InfoBytes Blog

FTC settles with credit repair companies

On January 17, the FTC announced it had reached settlements with a number of defendants alleged to have operated “an unlawful credit repair scam that has deceived consumers across the country.” According to the FTC’s complaint, the defendants purportedly made false representations to consumers regarding their abilities to improve credit scores, falsely promised to remove any negative entries on the consumers’ credit reports, illegally collected upfront fees from consumers before the services were fully performed, and used threats and coercion to intimidate consumers from disputing charges. The FTC alleged these misleading statements and illegal actions violated TILA, the FTC Act, the Telemarketing Act, and the Credit Repair Organizations Act, among other things. Additionally, the FTC claimed that the defendants “routinely engage in electronic fund transfers from consumers’ bank accounts without obtaining proper authorization, and use remotely created checks to pay for credit repair services they have offered through a telemarketing campaign, in violation of the TSR.” The defendants, without admitting or denying the allegations, agreed to settlements that ban the defendants from offering credit repair services through “advertising, marketing, promoting, offering for sale, or selling,” impose a total monetary penalty of nearly $14 million, and require several defendants to turn over the contents of bank and merchant accounts as well as investment and cryptocurrency accounts. See the settlements here, here, and here.

Federal Issues Agency Rule-Making & Guidance Settlement Enforcement FTC FTC Act TILA TSR CROA Telemarketing Sales Rule Telemarketing and Consumer Fraud and Abuse Prevention Act Credit Repair

Democratic Congressmen ask GAO to look at alternative data in mortgage lending

On January 16, Democratic members of the House Financial Services Committee sent a letter to the Government Accountability Office (GAO) inquiring about the benefits and drawbacks of using alternative data in mortgage lending, as well as the federal government’s role in overseeing the use of alternative data credit reporting agencies (CRAs) and lenders. The letter notes that while alternative data can be useful in helping lenders identify creditworthy potential borrowers who cannot be scored by CRAs through traditional measures, questions remain about how the use of alternative data may affect compliance with fair lending laws, including the Equal Credit Opportunity Act and Fair Housing Act. “While some alternative data, such as rental payment history, may provide an objective measure of creditworthiness, others might enable discrimination on the basis of a protected class, or infringe upon consumer privacy,” the letter cautions. The letter asks GAO to study the use of alternative data in expanding access to credit, with a particular focus on mortgage credit, and poses the following questions:

• How have different entities used alternative data to expand access to mortgage credit? Specifically, can alternative data determine consumer creditworthiness and whether a consumer is able to repay a mortgage? Additionally, are there certain alternative data sources that are better at predicting creditworthiness or some that are more likely to raise concerns about correlations with discriminatory factors? Furthermore, what federal activity has there been in this space?
• What are the potential benefits and risks associated with using alternative data and financial technology for access to mortgage credit, and are there variations in these benefits and risks across different groups, including minorities and younger borrowers?
• What potential risks does alternative data pose to fair lending compliance, and are the regulatory and enforcement agencies that govern the credit-granting system equipped to manage and prepare for an increased use of alternative data in mortgage lending?
• How do the benefits and trade-offs of other options for expanding access to mortgage credit compare to the use of alternative data in credit scoring?

Federal Issues House Financial Services Committee Alternative Data GAO Mortgages Consumer Finance ECOA Fair Housing Act

OCC releases December enforcement actions

On January 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include formal agreements, prohibition orders, and terminations of existing enforcement actions against individuals and banks. Included among the actions is a formal agreement issued against an Illinois-based bank on December 18 for alleged unsafe or unsound practices relating to, among other things, consumer compliance. The agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) implement a written consumer compliance program. This program must also include a policies and procedures manual that covers all consumer protection laws, rules, and regulations to which the bank should adhere, an independent audit program, and training of bank personnel in the consumer protection laws, rules, and regulations as appropriate.

Federal Issues Agency Rule-Making & Guidance Bank Compliance Enforcement OCC

FDIC, OCC issue joint notice of heightened cybersecurity risk

On January 16, the FDIC and the OCC announced (FDIC FIL-3-2020, OCC Bulletin 2020-5) the issuance of a joint statement on risk management of current heightened cybersecurity risks. The statement reminds supervised financial institutions to maintain preventative controls and update and test incident response and business continuity plans. It also sets out best practices in these areas for supervised financial institutions.

The bulletin lists six “key controls” including:

• Response, resilience and recovery capabilities. Maintain system backups and segment data to prevent spread of malicious activity across the network and to increase recovery capabilities. Incident and business resilience plans should set out cyber attack response and business continuity procedures and a data backup program should be set up and regularly tested. Cyber insurance coverage may further mitigate cyber risk exposure.
• Identity and access management. Implement identity and access management controls to combat phishing attacks and prevent theft of login credentials. Incorporate risk-based authentication, limit user permissions, and continually monitor user accounts.
• Network configuration and system hardening. Configure networks with appropriate security settings that are regularly updated. Update anti-malware and routinely test network technology for vulnerabilities.
• Employee training. Provide continuous training to keep cybersecurity program employees abreast of new cyber threats and evolving social engineering tactics.
• Security tools and monitoring. Maintain competent cybersecurity staff or service providers to monitor for the most current “threat and vulnerability information,” regularly review audit logs, and establish and test ability to “detect and respond to attacks.”
• Data protection. Encrypt “sensitive and critical data,” which should also be accurately classified to ensure ease in identification.

Federal Issues FDIC OCC Bank Supervision Risk Management Privacy/Cyber Risk & Data Security

Special Alert: NYDFS accelerates Libor transition planning

On December 23, 2019, the New York Department of Financial Services issued an “Industry Letter” requesting that each NYDFS-regulated institution submit the institution’s plan for addressing the transition away from Libor-based credit, derivative, and securities exposures. The NYDFS letter has spurred additional focus by financial institutions in the issue, and not only by those regulated by NYDFS. This Client Alert summarizes the current state of play in Libor transition, and outlines some key considerations for developing a Libor transition plan.

* * *

Click here to read the full special alert.

If you have any Libor-related questions please contact a Buckley attorney with whom you have worked in the past.

Federal Issues Special Alerts LIBOR NYDFS Risk Management SOFR

After settlement, six remain in FTC robocalling suit

On January 10, the FTC announced that it entered into two settlement agreements: one with a call center and two individuals, and one with an additional individual (together, “the settling defendants”) that it claims made illegal robocalls to consumers as part of a cruise line’s telemarketing operation allegedly aimed at marketing free cruise packages to consumers. According to the two settlements (see here and here), the settling defendants “participated in unfair acts or practices in violation of . . . the FTC Act, and the FTC’s Telemarketing Sales Rule [(TSR)]” by “(a) placing telemarketing calls to consumers that delivered prerecorded messages; (b) placing telemarketing calls to consumers whose telephone numbers were on the National Do Not Call Registry; and (c) transmitting inaccurate caller ID numbers and names with their telemarketing calls.” The defendants are permanently banned from making telemarketing robocalls, and have been levied judgments totaling $7.8 million, all but $2,500 of which has been suspended due to the defendants’ inability to pay.

Also on January 10, the FTC filed a complaint in the U.S. District Court for the Middle District of Florida against the remaining six defendants allegedly involved in the telemarketing operation, for violations of the FTC Act and TSR based on the same actions alleged against the settling defendants.

Federal Issues Robocalls FTC Telemarketing Sales Rule FTC Act Settlement Enforcement

CFPB denies petitioner’s request to postpone CID pending Seila decision

On December 26, the CFPB denied a petition by a student loan relief company to modify or set aside a civil investigative demand (CID) issued by the Bureau last October. According to the company’s petition, the CID requested information as part of an investigation into the company’s promotion of student loan debt relief programs. As previously covered by InfoBytes, stipulated orders were entered against the company by the FTC and the Minnesota attorney general for violations of TILA and the assisting and facilitating provision of the Telemarketing Sales Rule, which resulted in the company being permanently banned from engaging in transactions involving debt relief products and services or making misrepresentations regarding financial products and services. In its petition, the company argued that the CFPB’s requests were duplicative of the FTC’s earlier investigation. The company also argued that the documents and materials sought in the CID were overly burdensome and the time frame to respond was too short. Furthermore, the company stated that until the U.S. Supreme Court issues a decision in Seila Law v. CFPB on whether the Bureau’s structure violates the Constitution’s separation of powers under Article II, the CID should either be withdrawn or stayed because of the uncertainty surrounding the Bureau’s ability to proceed with enforcement actions.

The Bureau denied the petition, arguing that “the administrative CID petition process is not the proper forum for raising and deciding constitutional challenges to provisions of the Bureau’s statute.” The Bureau also noted that the company failed to show that it engaged with Bureau staff on ways to alleviate undue burden, such as proposing modifications to the substance of the requests, and that even though the Bureau proposed an extension to the CID deadline, the company did not seek such an extension.

Federal Issues CFPB CIDs Single-Director Structure Enforcement Seila Law FTC State Attorney General TILA Telemarketing Sales Rule Debt Relief

Senate Democrats ask IG to investigate CFPB restitution penalties

On January 13, fifteen Democratic Senators, led by Senators Catherine Cortez Masto (D-NV) and Sherrod Brown (D-OH) sent a letter to the Inspector General of the Federal Reserve Board calling for an investigation into the CFPB’s restitution penalties levied against companies accused of wrongdoing. The Senators claim that the Bureau’s restitution approach “creates a perverse incentive for companies to violate the law by allowing them to retain all or nearly all of the funds they illegally obtain from consumers.” The letter asks the Inspector General to investigate four recent settlements to examine how the Bureau determines restitution awards and whether the applied standard for restitution differs from the standard applied by courts and in prior CFPB settlements.

Included among the examples of actions for which consumers were provided limited to zero restitution is a recent settlement with a debt collector accused of engaging in improper debt collection tactics. As previously covered by InfoBytes, the company agreed to pay $36,878 in redress to harmed consumers, limiting the restitution to “only those consumers who affirmatively ‘complained about a false threat or misrepresentation’” by the company, the Senators wrote. Specifically, the Senators seek to determine the number of consumers who may have been excluded from the settlement because they did not affirmatively complain about the company’s behavior. A second example highlights an action taken against a group of payday lenders that allegedly, among other things, misrepresented to consumers an obligation to repay loan amounts that were voided because the loan violated state licensing or usury laws. (Previously covered by InfoBytes here.) According to the Senators, the settlement “dropped the requests for restitution and other relief for victimized consumers.” The letter also references a report released last October by the House Financial Services Committee (covered by InfoBytes here) following an investigation into these particular settlements, in which the Bureau responded “that it did not seek restitution in these cases because it could not determine ‘with certainty’ which consumers had been harmed or the amount of the harm.”

Federal Issues CFPB U.S. Senate Enforcement Restitution

SEC announces 2020 OCIE exam priorities

On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include: 

• Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
• Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
• Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
• Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
• Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
• Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
• FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.

Securities Federal Issues Agency Rule-Making & Guidance Fintech Anti-Money Laundering Bank Secrecy Act SEC Risk Management Vendor Management Privacy/Cyber Risk & Data Security FINRA Customer Due Diligence

CFPB and Utah AG to hold joint office hours in Salt Lake City

On January 9, the CFPB and the Utah attorney general’s office announced that the first of the American Consumer Financial Innovation Network’s (ACFIN) joint office hours will be held in Salt Lake City, Utah on January 30. The CFPB’s announcement states that the office hours are intended to “provide innovators with the opportunity to discuss issues such as financial technology, innovative products or services, regulatory sandboxes, no action letters, and other matters related to financial innovation with officials from the CFPB and state partners.” As previously covered by InfoBytes, the CFPB, along with a number of state regulators, established ACFIN in September with the aim of reducing “regulatory burdens” and increasing “regulatory certainty for innovative financial products and services.” Members of ACFIN currently include state AGs from Alabama, Alaska, Arizona, Colorado, Georgia, Indiana, South Carolina, Tennessee, and Utah; and state financial regulators from Florida, Georgia, Missouri, and Tennessee. ACFIN membership is open to any state and federal partners interested in joining. 

Federal Issues CFPB State Attorney General Consumer Finance ACFIN Fintech Regulatory Sandbox State Regulators