InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC publishes letter to CFPB on its law enforcement and public outreach
On November 16, the FTC released its letter of its annual summary of activities in 2022 to the CFPB. The CFPB used the findings in its annual report to Congress on the Fair Debt Collection Practices Act (FDCPA). In the letter, the FTC outlined several of its important procedural law enforcement activities, such as debt collection issues affecting small businesses, redressing consumers harmed by debt collection schemes, halting collection in consumer debt, and combating unauthorized charges to consumers. The second part of the letter outlines how the FTC enables public outreach and cross-agency coordination. For public outreach, the FTC proactively educates consumers about their rights under the FDCPA, and how debt collectors can comply with the law. The FTC also noted that it publishes material in both English and Spanish to broaden its outreach. In addition, the FTC added that it distributes print publications to libraries and businesses and logs more than 50 million views on its website pages. In its efforts to raise awareness about scams targeting the Latino community, the FTC highlighted its series of fotonovelas (graphic novels) in Spanish.
FTC, DOJ convene with G7 on AI policy future
On November 8, the FTC and DOJ met with the G7 Competition Authorities and Policymakers’ Summit on how to better regulate AI while addressing its competitive concerns. The Summit took place in Tokyo, Japan, and both the FTC’s and the DOJ’s Antitrust Division participated with the international group. The G7 issued a statement on how generative AI can pose not only anti-competitive risks, but also risks in “privacy, intellectual property rights, transparency and other concerns.” All policymakers shared concerns on how to best enforce fair competition laws with AI, iterating that “existing competition law applies to [AI]” and that they were “prepared to confront abuses if AI becomes dominated by a few players with market power.” The G7 stated a need to enforce competition laws and “develop policies necessary to ensure that principles of fair competition are applied to digital markets.”
The G7’s report outlines its initiatives to promote and protect competition in digital markets, its commitment to address competition concerns, and its recognition of the need for internal cooperation on digital competition.
FTC, Florida AG settle with “chargeback mitigation” company
On November 7, the FTC and the State of Florida settled with a chargeback company to prevent it from deceiving any consumers who seek to dispute credit card charges. Back in April 2023, the FTC and the State of Florida sued the chargeback company under Section 5 of the FTC Act, 15 U.S.C. § 45, and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA), Chapter 501, Part II, as previously covered by InfoBytes here. A chargeback is a system for consumers to get their money returned when they have a problem with a purchase. The proposed court order was agreed to by the defendants but, before it can go into effect, the order first must be approved by a federal judge. The final judgment totals $150,000 and prevents the defendants from working with several high-risk clients.
FTC sues fintech firm for deceiving users and making cancelations difficult
On November 3, the FTC filed suit against a fintech firm within the U.S. Southern District Court of New York. The FTC alleged the fintech mobile app misled customers, “violated Section 5 of the FTC Act[,] and made it hard to cancel services in violation of the Restore Online Shoppers’ Confidence Act (ROSCA).” However, the FTC and Defendant stipulated the entry of a proposed settlement order that includes a monetary judgment of $18 million for consumer refunds and requires Defendant to stop its deceptive marketing practices and end tactics that prevented customers from canceling services. The first time the FTC had collected civil penalties under ROSCA was in January 2023, as covered by InfoBytes here.
The FTC’s complaint alleges that consumers were deceived into signing up for a $250 cash advance, but many users were unable to receive any money at all. Furthermore, consumers had to have first entered a $9.99 monthly membership––regardless of whether they qualified for the $250 or not. Further, if a user wished to cancel their monthly membership, the fintech firm employed “dark” and manipulative design tricks to “create a confusing and misleading cancellation process that prevented consumers from canceling their subscriptions.” The FTC’s proposed settlement order must first be approved by a federal judge before it can go into effect.
FTC approves amendment to Safeguards Rule requiring nonbanks to report data breaches
On October 27, the FTC approved an amendment to the Safeguards Rule to require nonbanks to report data breaches. Under the amended rule, financial institutions, including mortgage brokers, motor vehicle dealers, and payday lenders, will be required to notify the FTC of data breaches as soon as possible, and no later than 30 days after the discovery of incident involving at least 500 consumers. Notice of an incident is required if unencrypted consumer information was acquired without their authorization, as the FTC noted that encrypted consumer information is unlikely to cause consumer harm. The FTC will provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. Additionally, the amended rule will require nonbanks to “to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.” As previously covered by InfoBytes, the FTC recently extended compliance on some Safeguards provisions finalized in October 2021 (covered by InfoBytes here), to June of this year.
