Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 27, the Illinois governor signed HB 5220, which makes various amendments to provisions related to the state’s Collection Agency Act. Among other things, the amendments strike language repealing specified provisions and add, amend, and strike certain definitions, including amending “financial institution” to include “consumer installment lenders, payday lenders, sales finance agencies, and any other industry or business that offers services or products that are regulated under any Act administered by the [Director of the Division of Financial Institutions].” The amendments further provide that an adjudicated finding by the FTC or other federal or state agency that shows a licensee violated the FDCPA or its rules is grounds for disciplinary action. Also, at the discretion of the Secretary (after having first received the recommendation of the Collection Agency Licensing and Disciplinary Board), an “accused person’s license may be suspended or revoked, if the evidence constitutes sufficient grounds for such action.” Moreover, the amendments restore language providing that the Department of Financial and Professional Regulation may obtain written recommendations from the Collection Agency Licensing and Disciplinary Board “regarding standards of professional conduct, formal disciplinary actions, and the formulation of rules affecting these matters.” The Act takes effect January 1, 2023.
On May 13, the Illinois governor signed SB 3971, which makes various amendments to Illinois Banking Act and Savings Bank Act provisions concerning the confidentiality of customer financial records. Among other things, the Act provides that a bank must disclose financial records “only after the bank sends a copy of the subpoena, summons, warrant, citation to discover assets, or court order,” to the person establishing the relationship with the bank if living (or the person’s representative otherwise), at the person’s last known address. Further, such requests must be sent through a third-party commercial carrier or courier, with delivery charge fully prepaid, by hand or by electronic delivery at an email address on file with the bank (provided the person has consented to electronic delivery).
The Act also stipulates that a bank retain customer financial records “in a manner consistent with prudent business practices and in accordance with this Act and applicable State or Federal laws, rules, and regulations.” A bank may also destroy records (with reasonable precautions taken to ensure the confidentiality of the information contained in the records) except where a retention period is required by law. The Act is effective immediately.
On April 22, the Illinois Department of Financial and Professional Regulation (IDFPR) published in the Illinois Register a notice of adopted rules to implement the Predatory Loan Prevention Act (PLPA or the Act). As previously covered by InfoBytes, the Act was signed into law in March 2021 to prohibit lenders from charging more than 36 percent APR on all non-commercial consumer loans under $40,000, including closed-end and open-end credit, retail installment sales contracts, and motor vehicle retail installment sales contracts. Violations of the Act constitute a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act and carry a potential fine up to $10,000. Additionally, any loan with an APR exceeding 36 percent will be considered null and void.
In general, the adopted rules require lenders to provide a disclosure to consumers about the 36 percent APR rate cap established by the PLPA, incorporate the APR calculation method required by the PLPA, and amend the rules for reporting of payday loans to the state database. The rules specify that words in the definitions are not defined to have the same meaning as in Regulation Z, including any interpretation by the CFPB. For purposes of calculating the PLPA ARP, the rules specify that the calculation excludes only certain specified bona fide fees, but includes finance charges, loan application fees, and fees imposed for participation in any plan or arrangement for a loan, “even if that charge would be excluded from the finance charge under Regulation Z.”
The IDFPR made several amendments related to rate cap disclosure notices. These specify that all loan applications must include a separate rate cap disclosure signed by the consumer (disclosures must be provided in English and in the language in which the loan was negotiated) that clearly and conspicuously states: “A lender shall not contract for or receive charges exceeding a 36% annual percentage rate on the unpaid balance of the amount financed for a loan, as calculated under the Illinois Predatory Loan Prevention Act (PLPA APR). Any loan with a PLPA APR over 36% is null and void, such that no person or entity shall have any right to collect, attempt to collect, receive, or retain any principal, fee, interest, or charges related to the loan. The annual percentage rate disclosed in any loan contract may be lower than the PLPA APR.”
The rules take effect August 1.
On April 22, the Office of the Illinois Secretary of State published in the Illinois Register a notice by the Department of Financial and Professional Regulation of adopted amendments to certain parts of its Consumer Installment Loan Act (CILA). Under the amendments, a licensee may obtain a license under the CILA for the exclusive purpose and use of making title secured loans. The amendments also require consumer installment lenders to provide a disclosure to consumers regarding the 36 percent annual percentage rate (APR) rate cap established by the Predatory Loan Prevention Act Annual Percentage Rate. These amendments eliminate small consumer loans and implement rules for reporting, to the state database, consumer installment loans. Additionally, the amendments include the implementation of a new definition and new rules for title-secured loans. The amendments are effective August 1.
District Court refuses to enforce choice-of-law provision, allows individual state data privacy claims to proceed
On April 1, the FTC and the Illinois Attorney General announced a proposed settlement with an Illinois-based multistate auto dealer group for allegedly adding junk fees for unwanted “add-on” products to consumers’ bills and discriminating against Black consumers. Under the terms of the proposed settlement, the defendants are ordered to pay a $10 million penalty, of which $9.95 million will be used to provide monetary relief to consumers. According to the FTC, this is the highest penalty ever obtained against an auto dealer. The remaining balance of the penalty will be paid to the Illinois Attorney General Court Ordered and Voluntary Compliance Payment Projects Fund.
According to the complaint, which brings claims under the FTC Act, TILA, ECOA, and comparable Illinois laws, eight of the defendant’s dealerships, along with the general manager of two of the Illinois dealerships, allegedly tacked on junk fees for unwanted “add-on” products such as service contracts, GAP insurance, and paint protection to consumers’ purchase contracts at the end of the negotiation process, often without consumers’ consent. In other instances, consumers were told that the add-ons were free or were required to purchase or finance their vehicle. The complaint further alleges that defendants discriminated against Black consumers by charging them higher interest rates or more for add-on products than similarly situated non-Latino white consumers. As result, Black consumers allegedly paid, on average, $190 more in interest and $99 more for add-on products.
FTC Chair Lina M. Khan and Commissioner Rebecca Kelly Slaughter issued a joint statement noting that they “would have also supported a count alleging a violation of the FTC Act’s prohibition on unfair acts or practices.” Khan and Slaughter elaborated on reasons why the FTC “should evaluate under its unfairness authority any discrimination that is found to be based on disparate treatment or have a disparate impact,” pointing out that (i) discrimination based on protected status can cause substantial injury to consumers; (ii) “injuries stemming from disparate treatment or impact are unavoidable because affected consumers cannot change their status or otherwise influence the unfair practices”; and (iii) “injuries stemming from disparate treatment or impact are not outweighed by countervailing benefits to consumers or competition.”
On March 25, the U.S. District Court for the Northern District of Illinois granted final approval to a $1.1 million class action settlement resolving claims that the operators of two video social networking apps (defendants) “‘surreptitiously tracked, collected, and disclosed the personally identifiable information and/or viewing data of children under the age of 13,’ ‘without parental consent’” in violation of federal and California privacy law. Specifically, plaintiffs asserted violations of the Video Privacy Protection Act (VPPA), the California constitutional right to privacy, the California Consumers Legal Remedies Act (CLRA), and the Illinois Consumer Fraud and Deceptive Businesses Practices Act. Defendants countered that plaintiffs’ state-law claims were preempted by the Children’s Online Privacy Protection Act, and that, furthermore, the “alleged conduct is not within the scope of VPPA or the cited state consumer protection laws” and “does not amount to a common law invasion of privacy or a violation of Plaintiffs’ rights under the California Constitution.” Moreover, defendants argued that plaintiffs could not recover actual damages. According to plaintiffs’ supplemental motion for final approval, following months-long negotiations, the parties agreed to settle the action on a class-wide basis.
The settlement requires defendants to pay $1.1 million into a non-reversionary settlement fund, to be dispersed pro rata to class members (anyone in the U.S. who, prior to the settlement’s effective date and while under the age of 13, registered for or used the apps) who submit a valid claim after the payment of settlement administration expenses, taxes, fees, and service awards. The court’s order, however, declined to award an objector’s counsel any attorneys’ fees for his efforts to negotiate modified relief because the agreement was negotiated in a separate proceeding in related multidistrict litigation. The court also denied plaintiffs’ motion for sanctions against the objector’s law firm.
On February 18, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a workplace management software company (defendant) violated the Illinois Biometric Information Privacy Act (BIPA) by collecting data without providing the requisite disclosures or obtaining informed written consent. According to the plaintiff’s motion for preliminary approval, the settlement class is comprised of nearly 172,000 Illinois employees who used the defendant’s biometric timekeeping devices at work and whose finger-scan data “was hosted” by the defendant. The defendant denied any violation of BIPA. Under the settlement agreement, the defendant will pay approximately $15 million into a non-reversionary settlement fund, and settlement class members, who need to file a valid claim to receive payment, are expected to receive between $290 and $580 each.
On February 10, the Federal Reserve Board announced an enforcement action against an Illinois-based bank. According to the consent order, the bank allegedly violated the National Flood Insurance Act (NFIA) and Regulation H. The order assesses a $253,500 penalty against the bank for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.
On February 3, the Illinois Supreme Court unanimously ruled that the Illinois Workers’ Compensation Act (Compensation Act) does not bar claims for statutory damages under the state’s Biometric Information Privacy Act (BIPA). According to the opinion, the plaintiff sued the defendant and several other long-term care facilities in 2017 for violations of BIPA, alleging their timekeeping systems scanned her fingerprints without first notifying her and seeking her consent. The defendant countered that the Compensation Act preempted the plaintiff’s claims, but in 2020 the Illinois Appellate Court, First District, held that it failed to see how the plaintiff’s claim for liquidated damages under BIPA “fits within the purview of the Compensation Act, which is a remedial statute designed to provide financial protection for workers that have sustained an actual injury.” As such, the appellate panel concluded that the Compensation Act’s exclusivity provisions “do not bar a claim for statutory, liquidated damages, where an employer is alleged to have violated an employee’s statutory privacy rights under the Privacy Act, as such a claim is simply not compensable under the Compensation Act.”
In affirming the appellate panel’s decision, the Illinois Supreme Court agreed that the “personal and societal injuries caused by violating [BIPA’s] prophylactic requirements are different in nature and scope from the physical and psychological work injuries that are compensable under the Compensation Act. [BIPA] involves prophylactic measures to prevent compromise of an individual’s biometrics.” Additionally, the Illinois Supreme Court held that the plain language of BIPA supports a conclusion that the state legislature did not intend for it to be preempted by the Compensation Act’s exclusivity provisions. Noting that it is aware of the consequences the legislature intended as a result of BIPA violations, the Illinois Supreme Court wrote that the “General Assembly has tried to head off such problems before they occur by imposing safeguards to ensure that the individuals’ privacy rights in their biometric identifiers and biometric information are properly protected before they can be compromised and by subjecting private entities who fail to follow the statute’s requirements to substantial potential liability . . . whether or not actual damages, beyond violation of the law’s provisions, can be shown.” Moreover, if a “different balance should be struck under [BIPA] given the category of injury,” that is “a question more appropriately addressed to the legislature.”
- Buckley Webcast: State supervision, enforcement, and multistate coordination
- Benjamin W. Hutten to discuss “Latest on AML regulations and impact of economic sanctions” at a Mortgage Bankers Association webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar