Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 7, the FTC announced that it had warned three mobile application marketers that their mobile background screening applications may be violating the Fair Credit Reporting Act (FCRA). The FTC described some of the six applications at issue as including criminal record histories, which are a type of information typically used in employment and tenant screening. While the FTC has not made a determination as to whether these firms are violating FCRA, it reminded the companies that if they have reason to believe the mobile applications include information about individuals’ character, reputation, or personal characteristics that is used or expected to be used for purposes such as employment, housing or credit, the marketers and their customers must comply with FCRA. Under FCRA, firms that assemble or evaluate such information to provide to third parties qualify as consumer reporting agencies and are required to (i) take reasonable steps to ensure the user of each report has a “permissible purpose” to use the report, (ii) take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports, and (iii) provide users of its reports with information about their obligations under the FCRA.
On February 1, the Federal Trade Commission (FTC) announced a settlement with two individuals alleged to have operated businesses that improperly collected consumer information and then used that data to enroll consumers in negative-option programs that promised to match consumers with payday lenders. The FTC claimed the operators enrolled consumers in the payday lender matching program without consumer consent and refused to provide promised refunds. Under the settlement agreement, the individuals must pay nearly $10 million and will be prohibited from marketing secured loan products. The agreement also bars the individuals from making certain misrepresentations and prohibits the conduct at issue.
On January 30, the FTC and the DOJ announced that a Michigan-based debt buyer had agreed to pay a $2.5 million civil penalty to settle allegations of misconduct in connection with the company's debt collection activities. The FTC alleged that the debt buyer violated the FTC Act, the Fair Debt Collection Practices Act, and the Fair Credit Reporting Act by, among other things, (i) misrepresenting without substantiation that consumers owed a debt, (ii) failing to disclose that certain time-barred debt did not have to be repaid, (iii) knowingly providing false information to credit reporting agencies, and (iv) failing to investigate disputes raised by credit reporting agencies. In addition to paying the civil penalty, the company must address the failures and misconduct alleged by the FTC. For example, it must inform consumers when a debt is too old to be legally enforceable. Further, the company is prohibited from engaging in certain conduct, such as placing debt on consumer credit reports without notifying the consumer. Concurrent with the announcement, the FTC released a publication to help consumers understand their rights with regard to time-barred debt.
On January 25, the CFPB, the Department of Defense, the FTC, and the New York Attorney General announced a partnership to develop the Repeat Offenders Against Military (ROAM) Database to track enforcement actions against entities or individuals engaged in consumer financial frauds against military personnel, veterans, and their families. The database, which should be available by mid-February, will compile publicly available information about completed civil and criminal legal actions and will be accessible and searchable by state attorneys general, U.S. Attorneys, and Judge Advocates from all branches of the armed services. The Consumer Protection Committee of the National Association of Attorneys General already has sent a letter to state attorneys general asking them to populate the new database with their enforcement action information. The FTC noted that the ROAM database will complement its Consumer Sentinel Network, which collects and provides wide access to consumer complaints, including those related to the frauds against servicemembers and their families.
On January 23, the CFPB and the FTC announced that the agencies had entered into a memorandum of understanding (MOU) to facilitate coordination of the agencies’ consumer financial rulemaking, enforcement, and supervision activities. The MOU establishes regular meetings between the two entities, as well as processes for providing notice of enforcement activities. Under the MOU, the CFPB and the FTC will be able to share consumer complaint information, and the FTC can request CFPB examination reports and confidential supervisory information.
FTC Enhances Confidentiality of Investigations and Proposes Rule to Expedite Investigatory Processes
On January 13, by a vote of 5-0, the FTC adopted a new rule of practice (Rule 2.17) that streamlines internal procedures for staff seeking a court order to prevent investigation targets from learning about subpoenas and civil investigative demands issued by the FTC. The rule allows individual FTC Commissioners or the FTC’s general counsel to authorize the filing of a court action to delay notification to individuals required under the Right to Financial Privacy Act and the Electronic Communications Privacy Act when the FTC is seeking records from financial institutions or service providers.
Also on January 13, the FTC proposed additional changes to Parts 2 and 4 of its Rules of Practice to expedite Commission investigations and ensure that the FTC’s investigatory processes keep pace with electronic discovery advances. Among the proposed changes is a requirement for an accelerated meet-and-confer schedule to resolve electronic discovery disputes, as well as a proposal to relieve parties of their obligations to preserve documents after a year passes with no written communication from the FTC. The public can comment on the proposed rule changes through March 23, 2012.
On January 5, the FTC announced that Upromise had agreed to settle charges that its collection of consumers’ personal information was deceptive and an unfair practice, and that the collection violated federal law. Upromise’s website offered consumers a “TurboSaver Toolbar” download with a “Personalized Offers” feature to tailor savings opportunities to the consumer. The FTC alleged that the feature collected and transmitted, without encryption, the names of websites consumers visited, which links they clicked on, and information entered into webpages such as search terms, user names, and passwords. According to the FTC, the information collected also included credit card and financial account numbers, security codes and expiration dates, and Social Security numbers. Upromise’s privacy statement, however, stated that (i) the toolbar would only infrequently and inadvertently collect personal identifying information, (ii) personal information would be removed before the data was transmitted, and (iii) Upromise automatically encrypts users’ sensitive information. The proposed settlement requires in part that Upromise (i) destroy data collected, (ii) update its disclosures, (iii) notify consumers regarding the type of information collected and how to disable the toolbar, and (iv) obtain a biennial independent audit for the next twenty years. The proposed settlement is open for public comment through February 6.
On January 5, the FTC announced a settlement with a payment processor and two of its principals that will prohibit the company from using a new payment method, through which accounts were debited without account-holder consent. The FTC alleged that the company actively promoted the method as a way to avoid scrutiny associated with other payment methods, and ignored red flags - such as payment-rejection rates exceeding 80 percent - that its merchant customers were seeking to defraud account-holders. As a result, according to the FTC, consumers incurred significant costs, including for overdraft fees. In addition to banning the use of this payment process, the settlement requires, among other things, that the company monitor client return rates and investigate rates exceeding 2.5 percent.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference