Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 27, the FTC announced it had entered into two stipulated orders for permanent injunction and monetary judgment (see here and here) against an office supply company and its California-based tech-support services vendor (defendants) for allegedly violating the FTC Act by selling computer repair and technical services to consumers who were told the company’s software program had detected malware symptoms on their computers. According to the FTC’s complaint, from approximately 2009 to November 2016, the defendants allegedly used a software program marketed as a “PC Health Check Program”—among other names—to “facilitate the sale of computer repair services to . . . retail customers.” The program, which claimed to detect malware symptoms on consumers’ computers, actually based the results on answers to questions consumers were asked at the beginning of the program, including whether the computer had issues with displayed pop-up ads or other problems, ran slow, received virus warnings, or crashed often. The FTC claimed the scan had no connection to the malware symptoms results and that, since at least 2012, the defendants allegedly knew that the program falsely reported malware symptoms but continued to reward store managers and employees who generated sales from the program until late 2016. The proposed order imposes a combined $35 million monetary judgment, bans the office supply company from making misrepresentations concerning the security or performance of consumers’ electronic devices, and requires the company to ensure that existing and future software providers do not engage in the prohibited conduct. The order also prohibits the vendor from misrepresenting or helping others to misrepresent the performance or detection of security issues on consumers’ electronic devices.
On March 26, the FTC announced settlements issued against four separate operations for allegedly placing billions of illegal robocalls to consumers selling auto warranties, debt-relief services, home security systems, veterans’ charities and Google search results services. The actions are part of the FTC’s ongoing efforts to combat illegal robocalls. According to the FTC, the companies—along with several of their affiliates and leaders—allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR), including its Do Not Call provisions.
Proposed settlements issued against two related operations and their leaders—who, according to the FTC’s complaint, developed and enabled a software dialing platform that resulted in more than one billion robocalls—ban the defendants from engaging in telemarketing activities utilizing an autodialer, and imposes judgements ranging from $1 million to $2.7 million, of which two are fully suspended due to the defendants’ inability to pay. The FTC also reached a final settlement against defendants who allegedly placed robocalls to pitch fake debt-relief services promising lowered credit card interest rates and interest payment savings. The order permanently bans the defendants from engaging in telemarketing and debt-relief services, and imposes a $3.15 million judgment, which will be suspended following the turnover of available assets. Separately, the FTC reached a proposed settlement with a defendant who allegedly used robocalls promoting fake veterans’ charities to solicit donations, which he eventually sold for his own benefit. The proposed order bans the defendant from engaging in telemarketing services or soliciting charitable contributions, prohibits him from making future misrepresentations, and imposes a $541,032 monetary judgment, which will also be suspended following the turnover of available assets. Finally, the FTC announced proposed settlements against three defendants (see here, here, and here) whose Florida-based operations allegedly violated the TSR by falsely claiming to represent Google and making threats and promises to businesses concerning search results and page placements. The terms of the proposed settlements, among other things, ban the defendants from deceptive sales practices, and require the defendants to disclose their identities during telemarketing sales calls. Monetary judgements imposed against the defendants and their companies range from $1.72 million to $3.62 million, and will be partially suspended due to their inability to pay.
On March 20, FTC Chairman Joseph Simons spoke at the 2019 ANA Advertising Law and Public Policy Conference to discuss FTC consumer protection initiatives, including those that target advertisers who make deceptive claims about their products. Simons noted that focusing solely on fraudulent advertising is not sufficient, and that the FTC is committed to investigating deceptive advertising intended to mislead consumers, even if the product or service is legitimate. Simons cited several recent enforcement actions, including challenges to dietary supplement health benefit claims and deceptive environmental claims, and stated the agency is prepared to “proceed in federal court as warranted.” (See InfoBytes coverage here and here.) Simons also commented that the FTC is rethinking its approach to the types of remedies used to enforce consumer protection laws in order to both deter future violations and provide meaningful relief to harmed consumers.
Concerning targeted advertising and its connection to privacy concerns, Simons discussed three relevant “fundamental principles of consumer protection”: companies should (i) be fully transparent about the true nature of their data collection and sharing practices; (ii) focus on consumer outcomes when making business decisions to use consumer data; and (iii) make themselves aware of the practices of companies with whom they do business.
On March 20, the CFPB and the FTC released (here and here) their annual report to Congress on the administration of the FDCPA, which highlights the 2018 efforts of the agencies. The agencies coordinate in enforcement; share supervisory and consumer complaint information; and collaborate on education under a memorandum of understanding that was reauthorized in February. (Covered by InfoBytes here.) In the report, the Bureau acknowledges its intent to release a Notice of Proposed Rulemaking on debt collection covering issues such as “communication practices and consumer disclosures” in spring 2019. In addition to highlighting the Bureau’s debt collection education efforts, the report also states that in 2018 the Bureau (i) received approximately 81,500 debt collection complaints related to first-party and third-party collections; (ii) initiated six public enforcement actions alleging violations of the FDCPA, one resulting in an $800,000 civil money penalty; and (iii) identified one or more violations of the FDCPA through supervisory examinations.
As for the FTC, in addition to education efforts, the report states that in 2018 the agency (i) initiated or resolved seven enforcement actions, three of which were related to phantom debt collection, obtaining more than $58.9 million in judgments; (ii) returned money to thousands of consumers who were targeted by phantom debt collection operations; and (iii) banned 32 companies and individuals from working in the debt collection market.
On March 15, the FTC released its annual report highlighting the agency’s privacy and data security work in 2018. Among other items, the report highlights consumer-related enforcement activities in 2018, including:
- an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices (covered by InfoBytes here).
