Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 20, the FTC and the FCC sent letters to three more Voice over Internet Protocol (VoIP) service providers, warning the companies to stop routing and transmitting robocall campaigns promoting Covid-19 related scams. According to the FTC, two of the companies are routing coronavirus-related fraud robocalls originating overseas. In April, the agencies sent an initial round of letters to three VoIP service providers for similar issues (covered by InfoBytes here). As in April, the letters warn the companies that they have been identified as “routing and transmitting illegal robocalls, including Coronavirus-related scam calls” and must cease the behavior or they will be subject to enforcement action. Additionally, the agencies sent a separate letter to a telecommunications trade association thanking the group for its assistance in identifying the campaigns and relaying a warning that the FCC will authorize U.S. providers to begin blocking calls from the three companies if they do not comply with the agencies’ request within 48 hours after the release of the letter.
On May 13, the FTC filed a complaint against a Pennsylvania-based telemarketing operation for allegedly misrepresenting “no obligation” trial offers to organizations and then enrolling recipients in subscriptions for several hundred dollars without their consent. The complaint also charged a New York-based debt collector with violating the FTC Act by illegally threatening the organizations if they did not pay for the unordered subscriptions. The FTC alleged that the telemarketing operation violated the FTC Act and the Unordered Merchandise Statute by calling organizations such as businesses, schools, fire and police departments, and non-profits to offer sample books or newsletters without disclosing that they were selling subscriptions and then sending publications without the recipients’ consent. The FTC alleged that, if the organizations agreed to accept what they believed to be free publications, the defendants enrolled the organizations in a negative option program without their consent, and automatically charged the organizations for annual subscriptions. The telemarketer worked with a debt collection firm that allegedly misrepresented that the debts were valid and used false threats to collect outstanding balances. According to the FTC, the debt collection firm handled collections nationwide despite not having a valid corporate registration in any state and only being licensed to collect debt in Washington State. The FTC seeks a permanent injunction against the defendants, along with monetary relief “including rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.”
On May 14, the FTC and SBA sent letters to two companies for allegedly misleading small businesses seeking Paycheck Protection Program (PPP) loans. The first letter was sent to a California-based media company, which owns the web address “sba.com.” The letter claims the website suggests an “an affiliation or relationship with the SBA and approved PPP lenders” and encourages customers to apply for PPP loans through the site. The second letter, sent to a Utah-based company, asserts the company and its affiliate lead generators may be violating Section 5 of the FTC Act. Among other things, the FTC notes that one of the company’s affiliate lead generators advertises itself as an SBA loan packager for a $495 fee, even though the SBA prohibits lead generators from charging fees to PPP loan applicants. Both letters instruct the recipients to remove all deceptive claims and advertisements and remediate any harm that may have been caused. The letters require the companies to notify the FTC within 48 hours of the actions taken in response.
On May 5, the FTC released a report updating Congress on the agency’s FCRA education and enforcement efforts. The report, titled “Efforts to Promote Consumer Report Accuracy and Disputes,” was requested by Congress as part of the 2020 spending bill that funds the FTC. The report details the agency’s efforts to inform consumers and businesses regarding their rights and obligations under the FCRA, including educating consumers on disputing errors and identity theft. For businesses, the report discusses the guidance provided by the FTC for furnishers and users, including the 2016 publication Consumer Reports: What Information Furnishers Need to Know. The report notes that over the last decade. the FTC has brought over 30 enforcement actions under the FCRA against consumer reporting agencies (CRAs), users of consumer reports, and furnishers of information to CRAs. The FTC notes that once supervisory authority over the nationwide CRAs was transferred to the CFPB in 2011, the FTC has focused its FCRA enforcement on other entities in the credit reporting area, noting that 14 of its FCRA cases involved allegations related to handling consumer disputes of inaccurate information or procedures for ensuring the accuracy of information furnished in reports. A complete list of the 14 cases can be found in the report’s Appendix B. The FTC states that it will continue to look for education and enforcement opportunities, citing a joint workshop with the CFPB held last December, which discussed current trends in consumer reporting accuracy and sought public comments to assist the agency in targeting its efforts in the future.
On April 23, the U.S. District Court for the District of Columbia approved a $5 billion settlement between the FTC and a global social media company, resolving allegations that the company violated consumer protection laws by using deceptive disclosures and settings to undermine users’ privacy preferences in violation of a 2012 privacy settlement with the FTC. The settlement, first announced last July (covered by InfoBytes here), requires the company to take a series of remedial steps, including (i) ceasing misrepresentations concerning its collection and disclosure of users’ personal information, as well as its privacy and security measures; (ii) clearly disclosing when it will share data with third parties and obtaining user express consent if the sharing goes beyond a user’s privacy setting restrictions; (iii) deleting or de-identifying a user’s personal information within a reasonable time frame if an account is closed; (iv) creating a more robust privacy program with safeguards applicable to third parties with access to a user’s personal information; (v) creating a new privacy committee and designating a dedicated corporate officer in charge of monitoring the effectiveness of the privacy program; (vi) alerting the FTC when more than 500 users’ personal information has been compromised; and (vii) undertaking reporting and recordkeeping obligations, and commissioning regular, independent privacy assessments. The order “resolves all consumer-protection claims known by the FTC prior to June 12, 2019, that [the company], its officers, and directors violated Section 5 of the FTC Act.” While the court acknowledged concerns raised by several amici opposing the settlement, the court concluded that the settlement and the proposed remedies were reasonable and in the public interest. On April 28, the FTC announced the formal approval of amendments to its 2012 privacy order to incorporate updated provisions included in the 2019 settlement.
On April 23, the FTC released its 2019 Annual Highlights, which outlines the Commission’s efforts over the past year to protect consumers and promote competition. The report discusses various enforcement actions, policy and advocacy initiatives, and education and outreach programs, and notes that FTC actions in 2019 have led to more than $232 million in refunds to consumers. The report covers a range of consumer protection enforcement actions related to, among other things, unfair and deceptive marketing as well as privacy and data security issues. The report also discusses joint consumer protection enforcement-related efforts with foreign agencies and multilateral organizations, as well as information-sharing and enforcement cooperation measures intended to streamline and facilitate joint law enforcement investigations. In addition, the report highlights recent policy actions, such as advocacy comments, amicus briefs, and Congressional testimony, and discusses education efforts undertaken in 2019 including: (i) a series of public hearings on Competition and Consumer Protection in the 21st Century; (ii) workshops with state regulators and law enforcers; (iii) workshops on consumer protection issues such as small business financing, consumer reporting accuracy, and privacy matters; and (iv) education outreach programs. According to the stats and data section of the report, the FTC received more than 3.2 million consumer reports in 2019, in which identity theft and imposter scam complaints represented over 40 percent of the total reports received.
On April 22, the FTC filed a complaint against a Canadian company and its CEO (defendants) for allegedly participating in deceptive and unfair acts or practices in violation of the FTC Act and the Telemarketing Sales Rule (TSR) by, among other things, laundering credit card payments for two tech support scams that were sued by the FTC in 2014. The FTC alleges in its complaint that the defendants entered into contracts with payment processors to obtain merchant accounts to process credit card charges. While these contracts prohibited the defendants from submitting third-party sales through its merchant accounts, the FTC claims that the defendants used the accounts to process millions of dollars of consumer credit card charges on behalf of the two tech support operators and also processed charges for lead generators that directed consumers to the tech support scam. The FTC alleges that the defendants were aware of the unlawful conduct of at least one of the two operators and attempted to hide these charges from the payment processors.
Under the proposed settlement, the defendants neither admitted nor denied the allegations, except as specifically stated within the settlement, and (i) will pay $6.75 million in equitable monetary relief; (ii) are permanently enjoined from engaging in any further payment laundering or violations of the TSR; and (iii) will screen and monitor prospective high risk clients.
On April 20, the FTC filed a complaint against a rent-to-own payment plan company for allegedly making false, misleading, and deceptive representations in violation of the FTC Act to consumers regarding the marketing, sale, and terms of their payment plans. In its complaint, the FTC alleged that while the company offered “same as cash” and “no interest” payment plans to consumers seeking to purchase items at retailers nationwide, it actually charged consumers substantially more than the item’s retail price. Accessing the actual terms of the payment plans was confusing for consumers, the FTC contended, and allegedly led to consumers frequently paying roughly twice the item’s sticker price if they made the initial and all scheduled recurring payments. According to the FTC, the company (i) received tens of thousands of consumer complaints; (ii) was aware consumers were confused by the terms of their payment plans; and (iii) had been presented with concerns from retailers regarding the company’s training materials, which, among other things, instructed sales associates to say “‘there actually isn’t an interest rate, because it’s not a loan.” Under the terms of the proposed settlement, the company is, among other things, (i) prohibited from misrepresenting the costs, nature, terms, and any other material facts related to its payment plans; (ii) required to clearly and conspicuously disclose the total cost to own a product when marketing its plans; (iii) ordered to monitor third parties, including retailers that offer the company’s payment plans to ensure compliance with the terms of the settlement; and (iv) required to receive express, informed consent from consumers prior to billing them for a plan. The company is also required to pay $175 million in equitable monetary relief.
On April 17, the FTC filed a complaint against a Rhode Island-based company and its owner (defendants) for allegedly violating the FTC Act by claiming to be an approved lender for the Small Business Administration’s (SBA) Paycheck Protection Program (PPP) even though the defendants are neither affiliated with the SBA nor are they an SBA-authorized lender. The FTC alleges in its complaint that the defendants made deceptive statements on their websites, such as “WE ARE A DIRECT LENDER FOR THE PPP PROGRAM,” and directly contacted small businesses claiming to be representing the SBA in order to solicit loan applications on behalf of the businesses’ banks. The FTC states that the defendants have received hundreds, if not thousands, of loan applications from businesses and continue to claim they can make PPP loans despite receiving a cease-and-desist letter earlier this month from the SBA. The FTC seeks injunctive relief to prevent the defendants from continuing to engage in the unlawful acts and practices, as well as “rescission or reformation of contracts, restitution, the refund of monies paid, disgorgement of ill-gotten monies, and other equitable relief” that the court deems necessary to redress any consumer harm, and an award of the costs for bringing the action.
On April 8, the FTC’s Bureau of Consumer Protection wrote a blog post discussing ways for companies to manage the consumer protection risks of artificial intelligence (AI) technology and algorithms. According to the FTC, over the years the Commission has dealt with the challenges presented by the use of AI and algorithms to make decisions about consumers, and has taken many enforcement actions against companies for allegedly violating laws such as the FTC Act, FCRA, and ECOA when using AI and machine learning technology. Financial services companies have also been applying these laws to machine-based credit underwriting models, the FTC stated. To assist companies, the FTC has provided the following guidance:
- Be transparent. Companies should not mislead consumers about how automated tools will be used and should be transparent when collecting sensitive data to feed an algorithm. Companies that make automated eligibility decisions about “credit, employment, insurance, housing, or similar benefits and transactions” based on information provided by a third-party vendor are required to provide consumers with “adverse action” notices under the FCRA.
- Explain decisions to consumers. Companies should be specific when disclosing to consumers the reasons why a decision was made if AI or automated tools were used in the decision-making process.
- Ensure fairness. Companies should avoid discrimination based on protected classes and should consider both inputs and outcomes to manage consumer protection risks inherent in using AI and algorithmic tools. Companies should also provide consumers access and opportunity to dispute the accuracy of the information used to make a decision that may be adverse to the consumer’s interest.
- Ensure data and models are robust and sound. According to the FTC, companies that compile and sell consumer information for use in automated decision-making to determine a consumer’s eligibility for credit or other transactions (even if they are not a consumer reporting agency), may be subject to the FCRA and should “implement reasonable procedures to ensure maximum possible accuracy of consumer reports and provide consumers with access to their own information, along with the ability to correct any errors.” The AI models should also be validated to ensure they work correctly and do not illegally discriminate.
- Accountability. Companies should consider several factors before using AI or other automated tools, including the accuracy of the data set, predictions based on big data, and whether the data models account for biases or raise ethical or fairness concerns. Companies should also protect these tools from unauthorized use and consider what accountability mechanisms are being employed to ensure compliance.
- Melissa Klimkiewicz to discuss "Flood insurance basics" at the NAFCU Virtual Regulatory Compliance School
- H Joshua Kotin and Jessica M. Shannon to discuss "TILA/RESPA mortgage servicing rules" at the NAFCU Virtual Regulatory Compliance School
- Sasha Leonhardt to discuss "Privacy laws clarified" at the National Settlement Services Summit (NS3)
- Amanda R. Lawrence to discuss "New privacy legislation: Preparing for a major source of class action and enforcement activity going forward" at the American Conference Institute Consumer Finance Class Actions, Litigation & Government Enforcement Actions
- Sherry-Maria Safchuk and Lauren Frank to discuss "New CFPB interpretation on UDAAP" at a California Mortgage Bankers Association Mortgage Quality and Compliance Committee webinar
- Daniel P. Stipano to discuss "High standards: Best practices for banking marijuana-related businesses" at the ACAMS AML & Anti-Financial Crime Conference
- Daniel P. Stipano to discuss "Wait wait ... do tell me! Where the panelists answer to you" at the ACAMS AML & Anti-Financial Crime Conference
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference