Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 8, the Washington attorney general announced a settlement with a Colorado-based collection agency for alleged unlawful debt collection practices in violation of Washington’s Consumer Protection Act and Collection Agency Act, including assessing fees and costs on consumers even when no funds were captured in the garnishment, operating without a license for over a year, and failing to provide legally required garnishment exemptions to state residents. Under the terms of the consent decree, the debt collection agency must pay back approximately $475,000 in restitution to as many as 5,000 state residents and forgive up to $250,000 in fees and costs to resolve the lawsuit. The debt collection agency must also pay $414,000 to the AG’s office for the cost of the investigation and to fund the ongoing work of the office’s Consumer Protection Division. In addition to paying the fines, the agency is also required to: (i) discontinue assessing fees on consumers from whom the company has not collected funds; (ii) provide legally required garnishment exemptions to consumers; and (iii) incorporate legally required evidence when submitting garnishment judgment applications to the court.
On May 20, the FDIC filed a motion for summary judgment in response to a challenge brought by eight state attorneys general to the FDIC’s valid-when-made rule. As previously covered by InfoBytes, the FDIC’s final rule clarifies that, under the Federal Deposit Insurance Act (FDIA), whether interest on a loan is permissible is determined at the time the loan is made and is not affected by the sale, assignment, or other transfer of the loan. The AGs filed a lawsuit last year (covered by InfoBytes here) arguing, among other things, that the FDIC does not have the power to issue the rule, and asserting that while the FDIC has the power to issue “‘regulations to carry out’ the provisions of the FDIA,” it cannot issue regulations that would apply to nonbanks. The AGs also claimed that the rule’s extension of state law preemption would “facilitate evasion of state law by enabling ‘rent-a-bank’ schemes,” and that the FDIC failed to explain its consideration of evidence contrary to its assertions, including evidence demonstrating that “consumers and small businesses are harmed by high interest-rate loans.”
The FDIC countered that the AGs’ arguments “misconstrue” the rule, which “does not regulate non-banks, does not interpret state law, and does not preempt state law.” Rather, the FDIC argued that the rule clarifies the FDIA by “reasonably” filling in “two statutory gaps” surrounding banks’ interest rate authority. “The rule, which enjoys widespread support from the banking industry, represents a reasonable interpretation of [the FDIA], and should be upheld under Chevron’s familiar two-step framework,” the FDIC stated. Moreover, the FDIC contended, among other things, that the rule is appropriate because the FDIA does not address at what point in time the validity of a loan’s interest rate should be determined and is “silent” about what effect a loan’s transfer has on the validity of the interest rate. The FDIC also challenged the AGs’ argument that it is improperly trying to regulate non-banks, pointing out that the rule “regulates the conduct and rights of banks when they sell, assign, or transfer loans” and that “any indirect effects the rule has on non-banks do[es] not place the rule outside the agency’s authority.”
On May 26, the Colorado attorney general filed a complaint against a Pennsylvania-based student loan servicer that handles the Public Service Loan Forgiveness (PSLF) program, alleging the servicer failed to comply with state law when asked to provide certain documentation. Under the Colorado Student Loan Servicers Act (SLSA), the state is “authorized to conduct examinations and investigations of student loan servicers that are servicing student education loans owned by residents of Colorado.” The SLSA also allows the state to enforce compliance by bringing a civil action to prevent servicers from violating the SLSA and to obtain other appropriate relief. According to the AG’s press release, the state requested information related to the servicer’s handling of the PSLF program during the Covid-19 pandemic. The servicer allegedly refused to produce the requested materials and only provided certain limited documents regarding non-government owned loans related to its business line. The complaint seeks a preliminary and permanent injunction compelling the servicer to comply with the AG’s oversight authority and provide the requested documentation.
On May 18, the New York attorney general announced an agreement with an online water filtration retailer to resolve an investigation into a 2019 data breach that allegedly compromised the sensitive personal information of roughly 324,000 customers. According to the AG, the data breach impacted the retailer’s website for nearly a year, and compromised information including credit card holders’ names, billing addresses, expiration dates, and security codes. The data breach occurred after attackers exploited a known vulnerability in the retailer’s online checkout process that the retailer had not patched. After a credit card payment system management company notified the retailers of suspicious activity, the retailer conducted an internal investigation that “erroneously concluded” that no breach had occurred. After additional reports of compromise, a credit card company asked the retailer to hire a forensic investigator to review the retailer’s systems, and it was this forensic investigation that ultimately discovered “conclusive evidence” of the breach.
Under the terms of the assurance of discontinuance, the retailer is required to pay a $200,000 fine, half of which is suspended unless the retailer is found to have “materially misstated its financial condition.” In addition, the retailer is required to adopt several security measures, including (i) creating a comprehensive information security program; (ii) designing an incident response and data breach notification plan to encompass “preparation, detection and analysis, containment, eradication, and recovery”; (iii) incorporating personal information safeguards and controls, “including encryption, segmentation, penetration testing, logging and monitoring, virus protection policy, custom application code change reviews, authentication policy and procedures, management of service providers, and patch management”; and (iv) agreeing to conduct third-party security assessments over the next five years.
On May 10, the Washington governor signed into law SB 5025, a bill that increases fines for unfair methods of competition and unfair or deceptive acts or practices under the state’s Consumer Protection Improvement Act (Act). Among other things, the bill (i) increases the maximum civil penalty for persons who violate the terms of any injunction issued under the Act from $25,000 to $125,000; (ii) increases the maximum civil penalty for violations of RCW 19.86.030 or 19.86.040 to $180,000 for individuals (previously $100,000) and $900,000 for persons other than individuals (previously $500,000); (iii) increases the maximum civil penalty for violations of RCW 19.86.020 to $7,500 from $2,000; and (iv) provides that unlawful acts or practices targeting or impacting individuals or communities based on characteristics including “age, race, national origin, citizenship or immigration status, sex, sexual orientation, presence of any sensory, mental, or physical disability, religion, veteran status, or status as a member of the armed forces” carry an enhanced penalty of $5,000. Additionally, by December 1, 2022, the Washington attorney general is required to “evaluate the efficacy of the maximum civil penalty amounts established in this section in deterring violations of the consumer protection act and the difference, if any, between the current penalty amounts and the penalty amounts adjusted for inflation, and provide the legislature with a report of its findings and any recommendations.” The Act goes into effect July 25.
On April 21, a coalition of 26 state attorneys general sent a letter urging Congress to exercise its authority under the Congressional Review Act (CRA) and rescind the OCC’s “True Lender Rule” in order to “safeguard states’ fundamental sovereign rights to protect their citizens from financial abuse.” As previously covered by InfoBytes, the OCC’s final rule amended 12 CFR Part 7 to state that a bank makes a loan when, as of the date of origination, it either (i) is named as the lender in the loan agreement or (ii) funds the loan. The final rule also clarified that if “one bank is named as the lender in the loan agreement and another bank funds the loan, the bank that is named as the lender in the loan agreement makes the loan.” In their letter, the AGs expressed concern that the final rule “establishes a simplistic standard to redefine the meaning of ‘true lender,’” enabling predatory lenders to “circumvent” state interest-rate caps through “rent-a-bank” schemes, which would in turn allow banks to act as lenders in name only while passing state law exemptions for banks to non-bank entities. The letter references a complaint filed by eight state AGs against the OCC in January challenging the final rule (covered by InfoBytes here) and argues that in finalizing the rule the OCC “acted in a manner contrary to centuries of case law [and] the OCC’s own prior interpretation of the law,” and seeks to preempt state usury law and “infringe on the States’ historical police powers and facilitate predatory lending.”
In March, both House and Senate Democrats introduced CRA resolutions (see H.J. Res. 35 and S.J. Res. 15) intended to provide for congressional disapproval and invalidation of the OCC’s final rule. The OCC responded on April 14, arguing that “disapproval of the rule would return bank lending relationships to the previous state of legal and regulatory uncertainty, which. . . adversely affects the function of secondary markets and restricts the availability of credit.” The OCC further stated that the final rule is intended to enhance the agency’s ability to supervise bank lending and “does not change bank’s authority to export interest rates” nor does it “permit national banks to charge whatever rate they like” as both federal and state-chartered banks are required to conform to applicable interest rate limits. “Disparities of interest rates from state to state result from differences in the state laws that impose these caps, not OCC rules or actions,” the OCC stressed, adding that “[s]tates retain the authority to set interest rates.” However, the Conference of State Bank Supervisors sent a letter to Congress in support of S.J. Res. 15, disagreeing with the OCC and noting that the final rule, if it stands, would “eviscerate the power of state interest rate caps and rid state regulators of the most effective tool to protect consumers from such predatory lending.”
On April 22, the CFPB and the New York attorney general filed a complaint against the owner of a now-defunct debt-collection firm for allegedly transferring ownership of his $1.6 million home to his wife and daughter for $1 shortly after he received a civil investigative demand and learned that the Bureau and the AG were conducting an investigation into his debt-collection activities. As previously covered by InfoBytes, the Bureau and the AG reached settlements in 2019 with the debt collection operation to resolve allegations that the defendants established and operated a network of companies that harassed and/or deceived consumers into paying inflated debts or amounts they may not have owed. The terms of the settlements imposed civil money penalties and consumer redress and permanently banned the defendants from acting as debt collectors. According to the complaint, the owner defendant has paid nothing toward satisfying the 2019 settlement, nor has he cooperated with the Bureau and the AG’s efforts to obtain relevant financial information. The complaint further claims that the transfer of the property was a fraudulent transfer under the Federal Debt Collection Procedures Act and made with the intent to defraud (a violation of the New York Debtor and Creditor Law), and alleges that the owner defendant “removed and concealed assets in an effort to render the Judgment obtained by the Government Plaintiffs uncollectable.” Moreover, because the property was allegedly “transferred with intent to hinder, delay, or defraud a creditor,” the complaint contends that the owner defendant is “not entitled to claim any homestead exemption.” The complaint asks the court to void the property transfer and to allow seizure of the property. Additionally, the Bureau and the AG request that the house be sold with all proceeds going towards the owner defendant’s 2019 settlement, and seek a monetary judgment against the owner defendant’s wife and daughter for the value of the property as transferees of the fraudulent conveyance of the property.
On April 13, the Minnesota attorney general announced a settlement with a California-based student loan debt relief company that allegedly: (i) collected illegal fees from customers; (ii) misrepresented its services to cease operations in Minnesota by not providing full refunds to its Minnesota consumers; and (iii) violated Minnesota’s Debt Services Settlement Act, Prevention of Consumer Fraud Act, and Uniform Deceptive Trade Practices Act. The AG alleged that the company “falsely promised consumers student-loan forgiveness, when only the federal government can forgive federal student loans.” Under the terms of the settlement, the company is required to pay the AG $18,190.50, which will be used to provide full restitution to consumers. The settlement also requires the company to cease operations in Minnesota until it becomes registered as a debt-settlement service provider.
On April 19, the CFPB issued an interim final rule (IFR) to amend Regulation F, which implements the FDCPA, that will require debt collectors to provide tenants written notice alerting them of their rights under the CDC’s moratorium on evictions in response to the Covid-19 pandemic. Failure to provide notice will be considered a violation of the FDCPA, which may result in a private right of action as well as actual damages, statutory damages, and attorney’s fees. The Bureau noted in its press release that the IFR does not preempt more protective state laws. Additionally, debt collectors are prohibited from misrepresenting renters’ eligibility for temporary protection under the CDC’s moratorium. Sample disclosure language and a summary of the IFR have been provided by the Bureau as well.
The IFR will take effect May 3. Comments are due 15 days after publication in the Federal Register.
On April 9, the Pennsylvania attorney general announced settlements with the former CEO of a since-dissolved lender and a debt collector to resolve claims that the collector charged borrowers interest rates as high as 448 percent on loans and lines of credit. The AG alleged that the former CEO “participated in, directed and controlled” business activities related to the allegedly illegal online payday lending scheme, while the debt collector collected more than $4 million related to Pennsylvania consumers’ loan accounts. The terms of the settlement require the individual defendant to comply with relevant consumer protection laws and limits the individual defendant’s ability to work in the consumer lending industry in Pennsylvania for the next nine years. Additionally, the individual defendant is required to pay the Commonwealth $3 million.
The AG’s office noted that the U.S. District Court for the Eastern District of Pennsylvania also approved a settlement with the debt collector, which requires the company to comply with relevant consumer protection laws and, among other things, undertake the following actions: (i) ensure that all acquired debts, for which it attempts to collect, comply with applicable laws and regulations; (ii) cancel all balances on applicable accounts, take no further action to collect debts allegedly owed by Pennsylvania consumers on these accounts, and notify consumers of the cancellations; (iii) “refrain from engaging in [c]ollections on any [d]ebts involving loans made over the internet by [n]on-bank lenders that violate Pennsylvania laws,” including its usury laws; and (iv) will not sell, re-sell, or assign debt related to applicable accounts, including accounts subject to a previously-negotiated nationwide class action settlement agreement and Chapter 11 bankruptcy plan. Previous InfoBytes coverage related to the payday lending scheme can be found here, here, and here.