adding junk fees for unwanted “add-on” products to consumers’ bills and discriminating against Black consumers. Under the terms of the proposed settlement, the defendants are ordered to pay a $10 million penalty, of which $9.95 million will be used to provide monetary relief to consumers. According to the FTC, this is the highest penalty ever obtained against an auto dealer. The remaining balance of the penalty will be paid to the Illinois Attorney General Court Ordered and Voluntary Compliance Payment Projects Fund.

    According to the complaint, which brings claims under the FTC Act, TILA, ECOA, and comparable Illinois laws, eight of the defendant’s dealerships, along with the general manager of two of the Illinois dealerships, allegedly tacked on junk fees for unwanted “add-on” products such as service contracts, GAP insurance, and paint protection to consumers’ purchase contracts at the end of the negotiation process, often without consumers’ consent. In other instances, consumers were told that the add-ons were free or were required to purchase or finance their vehicle. The complaint further alleges that defendants discriminated against Black consumers by charging them higher interest rates or more for add-on products than similarly situated non-Latino white consumers. As result, Black consumers allegedly paid, on average, $190 more in interest and $99 more for add-on products.

    FTC Chair Lina M. Khan and Commissioner Rebecca Kelly Slaughter issued a joint statement noting that they “would have also supported a count alleging a violation of the FTC Act’s prohibition on unfair acts or practices.” Khan and Slaughter elaborated on reasons why the FTC “should evaluate under its unfairness authority any discrimination that is found to be based on disparate treatment or have a disparate impact,” pointing out that (i) discrimination based on protected status can cause substantial injury to consumers; (ii) “injuries stemming from disparate treatment or impact are unavoidable because affected consumers cannot change their status or otherwise influence the unfair practices”; and (iii) “injuries stemming from disparate treatment or impact are not outweighed by countervailing benefits to consumers or competition.”

    Federal Issues FTC Enforcement Fees State Issues Illinois State Attorney General Discrimination Auto Finance Fair Lending ECOA FTC Act TILA Disparate Impact

    Share page with AddThis
  • Social networking apps settle minors' data claims for $1.1 million

    Privacy, Cyber Risk & Data Security

    On March 25, the U.S. District Court for the Northern District of Illinois granted final approval to a $1.1 million class action settlement resolving claims that the operators of two video social networking apps (defendants) “‘surreptitiously tracked, collected, and disclosed the personally identifiable information and/or viewing data of children under the age of 13,’ ‘without parental consent’” in violation of federal and California privacy law. Specifically, plaintiffs asserted violations of the Video Privacy Protection Act (VPPA), the California constitutional right to privacy, the California Consumers Legal Remedies Act (CLRA), and the Illinois Consumer Fraud and Deceptive Businesses Practices Act. Defendants countered that plaintiffs’ state-law claims were preempted by the Children’s Online Privacy Protection Act, and that, furthermore, the “alleged conduct is not within the scope of VPPA or the cited state consumer protection laws” and “does not amount to a common law invasion of privacy or a violation of Plaintiffs’ rights under the California Constitution.” Moreover, defendants argued that plaintiffs could not recover actual damages. According to plaintiffs’ supplemental motion for final approval, following months-long negotiations, the parties agreed to settle the action on a class-wide basis.

    The settlement requires defendants to pay $1.1 million into a non-reversionary settlement fund, to be dispersed pro rata to class members (anyone in the U.S. who, prior to the settlement’s effective date and while under the age of 13, registered for or used the apps) who submit a valid claim after the payment of settlement administration expenses, taxes, fees, and service awards. The court’s order, however, declined to award an objector’s counsel any attorneys’ fees for his efforts to negotiate modified relief because the agreement was negotiated in a separate proceeding in related multidistrict litigation. The court also denied plaintiffs’ motion for sanctions against the objector’s law firm.

    Privacy/Cyber Risk & Data Security Courts Settlement Class Action State Issues Illinois California COPPA

    Share page with AddThis
  • District Court approves $15 million class action settlement over BIPA violations


    On February 18, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a workplace management software company (defendant) violated the Illinois Biometric Information Privacy Act (BIPA) by collecting data without providing the requisite disclosures or obtaining informed written consent. According to the plaintiff’s motion for preliminary approval, the settlement class is comprised of nearly 172,000 Illinois employees who used the defendant’s biometric timekeeping devices at work and whose finger-scan data “was hosted” by the defendant. The defendant denied any violation of BIPA. Under the settlement agreement, the defendant will pay approximately $15 million into a non-reversionary settlement fund, and settlement class members, who need to file a valid claim to receive payment, are expected to receive between $290 and $580 each.

    Courts Class Action Privacy/Cyber Risk & Data Security BIPA State Issues Illinois

    Share page with AddThis
  • Fed announces enforcement action against Illinois bank

    On February 10, the Federal Reserve Board announced an enforcement action against an Illinois-based bank. According to the consent order, the bank allegedly violated the National Flood Insurance Act (NFIA) and Regulation H. The order assesses a $253,500 penalty against the bank for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.

    Bank Regulatory Federal Issues Federal Reserve Enforcement Illinois Flood Insurance National Flood Insurance Act Regulation H

    Share page with AddThis
  • Illinois Supreme Court rules Workers’ Compensation Act does not bar BIPA privacy claims

    Privacy, Cyber Risk & Data Security

    On February 3, the Illinois Supreme Court unanimously ruled that the Illinois Workers’ Compensation Act (Compensation Act) does not bar claims for statutory damages under the state’s Biometric Information Privacy Act (BIPA). According to the opinion, the plaintiff sued the defendant and several other long-term care facilities in 2017 for violations of BIPA, alleging their timekeeping systems scanned her fingerprints without first notifying her and seeking her consent. The defendant countered that the Compensation Act preempted the plaintiff’s claims, but in 2020 the Illinois Appellate Court, First District, held that it failed to see how the plaintiff’s claim for liquidated damages under BIPA “fits within the purview of the Compensation Act, which is a remedial statute designed to provide financial protection for workers that have sustained an actual injury.” As such, the appellate panel concluded that the Compensation Act’s exclusivity provisions “do not bar a claim for statutory, liquidated damages, where an employer is alleged to have violated an employee’s statutory privacy rights under the Privacy Act, as such a claim is simply not compensable under the Compensation Act.”

    In affirming the appellate panel’s decision, the Illinois Supreme Court agreed that the “personal and societal injuries caused by violating [BIPA’s] prophylactic requirements are different in nature and scope from the physical and psychological work injuries that are compensable under the Compensation Act. [BIPA] involves prophylactic measures to prevent compromise of an individual’s biometrics.” Additionally, the Illinois Supreme Court held that the plain language of BIPA supports a conclusion that the state legislature did not intend for it to be preempted by the Compensation Act’s exclusivity provisions. Noting that it is aware of the consequences the legislature intended as a result of BIPA violations, the Illinois Supreme Court wrote that the “General Assembly has tried to head off such problems before they occur by imposing safeguards to ensure that the individuals’ privacy rights in their biometric identifiers and biometric information are properly protected before they can be compromised and by subjecting private entities who fail to follow the statute’s requirements to substantial potential liability . . . whether or not actual damages, beyond violation of the law’s provisions, can be shown.” Moreover, if a “different balance should be struck under [BIPA] given the category of injury,” that is “a question more appropriately addressed to the legislature.”

    Privacy/Cyber Risk & Data Security Courts State Issues Illinois BIPA Appellate

    Share page with AddThis