The commission voted 3-0 to publish the amendment, which will become effective 180 days after its publication in the Federal Register.
FTC reports on efforts to combat cross-border fraud and ransomware attacks
On October 20, the FTC published two reports outlining its efforts to protect consumers against cross-border fraud and ransomware attacks.
In the first report, the FTC described the US SAFE Web Act (SAFE WEB), passed in 2006, as an “indispensable” tool to combat cross-border fraud and protect consumers in an increasingly global and digital economy. For example, the report noted that since SAFE WEB was passed, the FTC has used the law in myriad ways: issuing more than 140 civil investigative demands on behalf of 21 foreign agencies from eight countries; engaging in 148 staff exchanges to build cooperation with foreign counterparts; and sharing confidential information from FTC files with 43 law enforcement agencies in twenty different countries. The report also indicated that SAFE WEB has allowed the FTC to pursue and stop harmful conduct in the US and defend against challenges to its jurisdictional authority over foreign companies targeting American consumers. Notably, SAFE WEB helped the FTC (i) shut down a real estate investment scam that took in more than $100 million (the largest such scheme the FTC has ever targeted); (ii) cooperate with privacy authorities in Canada and the United Kingdom to pursue actions against an online dating site that deceived consumers and failed to protect the account and profile information of more than 36 million individuals; (iii) and work with foreign law enforcement agencies to stop fraudulent money transfers to certain money transfer companies located in Spain in connection with a Nigerian email scam. The FTC recommends that Congress permanently reauthorize SAFE WEB to preserve the agency’s ability to fight cross-border fraud.
In the second report, the FTC discussed its work to target ransomware and other cyber-attacks. The FTC highlighted its longstanding data security enforcement program, which seeks to ensure that businesses engage in reasonable practices to protect the data of their customers. Moreover, the RANSOMWARE Act refers specifically to China, Russia, North Korea, and Iran. The report stated that although the FTC has taken data security-related enforcement actions involving connections to China and Russia, the FTC has had limited interactions with government agencies in China, Russia, North Korea, and Iran. The report included several recommendations for Congress, including making SAFE WEB permanent, amending a provision in the FTC act which would restore the FTC’s ability to provide refunds to harmed consumers, and enacting privacy and data security legislation which would be enforceable by the FTC. The FTC also urged businesses to take steps to safeguard customer data, including retaining information only so long as there is a legitimate business need, restricting access to sensitive data, and storing personal information securely and protecting it during transmission.
FTC settles with bankrupt crypto company and bans asset management
On October 12, the FTC announced it has reached a settlement with a bankrupt crypto company, which will permanently ban the company from managing consumer assets. According to the federal court complaint, the FTC alleged that from at least 2018, respondent attracted customers by promising their deposits would be secure, but when the company failed, consumers lost access to significant assets, resulting in over $1 billion in cryptocurrency asset losses. The FTC alleges violations of the FTC Act and the Gramm-Leach-Bliley Act's prohibition on obtaining financial information through false statements. Respondent allegedly misled consumers by claiming their assets were safe on the platform, stating that "YOUR USD IS FDIC INSURED." However, respondent is not a bank and the deposits were not eligible for FDIC insurance. The FTC complaint also alleged that the FDIC does not insure cryptocurrency assets, and consumers' cash deposits were placed in an account held by respondent at a traditional bank. Consumers' funds were protected only if that bank failed, but their cryptocurrency was not protected at all.
The proposed settlement with respondent and its affiliates permanently bans them from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing assets. Respondent and its affiliates have agreed to a judgment of $1.65 billion, which will be suspended to allow the bankrupt company to return its remaining assets to consumers through bankruptcy proceedings. The proposed settlement also prohibits respondent and its affiliates from managing consumer assets, misrepresenting product benefits, making false representations to obtain financial information, and disclosing nonpublic personal information without consent.
The FTC also announced that it is filing a lawsuit against the respondent’s CEO for making false claims that consumer accounts were FDIC-insured. Respondent’s CEO has not agreed to a settlement, and the FTC's case against him will proceed in federal court. “In a parallel action, on October 12, the Commodity Futures Trading Commission separately charged [respondent’s CEO] with fraud and registration failures,” the FTC added.
FTC announces second request for public comment on rule to ban “junk fees”
On October 11, the FTC released a notice of proposed rulemaking meant to prohibit unfair and deceptive, costly fees, also known as “junk fees.” After announcing its Advance Notice of Proposed Rulemaking last year (covered by InfoBytes here), and after considering more than 12,000 public comments, the FTC determined that some businesses misrepresent overall costs by omitting mandatory fees from advertised prices until consumers are “well into completing the transaction,” and fail to adequately explain the nature and amount of fees. The Commission is seeking another round of comments for its proposed rule, which, for any entity that “offers goods or services” to consumers, would prohibit:
- Offering, displaying, or advertising an amount a consumer may pay without “clearly and conspicuously” disclosing the “total price,” which must be displayed “more prominently than any other pricing information.”
- Misrepresenting “the nature and purpose of any amount a consumer may pay.”
- Disclosing “any other pricing information” besides the total price “more prominently” than disclosures of the total price in an “offer, display, or advertisement.”
The proposed rule would also grant the FTC more robust enforcement authority to seek refunds for harmed consumers and impose monetary penalties of up to $50,120 per violation. The proposed rule also requires businesses to include any mandatory costs for ancillary goods or services in their price disclosures.
The FTC is working alongside the CFPB, OCC, FCC, HUD and the Department of Transportation to develop and implement rules banning junk fees. The CFPB has also issued guidance emphasizing that large banks and credit unions are prohibited from imposing unreasonable obstacles on customers, such as charging excessive fees, for basic information about their accounts. Further, the White House has called on federal agencies “to reduce or eliminate hidden fees, charges, and add-ons for everything from banking services to cable and internet bills to airline and concert tickets.”
The Commission is seeking public input on 37 questions, with comments due 60 days after publication in the Federal Register.
FTC data spotlight reveals social media as primary source for scams over other contact methods
On October 6, the FTC released a data spotlight showing that more scams have originated on social media than on any other method of contact with consumers, accounting for $2.7 billion in consumer losses from 2021 to 2023. The FTC reports that the most frequently reported frauds in 2023 were online shopping scams on social media. However, promotions of fake investment opportunities, mostly those relating to cryptocurrency, on social media had the largest overall monetary losses. The FTC also provided a list of tips for consumers to limit their risks of fraud on social media, including restricting who can contact them on these platforms.
FTC roundtable on generative AI and the creative economy
On October 4, the FTC hosted a virtual roundtable to hear directly from creators on how generative artificial intelligence (AI) is affecting their work and livelihood. FTC Chair Lina Khan noted the Commission’s role enforcing rules of fair competition and its intention to “keep pace” to fully understand how new technology can be used and the negative impacts. Khan reminded the audience that there is no “AI exemption” to the laws regarding unfair methods of competition or collusion, discrimination, or deception. In addition, Commissioner Kelly Slaughter mentioned that the generative AI dynamic of web scraping is often performed without the knowledge of creators whose livelihood depends on displaying a public portfolio.
Duncan Crabtree-Ireland, chief negotiator for SAG AFTRA, stated that the companies using AI technology must receive informed consent and compensation for the use of individuals’ likenesses. John August, committee member for the Writers Guild of America, explained the union’s position that AI generated content can be considered an unfair method of competition, and that creators deserve protection against the unfair use of their work. Douglas Preston, author and former president of the Writers Guild of America, shared that he is part of a class action lawsuit with 16 other authors against a generative AI platform.
Overall, participants asked the FTC to initiate rulemaking, and support in federal legislation as necessary to underpin the protection of creators’ livelihood, as technology is outpacing law and regulation. They suggested that moving forward, platforms should request creators to opt-in, rather than opt-out of the use of their works to teach and support generative AI output. Moreover, participants repeatedly mentioned a need for disclosures for consumers, so they know when synthetic AI-generated voices, among other things, are used in content generated for consumers.