Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 6, the FTC’s Office of Legal Counsel warned recipients that subpoenas and civil investigative demands (CID) issued by the agency are legally enforceable demands and should be taken seriously. The FTC stated it is willing “to work with parties and their counsel to determine the scope of the agency’s subpoena or CID and a timeframe for compliance” and issued a reminder that under the FTC’s Rules of Practice, parties are required to meet and confer to identify issues or concerns that may affect a party’s ability to comply. The FTC additionally discussed measures the Office of Legal Counsel may undertake in order to compel compliance, including the possibility of federal court action.
On March 7, the FTC announced a new legal action and a final settlement issued against individuals and their operations for allegedly engaging in schemes that exploit elderly Americans. The actions are part of an enforcement sweep spearheaded by the DOJ in conjunction with, among others, the FBI, the FTC, Immigration and Customs Enforcement’s Homeland Security Investigations, and the Louisiana Attorney General, which—according to a press release issued the same day by the DOJ—is the largest-ever coordinated nationwide elder fraud sweep, involving multiple cases, over 260 defendants, and more than two million allegedly victimized U.S. Citizens, most of whom are elderly.
According to the FTC’s complaint, the company used deceptive tactics to convince consumers, the majority of whom were older, that their computers were infected with viruses in order to sell expensive and unnecessary computer repair services in violation of the FTC Act, the Telemarketing Sales Rule, and the Restore Online Shoppers’ Confidence Act. Specifically, the company allegedly used internet ads to target consumers looking for email password assistance and once they contacted the consumers, the telemarketers would run phony “diagnostic” tests that falsely showed the consumer’s computer was in danger and needed software and services to be fixed. On February 27, the U.S. District Court for the Southern District of Utah, granted a temporary restraining order against the company and its founder.
The FTC also announced a proposed settlement with a sweepstake operation that allegedly bilked consumers out of tens of millions of dollars through personalized mailers that falsely implied that the recipients had won or were likely to win a cash prize if they paid a fee. As previously covered by InfoBytes, the FTC announced the charges against the company in February 2018, alleging that consumers, most of whom were elderly, paid more than $110 million towards the scheme. The final settlement not only requires the operation to turn over $30 million in assets and cash to provide redress to the victims, but also permanently bans the operators from similar prize promotions in the future. The proposed settlement has not yet been approved by the court.
On March 5, FTC Chairman Joseph Simons spoke at the National Association of Attorneys General (NAAG) Winter Meeting to advocate for increased collaboration with state Attorneys General. Noting that such collaboration is critical to the agency’s mission, Simons highlighted FTC consumer protection goals as well as several collaborative efforts, including joint task forces and investigation and enforcement initiatives. Buckley attorneys Michelle L. Rogers, Antonio Reynolds, and Katherine Halliday, co-authors of What To Expect From Increased FTC-State AG Collaboration, discuss how Simons’ pitch to NAAG could turn out to be a useful signal of increased joint FTC-AG enforcement activity in the future.
On March 5, the FTC announced the U.S. District Court for the District of Arizona entered three orders on February 26, settling the FTC’s case against the operators of a telemarketing grant scheme. As previously covered by InfoBytes, the FTC’s complaint alleged the operators charged consumers upfront fees ranging from $295 to $4,995 and promised to obtain $10,000 or more in government, corporate, or private grants that could help the consumers pay off personal expenses such as medical bills; however, “most, if not all,” of the consumers ultimately received nothing in return. The three stipulated orders (available here, here, and here) impose a suspended $3 million judgment, (based on the operators’ inability to pay) and: (i) require the operators to surrender significant assets; (ii) ban the operators from telemarketing or making misrepresentations or unsubstantiated claims about any product or services; and (iii) prohibit the operators from making false or misleading statements to financial entities, including misrepresenting businesses to payment processors and banks.
On March 5, the FTC released proposed amendments to two rules that protect the privacy and security of customer data held by financial institutions. The agency seeks comments on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires financial institutions to develop, implement, and maintain comprehensive information security programs, whereas the Privacy Rule requires financial institutions to notify customers about information-sharing practices, as well as enable customers to opt out of sharing their information with certain third parties. The FTC’s proposed amendments to the Safeguards Rule would, among other things, add more detailed requirements for financial institutions, including mandatory encryption of customer data and the use of multi-factor authentication to prevent unauthorized access to customer information. The proposed amendments to the Privacy Rule would change the rule to account for statutory changes in the Dodd-Frank Act, which gave the majority of the FTC’s rulemaking authority for the Privacy Rule to the CFPB with the exception of certain motor vehicle dealers. The agency plans to remove examples of financial institutions that do not apply to motor vehicle dealers, as well as clarify when annual customer privacy notices must be provided. In addition, the FTC proposes to expand the definition of “financial institution” in both rules to include “finders,” which include persons or entities that charge a fee to introduce consumers to a lender.
On March 3, the 21st annual National Consumer Protection Week (NCPW) began. According to the FTC announcement, NCPW will run from March 3 through March 9 and aims to help consumers understand their rights while giving them access to free educational materials. The FTC, together with its federal, state and local partners, consumer groups, and other national advocacy organizations intend to provide advice on scams, identity theft, and other fraudulent business practices. A schedule of three specific social media events hosted by the FTC is provided in the announcement.
On February 27, the FTC announced a $5.7 million settlement with the operators of a video social networking app concerning alleged violations of the Children’s Online Privacy Protection Act (COPPA). Among other things, the FTC claims the operators failed to provide parents notice of its information collection practices, illegally collected personal information from children under the age of 13 without first obtaining verifiable parental consent, failed to delete personal information when parents requested, and retained information “longer than reasonably necessary to fulfill the purpose for which the information was collected.” Under COPPA, operators of websites and online services directed at children are prohibited from collecting personal information of children under the age of 13, unless the company has explicit parental consent. The FTC alleges that the operators knew a “significant percentage” of its users were under 13 and received thousands of complaints from parents that their children under 13 had created accounts on the app. While neither admitting nor denying the allegations, the operators have agreed to the monetary penalty, will change their business practices to comply with COPPA, and will remove all videos made by children younger than 13. According to the FTC, this settlement is the largest civil penalty obtained to date by the agency for COPPA violations.
On February 26, the FTC announced it had recently provided the CFPB with its annual summary of work on ECOA-related policy issues including the following FTC research and policy development initiatives:
- The FTC held a series of public hearings on competition and consumer protection in the 21st century. Session seven specifically addressed issues related to the use of algorithms, artificial intelligence, and predictive analytics. Panelists addressed how fairness, bias, and discrimination may impact the use of such technologies and debated whether current legal protections such as ECOA sufficiently cover these issues.
- The FTC continued its qualitative study of consumer experiences when buying and selling automobiles at dealerships, which the agency believes will help focus initiatives, such as educating consumers about the purchase and financing process and providing business education to promote compliance with the FTC Act and ECOA.
- The FTC’s Military Task Force, which consists of a cross-section of agency representatives, continued to work on military consumer protection issues. Workshops were conducted to examine financial issues and scams targeting military consumers, including servicemembers and veterans. In addition, the FTC participated in a training program for servicemembers and their families to discuss ECOA and Regulation B protections.
- The FTC maintained its membership in the Interagency Task Force on Fair Lending, along with the CFPB, DOJ, HUD, and the federal banking regulatory agencies, and participated in the Financial Fraud Enforcement Task Force.
Concerning fair lending, the FTC stated that it provided education on several topics, including those related to credit transactions that fall under Regulation B.
On February 28, the FTC announced it filed a complaint in the U.S. District Court for the District of Puerto Rico alleging a business owner and the companies he operates (defendants) violated the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by allegedly offering deceptive online “free-trial” offers that mislead consumers into enrolling into negative option plans. According to the complaint, the defendants sold skin care products online between February 2016 and August 2017 and marketed a free trial for the products for the cost of around $4.99 in shipping. The complaint alleges consumers who ordered the free trial (i) were charged more than $90 and then subsequently enrolled into a monthly auto-ship program; (ii) were charged for additional products without their consent; and (iii) had a difficult time canceling their enrollment in the auto-ship plan. Moreover, the FTC argues that the defendants avoided detection by using shell companies to obtain merchant processing accounts and fake and real websites in order to avoid detection by credit card companies and law enforcement. The FTC is seeking monetary and injunctive relief against the defendants.
On February 26, the FTC announced its coordination with the CFPB to reauthorize their memorandum of understanding (MOU), which outlines the two agencies’ cooperation under the Consumer Financial Protection Act to prevent duplication of efforts and ensure consistency. The interagency agreement outlines processes for, among other things, coordinated law enforcement activities; consultation on rulemaking activities, including rulemaking regarding prohibitions on unfair, deceptive, and abusive acts or practices; and coordinated sharing of supervisory and examination information, strategic and operational planning, consumer complaint information, and consumer education efforts. The MOU also addresses provisions related to information sharing and claims of confidentiality.
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Buckley Webcast: Get ready for CCPA
- Daniel P. Stipano to discuss "BSA/AML culture of compliance roundtable" at the FiSCA Annual Conference
- Daniel P. Stipano to discuss "Is there a better way to fight money laundering" at the FiSCA Annual Conference
- Michelle L. Rogers to discuss "What's trending in enforcement" at the Mortgage Bankers Association Annual Convention & Expo
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Buckley Webcast: Smoke and mirrors: Navigating the regulatory landscape in banking the marijuana industry
- H Joshua Kotin to discuss "CMS - Components of a successful monitoring program" at the RegList Annual Workshop
- Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Sherry-Maria Safchuk to discuss "Cybersecurity" at the RegList Annual Workshop
- Jeffrey P. Naimon to discuss "Hot topics in mortgage origination" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference