InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Announces Settlement With Debt Collection Operation
This week, the FTC obtained a court order banning a Florida-based debt collection operation and its managing member from the debt collection business. The defendants were accused of violations of the FTC Act and the Fair Debt Collections Practices Act for, among other things, allegedly posing as lawyers and threating individuals with lawsuits or prison time if they failed to pay debt they did not actually owe. The order resolves a complaint filed by the FTC in July against defendants. (See previous InfoBytes coverage here.) Under the terms of the settlement, the defendants are prohibited from, among other things, (i) engaging in debt collection activities; (ii) misrepresenting material facts regarding financial-related products or services; (iii) disclosing, using, or benefiting from consumers’ personal information; and (iv) improperly disposing such information when appropriate. Finally, the order assessed a $702,059 judgment for equitable monetary relief.
FTC Settles With Dallas Auto Dealer for Alleged Deceptive Advertisements
On December 1, the FTC announced a proposed order to settle with a Dallas, Texas auto dealership for alleged deceptive advertisements containing loan and lease terms in Spanish-language newspapers. According to the FTC, the dealership violated the FTC Act by prominently displaying advantageous loan and lease terms in Spanish and qualifying those terms in smaller-print English at the bottom of the page. The FTC alleges the dealership misrepresented (i) the total cost of purchasing or leasing; (ii) the underwriting restrictions for the advertised loan or lease; and (iii) the availability of the inventory advertised. Additionally, the FTC alleged that the dealership violated Truth in Lending Act and the Consumer Leasing Act by failing to “clearly and conspicuously” disclose credit and lease terms. The proposal requires the dealership to cease the allegedly deceptive conduct and comply with all applicable advertisement regulations in the future. The proposal is published in the Federal Register and is open for public comment until January 2, 2018.
Virginia AG Announces Settlement With Internet Lender Over Licensing Claims and Origination Fees
On November 30, Virginia Attorney General Mark R. Herring announced a settlement with a Chicago-based “open-end credit plan internet lender” to resolve alleged violations of the Virginia Consumer Protection Act (VCPA). Specifically, the Attorney General’s Office alleged that the lender misrepresented that it was licensed to conduct lending activity in Virginia and charged unlawful origination fees during a statutorily required grace period. According to a press release issued by the Attorney General’s office, the settlement requires the lender to provide more than $3 million of refunds and interest forgiveness to borrowers, and pay the state $30,000 in civil money penalties, costs, and fees. The settlement also contains a permanent injunction that prohibits the lender from misrepresenting its status as a licensed Virginia lender and violating the VCPA.
Fed Fines Kansas State Bank for Alleged Deceptive Mortgage Acts
On November 28, the Federal Reserve Board (Fed) announced it had entered into a consent order with a Kansas state bank over allegations that the bank engaged in deceptive mortgage origination practices in violation of the FTC Act. Specifically, the order alleges that the bank told borrowers that they were paying for discount points that would lower their interest rate, but did not in fact provide those borrowers an interest rate reflective of the price paid for the discount points or, in some cases, a reduced rate at all. The Fed’s order requires the bank to pay restitution to the affected borrowers, but did not impose a further civil money penalty. The bank has decided to terminate all operations of its national mortgage business by year-end 2017.
FTC Announces Final Approval of Settlements With Companies Over EU-U.S. Privacy Shield False Certification Claims
On November 29, the FTC announced it had approved final settlements with three companies over allegations that they falsely claimed participation in the European Union-U.S. Privacy Shield (EU-U.S. Privacy Shield) framework. (See previous InfoBytes coverage here.) The settlements mark the FTC’s first EU-U.S. Privacy Shield enforcement actions following the EU’s finalization and adoption in July 2016 (as covered by InfoBytes) of the EU-U.S. Privacy Shield Framework, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.
Ride-Sharing Company Announces Data Breach; State Attorneys General Launch Investigations
On November 21, a ride-sharing company disclosed via press release a 2016 data breach that exposed the personal data of 57 million riders and drivers. According to the company, an outside forensic investigation revealed that in October 2016 hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. The company claimed that hackers did not obtain driver or passenger social security, credit card, bank account, birth date, or trip location information. Though the company stated that it has taken action to address the delay in notifying affected individuals and regulators, lawsuits filed by the State of Washington and the City of Chicago claim that the company capitulated to hackers’ demands and “paid the hackers to delete the consumer data and keep quiet about the breach.”
According to a letter from the company to the Washington attorney general attached to the state’s complaint, the company “is taking personnel actions with respect to some of those involved in the handling of the incident.” The company further stated that it has “implemented and will implement further technical security measures, including improvements related to both access controls and encryption.”
According to sources, three separate class action lawsuits have been filed against the company as a result of the 2016 breach (see here, here, and here) and five attorneys general (New York, Illinois, Connecticut, Massachusetts, and Missouri) have launched investigations.
The 2016 data breach follows a settlement in January of that year with the New York Attorney General related to allegations that the company failed to promptly disclose a 2014 data breach. The 2014 data breach involved an alleged failure to prevent unauthorized access to the company’s consumer and driver data maintained on a third-party cloud service provider. As previously reported in InfoBytes in August, the company reached a settlement with the FTC related to the 2014 data breach; however, that settlement was entered into before the company disclosed the existence of the 2016 breach.
In a related development, on November 27, the U.S. District Court for the Northern District of California dismissed without prejudice a putative class action lawsuit against the company related to the 2014 data breach. The court held that the driver’s name, license number, and limited banking information disclosed in the breach was not the type of personally identifiable information that could expose plaintiffs to the risk of identity theft. Accordingly, the court dismissed the case for lack of Article III standing. The court also granted plaintiffs a final opportunity to amend their complaint to address the standing deficiencies.
OFAC Penalizes Credit Card Issuer for Violations of Cuban Assets Control Regulations
On November 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it had reached a $204,277 settlement with a U.S. financial institution for alleged violations of the Cuban Assets Control Regulations (CACR). The settlement involves actions taken by an international credit card company which, at the time of the apparent violations, was a wholly owned subsidiary of an entity that was itself 50 percent owned by the U.S. financial institution. According to the announcement, between 2009 and 2014, credit cards that the company issued to over 100 corporate customers were used to make purchases in Cuba or otherwise involved Cuba. OFAC asserts that the company failed to implement controls to prevent this even though it had policies and procedures in place to review transactions for compliance with CACR.
In determining the settlement amount, OFAC considered that (i) employees within the company had reason to know of the conduct that led to the alleged violations; (ii) none of the entities involved appeared to appreciate the risk that the credit cards might be used in Cuba; (iii) at the time they occurred, the actions resulted in harm to the US sanctions program objectives; (iv) the U.S. financial institution is a large and sophisticated financial entity; and (v) during the investigation, the entities provided “verifiably inaccurate or incomplete, including material omissions.” OFAC also considered the fact that the entities voluntarily self-disclosed the alleged violations and the U.S. financial institution took “swift and appropriate remedial action” upon discovery.
OFAC recently announced updates to CACR, covered by InfoBytes here.
DOJ Announces $5.4 Million in Additional Relief for Servicemembers Impacted by Bank’s Alleged SCRA Violations
On November 14, the DOJ announced it had secured an additional $5.4 million from a major U.S. bank related to a September 2016 settlement (previously covered by InfoBytes) resolving allegations that between January 2008 and July 2015 the bank repossessed vehicles owned by active duty servicemembers without required court orders in violation of the Servicemembers Civil Relief Act. The original consent order with the DOJ required the bank to pay $10,000, plus lost equity, to each of the 413 affected servicemembers whose cars were found to be unlawfully seized and further stipulated the bank could be required to compensate additional servicemembers. Since entering into the 2016 settlement with the DOJ, the bank announced it had uncovered another 450 qualifying servicemembers, bringing the combined affected total to 863, with compensatory payouts of more than $10 million.
OFAC Announces Cuban Assets Control Regulations Updates; Releases New FAQs
On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced amendments to the Cuban Assets Control Regulations to implement changes related to certain financial transaction restrictions and economic activities. In accordance with the National Security Presidential Memorandum issued by President Trump on June 16, the amendments will, among other things, prohibit “persons subject to U.S. jurisdictions” from engaging in financial transactions with entities and subentities identified on the State Department’s Cuba Restricted List. This effort is intended to “channel economic activities away from the Cuban military, intelligence, and security services, while maintaining opportunities for Americans to engage in authorized travel to Cuba and support the private, small business sector in Cuba.” The amendments will take effect November 9. OFAC also released updated FAQs and a fact sheet to answer questions related to the amended regulations.
Refer here, here, and here for InfoBytes coverage on OFAC settlements of alleged violations of the Cuban Assets Control Regulations.
FTC Fines California Auto Dealer for Violating Order About Disclosures
On November 6, the FTC announced a settlement of $1.4 million with a Southern California auto dealership for violating a 2014 administrative order (Order). The Order prohibited the dealership from misrepresenting the cost to finance or lease a vehicle. In issuing the Order, the FTC alleged that the dealership had violated the FTC Act by using advertisements that deceptively stated a $0 up-front lease option while excluding other fees and costs, and also that the dealership’s advertisements violated disclosure requirements of the Consumer Leasing Act (CLA) and TILA.
The new settlement resolves a complaint in which the FTC alleged the auto dealership “routinely violated” the Order requiring the dealership to, among other things, (i) accurately represent costs and terms of financing or leasing vehicles; (ii) conform its advertisements to the requirements of the CLA and TILA; and (iv) maintain necessary records and make those records available to the agency. In addition to the monetary penalty and the prohibition of similar practices, the settlement also subjects the dealership to strong compliance and reporting requirements.