- a settlement with a global online payments system company to resolve allegations that its payment and social networking service failed to adequately disclose to consumers that transfers to external bank accounts were subject to review and that funds could be frozen or removed based on a review of the underlying transaction (covered by InfoBytes here).
- a settlement with a Texas-based company over allegations that it violated the FCRA by failing to take reasonable steps to ensure the accuracy of tenant-screening information furnished to landlords and property managers (covered by InfoBytes here).
The report also highlighted the FTC’s hearings on big data, privacy, and competition conducted through its Hearings on Competition and Consumer Protection in the 21st Century initiative. (Covered by InfoBytes here and here.)
On March 6, the FTC’s Office of Legal Counsel warned recipients that subpoenas and civil investigative demands (CID) issued by the agency are legally enforceable demands and should be taken seriously. The FTC stated it is willing “to work with parties and their counsel to determine the scope of the agency’s subpoena or CID and a timeframe for compliance” and issued a reminder that under the FTC’s Rules of Practice, parties are required to meet and confer to identify issues or concerns that may affect a party’s ability to comply. The FTC additionally discussed measures the Office of Legal Counsel may undertake in order to compel compliance, including the possibility of federal court action.
On March 7, the FTC announced a new legal action and a final settlement issued against individuals and their operations for allegedly engaging in schemes that exploit elderly Americans. The actions are part of an enforcement sweep spearheaded by the DOJ in conjunction with, among others, the FBI, the FTC, Immigration and Customs Enforcement’s Homeland Security Investigations, and the Louisiana Attorney General, which—according to a press release issued the same day by the DOJ—is the largest-ever coordinated nationwide elder fraud sweep, involving multiple cases, over 260 defendants, and more than two million allegedly victimized U.S. Citizens, most of whom are elderly.
According to the FTC’s complaint, the company used deceptive tactics to convince consumers, the majority of whom were older, that their computers were infected with viruses in order to sell expensive and unnecessary computer repair services in violation of the FTC Act, the Telemarketing Sales Rule, and the Restore Online Shoppers’ Confidence Act. Specifically, the company allegedly used internet ads to target consumers looking for email password assistance and once they contacted the consumers, the telemarketers would run phony “diagnostic” tests that falsely showed the consumer’s computer was in danger and needed software and services to be fixed. On February 27, the U.S. District Court for the Southern District of Utah, granted a temporary restraining order against the company and its founder.
The FTC also announced a proposed settlement with a sweepstake operation that allegedly bilked consumers out of tens of millions of dollars through personalized mailers that falsely implied that the recipients had won or were likely to win a cash prize if they paid a fee. As previously covered by InfoBytes, the FTC announced the charges against the company in February 2018, alleging that consumers, most of whom were elderly, paid more than $110 million towards the scheme. The final settlement not only requires the operation to turn over $30 million in assets and cash to provide redress to the victims, but also permanently bans the operators from similar prize promotions in the future. The proposed settlement has not yet been approved by the court.
On March 5, FTC Chairman Joseph Simons spoke at the National Association of Attorneys General (NAAG) Winter Meeting to advocate for increased collaboration with state Attorneys General. Noting that such collaboration is critical to the agency’s mission, Simons highlighted FTC consumer protection goals as well as several collaborative efforts, including joint task forces and investigation and enforcement initiatives. Buckley attorneys Michelle L. Rogers, Antonio Reynolds, and Katherine Halliday, co-authors of What To Expect From Increased FTC-State AG Collaboration, discuss how Simons’ pitch to NAAG could turn out to be a useful signal of increased joint FTC-AG enforcement activity in the future.
On March 5, the FTC announced the U.S. District Court for the District of Arizona entered three orders on February 26, settling the FTC’s case against the operators of a telemarketing grant scheme. As previously covered by InfoBytes, the FTC’s complaint alleged the operators charged consumers upfront fees ranging from $295 to $4,995 and promised to obtain $10,000 or more in government, corporate, or private grants that could help the consumers pay off personal expenses such as medical bills; however, “most, if not all,” of the consumers ultimately received nothing in return. The three stipulated orders (available here, here, and here) impose a suspended $3 million judgment, (based on the operators’ inability to pay) and: (i) require the operators to surrender significant assets; (ii) ban the operators from telemarketing or making misrepresentations or unsubstantiated claims about any product or services; and (iii) prohibit the operators from making false or misleading statements to financial entities, including misrepresenting businesses to payment processors and banks.
On March 5, the FTC released proposed amendments to two rules that protect the privacy and security of customer data held by financial institutions. The agency seeks comments on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires financial institutions to develop, implement, and maintain comprehensive information security programs, whereas the Privacy Rule requires financial institutions to notify customers about information-sharing practices, as well as enable customers to opt out of sharing their information with certain third parties. The FTC’s proposed amendments to the Safeguards Rule would, among other things, add more detailed requirements for financial institutions, including mandatory encryption of customer data and the use of multi-factor authentication to prevent unauthorized access to customer information. The proposed amendments to the Privacy Rule would change the rule to account for statutory changes in the Dodd-Frank Act, which gave the majority of the FTC’s rulemaking authority for the Privacy Rule to the CFPB with the exception of certain motor vehicle dealers. The agency plans to remove examples of financial institutions that do not apply to motor vehicle dealers, as well as clarify when annual customer privacy notices must be provided. In addition, the FTC proposes to expand the definition of “financial institution” in both rules to include “finders,” which include persons or entities that charge a fee to introduce consumers to a lender.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference