Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC seeks permanent injunction against student loan debt relief operation

    Federal Issues

    On July 11, the FTC announced it was charging a student loan debt relief operation with violations of the FTC Act and the Telemarketing Sales Rule for allegedly engaging in deceptive practices when marketing and selling their debt relief services. The complaint alleges the operators of the scheme allegedly, among other things, (i) charged borrowers illegal advance fees; (ii) falsely claimed they would service and pay down their student loans; and (iii) obtained borrowers’ credentials in order to change consumers’ contact information and prevent communications from loan servicers. According to the FTC, the defendants allegedly collected more than $23 million from consumers, and when asked why their payments were not being applied to their loans, the defendants “informed consumers that their entire payments had been collected as ‘handling’ or ‘management’ fees.” On July 10, the U.S. District Court for the Central District of California issued a temporary restraining order and asset freeze at the FTC’s request. The FTC seeks a permanent injunction against the defendants to prevent future violations, as well as redress for injured consumers through “rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.”

    Federal Issues FTC Enforcement Debt Relief Student Lending FTC Act Telemarketing Sales Rule UDAP

    Share page with AddThis
  • FTC and NY AG settle with phantom debt operation

    Federal Issues

    On July 1, the FTC announced, together with the New York attorney general, a settlement with two New York-based phantom debt operations and their principals (collectively, “defendants”) resolving allegations that the operations bought, placed for collection, sold lists of, and collected on fake debts that consumers did not owe. As previously covered by InfoBytes, the June 2018 complaint alleged that the defendants ran a deceptive and abusive debt collection scheme in violation of the FTC Act, the FDCPA, and New York state law. The settlement order against one company and its owners bans the defendants from debt collection activities, including buying, placing for collection, and selling debt. The order requires the defendants to pay a combined $676,575, suspending the total judgment of $6.75 million, due to inability to pay. The settlement order against the other company and its owner prohibits the defendants from engaging in unlawful collection practices and requires the payment of $118,000, suspending the total judgment of $4.94 million, due to inability to pay.

    Federal Issues State Issues Enforcement FTC State Attorney General Debt Collection FTC Act FDCPA Settlement

    Share page with AddThis
  • FTC holds fourth annual PrivacyCon to address hot topics

    Privacy, Cyber Risk & Data Security

    On June 27, the FTC held its fourth annual PrivacyCon, which hosted research presentations on a wide range of consumer privacy and security issues. Following opening remarks by FTC Chairman Joseph Simons, the one-day conference featured four plenary sessions covering a number of hot topics:

    • Session 1: Privacy Policies, Disclosures, and Permissions. Five presenters discussed various aspects of privacy policies and notices to consumers. The panel discussed current trends showing that privacy notices to consumers have generally become lengthier in recent years, which helps cover the information regulators require, but often results in information overload for consumers more generally. One presenter advocated the concept of a condensed “nutrition label” for privacy, but acknowledged the challenge of distilling complicated activities into short bullets.
    • Session 2: Consumer Preferences, Expectations, and Behaviors. This panel addressed research concerning consumer expectations and behaviors with regard to privacy. Among other anecdotal information, the presenters noted that many consumers are aware that personal data is tracked, but consumers are generally unaware of what data collectors ultimately do with the personal data once collected. To that end, one presenter advocated prescriptive limits on data collection in general, which would take the onus off consumers to protect themselves. Separately, with regard to the Children’s Online Privacy Protection Act (COPPA), one presenter noted that the law generally aligns with parents’ privacy expectations, but the implementing regulations and guidelines are too broad and leave too much room for implementation variations.
    • Session 3: Tracking and Online Advertising. In the third session, five presenters covered various topics, including privacy implications of free versus paid-for applications to the impact of the EU’s General Data Protection Regulation (GDPR). According to the presenters, current research suggests that the measurable privacy benefits of paying for an app are “tenuous at best,” and consumers cannot be expected to make informed decisions because the necessary privacy information is not always available in the purchase program on a mobile device such as a phone. As for GDPR, the panel agreed that there are notable reductions in web use, with page views falling 9.7 percent in one study, although it is not clear whether such reduction is directly correlated to the May 25, 2018 effective date for enforcement of GDPR.
    • Session 4: Vulnerabilities, Leaks, and Breach Notifications. In the final presentation, presenters discussed new research on how companies can mitigate data security vulnerabilities and improve remediation. One presenter discussed the need for proactive identification of vulnerabilities, noting that the goal should be to patch the real vulnerabilities and limit efforts related to vulnerabilities that are unlikely to be exploited. Another presenter analyzed data breach notifications to consumers, noting that all 50 states have data breach notification laws, but there is no consensus as to best practices related to the content or timing of notifications to consumers. The presenter concluded with recommendations for future notification regulations: (i) incorporate readability testing based on standardized methods; (ii) provide concrete guidelines of when customers need to be notified, what content needs to be included, and how the information should be presented; (iii) include visuals to highlight key information; and (iv) leverage the influence of templates, such as the model privacy form for the Gramm-Leach-Bliley Act.

    Privacy/Cyber Risk & Data Security FTC Research COPPA GDPR Gramm-Leach-Bliley

    Share page with AddThis
  • FTC finalizes rule providing free credit monitoring for servicemembers

    Agency Rule-Making & Guidance

    On June 24, the FTC finalized the “Free Electronic Credit Monitoring for Active Duty Military Rule,” which implements the Economic Growth, Regulatory Relief, and Consumer Protection Act requirement for nationwide consumer reporting agencies (CRAs) to provide free electronic credit monitoring services for active duty military consumers. The proposed rule, issued in November 2018 (covered by InfoBytes here), defined the term “electronic credit monitoring service” as a service through which the CRAs provide, at a minimum, electronic notification of material additions or modifications to a consumer’s file and requires CRAs to notify active duty military consumers within 24 hours of any material change. The proposal noted that CRAs may require that active duty military provide contact information, proof of identity, and proof of active duty status in order to use the free service and outlines how a servicemember may prove active duty status, such as with a copy of active duty orders. Additionally, the proposal prohibited CRAs from requiring active duty military consumers to purchase a product in order to obtain the free service.

    In response to comments on the proposal, the final rule refers to the definition of “active duty military consumer” in the FCRA, which requires that the servicemember be assigned to service away from their usual duty station, or be a member of the National Guard, regardless of whether the National Guard member is stationed away from their normal duty station. The FTC noted that commenters requested the requirement that the servicemember be stationed away from their normal duty station be eliminated but “the statutory language limit[ed] the Commission’s discretion on [the] topic.” However, the FCRA does not apply the same duty station requirement to the National Guard. Additionally, the final rule, among other things (i) requires CRAs to provide free access to a credit file when it notifies an active duty military consumer about a material change to the file; (ii) extends the amount of time the CRAs have to notify an active duty military consumer of a material change from 24 hours to 48 hours; and (iii) prohibits CRAs from requiring that active duty military consumers agree to terms or conditions as a requirement to obtain their free credit file, unless the terms or conditions are necessary to comply with certain legal requirements. 

    While the final rule goes into effect three months after publication in the Federal Register, CRAs will be allowed to comply with certain portions of the final rule by offering existing credit monitoring services to active duty military consumers for free, for a period of up to one year from the effective date.

    Agency Rule-Making & Guidance FTC EGRRCPA Credit Reporting Agency Credit Monitoring Federal Register Military Lending

    Share page with AddThis
  • Federal and state enforcement agencies coordinate on robocall crackdown

    Federal Issues

    On June 25, the FTC announced a major crackdown on illegal robocalls named “Operation Call it Quits,” which includes 94 enforcement actions from around the country brought by the FTC and 25 other federal, state, and local agencies. In addition to actions targeting the actors, the operation also includes a consumer education initiative and promotion of the development of technology-based solutions to block robocalls and fight caller ID spoofing. In addition to the 87 other enforcement actions brought under the initiatives, the FTC announced four new actions, some of which were filed by the DOJ on the FTC’s behalf, and three new settlements targeting robocallers for violations of the FTC Act and the Telemarketing Sales Rule (TSR), among other things. The FTC alleges many of the actors used illegal robocalls to contact financially distressed consumers regarding interest rate reductions, sell fraudulent money-making opportunities, pitch free medical alert systems, or develop leads for solar energy companies. The affected consumers in these actions were often listed on the Do Not Call Registry. The FTC provided a complete list of the 94 actions brought under Operation Call it Quits.

    State Attorneys General participating in the initiative are: Alabama, Arizona, Colorado, Florida, Illinois, Indiana, Michigan, Missouri, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Texas, and Virginia. Additionally, local agencies include: the Consumer Protection Divisions of the District Attorneys for the Counties of Los Angeles, San Diego, Riverside, and Santa Clara, California; the Florida Department of Agriculture and Consumer Services; and the Los Angeles City Attorney. 

    Federal Issues FTC Robocalls FTC Act Enforcement State Attorney General Telemarketing Sales Rule Do Not Call Registry

    Share page with AddThis
  • FTC halts operations of credit-repair company

    Federal Issues

    On June 21, the FTC announced that the U.S. District Court for the District of Connecticut temporarily halted the operation of an alleged credit repair scheme based on allegations the company charged illegal upfront fees and falsely claimed to substantially improve consumers’ credit scores in violation of the FTC Act, the Credit Repair Organizations Act, the Telemarketing Sales Rule (TSR), the Consumer Review Fairness Act, TILA, and the EFTA. According to the complaint, since 2014, the company, among other things, (i) claims they can improve consumers’ credit scores by removing negative items and hard inquiries from credit reports; (ii) charges advance fees for their services; (iii) does not provide the required disclosures for its services, including credit transaction disclosures related to the financing of the service fees; (iv) engages in electronic funds transfers from consumers’ bank accounts without proper authorization; and (v) threatens consumers with legal action after consumers complain about the lack of results. The court order requires the company to temporarily cease its operations and ensures the company’s assets are frozen.

    Federal Issues FTC Credit Repair Credit Scores Courts TILA EFTA FTC Act Telemarketing Sales Rule

    Share page with AddThis
  • 9th Circuit: FTC does not need to show irreparable harm to get injunctive relief

    Courts

    On June 17, the U.S. Court of Appeals for the 9th Circuit held that no showing of irreparable harm is required for the FTC to obtain injunctive relief when the relief is sought in conjunction with a statutory enforcement action where the applicable statute authorizes such relief. According to the opinion, the FTC brought an action against an entity and related individuals (collectively, “defendants”) operating a mortgage loan modification scheme for allegedly violating the FTC Act and Regulation O by making false promises to consumers for services designed to prevent foreclosures or reduce interest rates or monthly mortgage payments. (Previously covered by InfoBytes here.) The FTC brought the action under the second proviso of Section 13(b) of the FTC Act, which allows the agency to pursue injunctive relief without initiating administrative action. The district court granted the motion for preliminary injunction without requiring the FTC to make a showing of irreparable harm.

    On appeal, the 9th Circuit rejected the defendants’ argument that the FTC was still required to demonstrate the likelihood of irreparable harm in a Section 13(b) action. The appellate court noted that the FTC’s position is supported by the court’s precedent, quoting “‘[w]here an injunction is authorized by statute, and the statutory conditions are satisfied . . ., the agency to whom the enforcement of the right has been entrusted is not required to show irreparable injury.’” The appellate court concluded that its precedent is not irreconcilable with the 2008 Supreme Court decision in Winter v. Natural Resource Defense Council, Inc, noting that Winter did not address injunctive relief in the context of statutory enforcement. Therefore, the appellate court concluded that although irreparable harm is required to obtain injunctive relief in an ordinary case, the district court did not error in granting injunctive relief, without the showing of irreparable harm, in conjunction with a statutory enforcement action.  

     

    Courts Appellate FTC FTC Act Preliminary Injunction Ninth Circuit

    Share page with AddThis
  • FTC settles with software provider over data security failures

    Federal Issues

    On June 12, the FTC announced a settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.

    In its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The proposed consent order requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the proposed consent order requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year. 

    Federal Issues FTC Privacy/Cyber Risk & Data Security FTC Act Enforcement Settlement Consent Order

    Share page with AddThis
  • FTC shares 2018 enforcement report with the CFPB

    Federal Issues

    On June 6, the FTC announced that it submitted its 2018 Annual Financial Acts Enforcement Report to the CFPB. The report—which the Bureau requested for its use in preparing its 2018 Annual Report to Congress—covers the FTC’s enforcement activities regarding Regulation Z (the Truth in Lending Act or TILA), Regulation M (the Consumer Leasing Act or CLA), and Regulation E (the Electronic Fund Transfer Act or EFTA). Highlights of the enforcement matters covered in the report include:

    • Auto Lending and Leasing. The report discusses two enforcement matters related to deceptive automobile dealer practices. The first, filed in August 2018, alleged that a group of four auto dealers, among other things, advertised misleading discounts and incentives in their vehicle advertisements, and falsely inflated consumers’ income and down payment information on financing applications. The charges brought against the defendants allege violations of the FTC Act, TILA, and the CLA. The FTC sought, among other remedies, a permanent injunction to prevent future violations, restitution, and disgorgement. (Detailed InfoBytes coverage of the filing is available here.) In the second, in December 2018, the FTC mailed over 43,000 checks, totaling over $3.5 million, to consumers allegedly harmed by nine dealerships and owners engaged in deceptive and unfair sales and financing practices, deceptive advertising, and deceptive online reviews. (Detailed InfoBytes coverage is available here.)
    • Payday Lending. The report covers two enforcement matters, including the U.S. Court of Appeals for the 9th Circuit’s December 2018 decision upholding the $1.3 billion judgment against defendants responsible for operating an allegedly deceptive payday lending program. The decision is the result of a 2012 complaint in which the FTC alleged that the defendants engaged in deceptive acts or practices in violation of Section 5(a) of the FTC Act by making false and misleading representations about costs and payment of the loans. (Detailed InfoBytes coverage is available here.) The report also indicates that, in February 2018, the FTC issued over 72,000 checks totaling more an $2.9 million to consumers stemming from a July 2015 settlement, that alleged that online payday operators used personal financial information purchased from third-party lead generators or data brokers to make unauthorized deposits into and withdrawals from consumers’ bank accounts, regardless of whether the consumer applied for a payday loan. (Detailed InfoBytes coverage is available here.)
    • Negative Option. The report covers six enforcement matters related to alleged violations of the EFTA and Regulation E for “negative option” plans, including three new filings against online marketers for allegedly advertising “free trial” offers for products that enrolled consumers in expensive, ongoing plans without their knowledge or consent. The report notes that, in 2018, the FTC reached a settlement with one entity and obtained a court judgment against another, both resulting in injunctive relief and monetary settlements (which were suspended due to the defendants’ inability to pay). The report also notes that the FTC mailed 2,116 refund checks totaling more than $355,000 to people who bought an allegedly deceptive “memory improvement” supplement.

    Additionally, the report addresses the FTC’s research and policy efforts related to truth in lending and leasing, and electronic fund transfer issues, including (i) a study of consumers’ experiences in buying and financing automobiles at dealerships; and (ii) the FTC’s Military Task Force’s work on military consumer protection issues. The report also outlines the FTC’s consumer and business education efforts, which include several blog posts warning of new scams and practices.

     

    Federal Issues FTC FTC Act TILA EFTA Enforcement CFPB Consumer Education Auto Finance Military Lending Act

    Share page with AddThis
  • FTC introduces dedicated fintech webpage

    Fintech

    On May 24, the FTC announced the launch of a dedicated fintech resource page hosted on the agency’s business center website. The fintech page contains the following materials: (i) guidance, including Safeguards Rule and Privacy Rule compliance information; (ii) videos that will be regularly rotated discussing topics such as artificial intelligence and blockchain; (iii) related posts containing relevant information on small business financing and recent fintech enforcement actions; and (iv) legal resources, including relevant cases and staff reports.

    Fintech FTC Consumer Protection

    Share page with AddThis

Pages

Upcoming Events