InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ, FTC, Wisconsin AG sue timeshare scammers
On November 22, the DOJ, FTC, and the Wisconsin attorney general announced a civil enforcement action against 16 defendants for allegedly using deceptive sales practices to sell timeshare “exit services” to consumers, mostly involving senior citizens. The complaint, which was filed in the U.S. District Court for the Eastern District of Missouri, alleged that the defendants failed to assist consumers in exiting their timeshare contracts while collecting large fees for the incomplete service. The complaint also alleged that the defendants deceived consumers into registering for timeshare exit services by, among other things, falsely claiming that consumers could not exit timeshare contracts on their own, and that the defendants were affiliated with legitimate companies. The complaint further alleged that the defendants failed to notify consumers of their rights under federal and state law to cancel their contracts with defendants within three business days. The complaint noted that the defendants allegedly deceived consumers into paying over $90 million to the defendant companies for services that were not delivered. The complaint also stated that the defendants’ actions violated the FTC Act, the FTC’s rule concerning the cooling-off period for sales made at home or other locations, and certain Wisconsin state laws concerning fraudulent misrepresentations and direct marketing. The complaint seeks monetary relief, civil penalties, and injunctive relief. According to the DOJ, the defendants’ timeshare exit services are also the subject of lawsuits filed by the Alaska and Missouri attorneys general in June 2022.
Tech company to pay $391.5 million to resolve data tracking allegations
On November 10, forty states and a multinational technology company reached a $391.5 million settlement resolving allegations that the company tracked users’ locations even after they believed the feature was turned off. According to the assurance of voluntary compliance, the company allegedly misrepresented and omitted, among other things, material information regarding the location history and web and app activity settings, which “confused users about how location information would be captured, stored, and used without users’ knowledge or consent.” Additionally, the company allegedly used deceptive and unfair practices in a setting “that purports to allow users to opt out of personalized advertising and allows users to ‘control’ [the company’s] use of their location information.” The company agreed to, among other things: (i) “issue a pop-up notification to users who have location history or web & app activity enabled at the time of the notification”; (ii) “send an email to users who have location history or web & app activity enabled at the time of the notification”; and (iii) design and present a location technologies page “in a clear and conspicuous disclosure.”
8th Circuit pauses student debt relief program
On November 14, the U.S. Court of Appeals for the Eighth Circuit granted an emergency motion for injunction pending appeal filed by state attorneys general from Nebraska, Missouri, Arkansas, Iowa, Kansas, and South Carolina to temporarily prohibit the Secretary of Education from discharging any federal loans under the agency’s student debt relief plan (announced in August and covered by InfoBytes here). Earlier in October, the 8th Circuit issued an order granting an emergency motion filed by the states, which requested an administrative stay prohibiting the discharge of any student loan debt under the cancellation plan until the appellate court had issued a decision on the states’ motion for an injunction pending an appeal. (Covered by InfoBytes here.) The October order followed a ruling issued by the U.S. District Court for the Eastern District of Missouri, which dismissed the states’ action for lack of Article III standing after concluding that the states—which attempted “to assert a threat of imminent harm in the form of lost tax revenue in the future”— failed to establish imminent and non-speculative harm sufficient to confer standing.
In granting the emergency motion, the appellate court disagreed with the district court’s assertion that the states lacked standing. The 8th Circuit reviewed whether the state of Missouri could rely on any harm the Missouri Higher Education Loan Authority (MOHELA) might suffer as a result of the Department of Education’s cancellation plan. The appellate court found that the relationship between MOHELA and the state is relevant to the standing analysis, especially as Missouri law specifically directs MOHELA (which receives revenue from the student loan accounts it services) to distribute $350 million into the state’s treasury. As such, “MOHELA may well be an arm of the State of Missouri” under this reasoning, the appellate court wrote, adding that several district courts have concluded that MOHELA is an arm of the state. However, regardless of whether MOHELA is an arm of the state, the resulting financial impact due to the cancellation plan would, among other things, affect the state’s ability to fund public higher education institutions, the 8th Circuit noted. “Consequently, we conclude Missouri has shown a likely injury in fact that is concrete and particularized, and which is actual or imminent, traceable to the challenged action of the Secretary, and redressable by a favorable decision,” the appellate court wrote, adding that since one party likely has standing it does not need to address the standing of the other states. The appellate court also determined that “the equities strongly favor an injunction considering the irreversible impact the Secretary’s debt forgiveness action would have as compared to the lack of harm an injunction would presently impose.” The 8th Circuit explained that it considered several criteria, including the fact that the collection of student loan payments and the accrual of interest have both been suspended. The Missouri attorney general released a statement applauding the 8th Circuit’s decision.
The 8th Circuit’s decision follows a recent ruling issued by the U.S. District Court for the Northern District of Texas, which found that the student loan forgiveness program is “an unconstitutional exercise of Congress’s legislative power.” (Covered by InfoBytes here.)
States reach multi-million dollar CRA data breach settlement
On November 7, a coalition of 40 state attorneys general, co-led by Massachusetts and Illinois, reached settlements with a credit reporting agency (CRA) and a telecommunications company related to data breaches in 2012 and 2015 that impacted the personal information of millions of consumers nationwide. According to the announcement, in 2012, an identity thief posing as a private investigator accessed and retrieved sensitive personal information, such as names, Social Security numbers, addresses, and/or phone numbers from a database company that the CRA purchased. The states claimed that the identity thief (who has since pleaded guilty to federal criminal charges for wire fraud, identity fraud, access device fraud, and computer fraud and abuse, among other charges) accessed the information prior to the acquisition and continued to do so afterwards. Affected consumers were allegedly never informed of the data breach. Later, in 2015, the CRA reported it experienced a data breach affecting personal information, including consumers’ driver’s license and passport numbers, as well as information used by the telecommunications company to make credit assessments, which the CRA stored on behalf of the telecommunications company. Following the breach, the CRA offered two years of credit monitory services to affected consumers.
Under the terms of the settlements (see here and here), the CRA has agreed to pay a combined total of $13.67 million to the states in connection with the 2012 and 2015 data breaches, and will strengthen its data security practices. According to the announcement, these measures will require the CRA to (i) maintain comprehensive incident response and data breach notification plans; (ii) strengthen the vetting and oversight of third parties that have access to consumers’ personal information; (iii) develop an Identity Theft Prevention Program to detect potential red flags in customer accounts; (iv) not misrepresent to consumers the extent to which the privacy and security of their personal information is protected; (v) strengthen due diligence provisions to ensure the CRA properly vets acquisitions and evaluates data security concerns prior to integration; and (vi) implement data minimization and disposal requirements, including undertaking specific efforts designed to reduce the use of Social Security numbers as an identifier. The CRA will also offer affected consumers five years of free credit monitoring services, during which time consumers will be able to receive two free copies of their credit report annually.
Separately, the telecommunications company agreed to pay more than $2.43 million to the states, and will maintain a written information security program, including vendor management provisions to ensure vendors take reasonable security measures to safeguard consumers’ personal information. This will involve, among other things, maintaining a third-party risk management team to oversee vendors’ security, outlining specific security requirements in vendor contracts, and employing a variety of security assessment and monitoring practices to confirm vendor compliance. The telecommunications company will also provide employee training on the requirements of its information security measures and implement a written cyber incident and response plan to prepare for and respond to security events.
Massachusetts settles with debt payment processor
On November 7, the Massachusetts attorney general announced a settlement with a payment processing company to resolve claims that it provided substantial assistance to a debt settlement provider engaged in unlawful business practices that charged consumers premature and inflated fees in violation of state and federal law. According to an assurance of discontinuance filed in Suffolk Superior Court, the company processed settlement and fee payments for consumers enrolled in various debt settlement programs, including those offered by a debt settlement provider that was previously fined $1 million by the AG’s office for allegedly harming financially-distressed consumers. (Covered by InfoBytes here.) The newest settlement resolves claims that the company transferred unlawful fee payments to the debt settlement provider despite having knowledge of the alleged misconduct and even after the provider was sued by the AG’s office. Without admitting any facts, liability, or wrongdoing, the company has agreed to pay $600,000 to the Commonwealth, and will, according to the announcement, “make meaningful business practice changes that would prevent it from transferring untimely fees from any Massachusetts consumer account to any debt settlement company.”
Pennsylvania sues lead generator for facilitating telemarketers’ robocalls
On November 3, the Pennsylvania attorney general announced a lawsuit against a New York-based lead generation company that connects advertisers to potential new customers through the consumers’ personal data for allegedly causing hundreds of thousands of robocalls to be placed to consumers in the Commonwealth. The defendant, along with several of its subsidiaries, allegedly collected personal information, including phone numbers and personal information of consumers on Pennsylvania’s Do Not Call List, that was then sold to telemarketing companies. According to the complaint, the defendants allegedly engaged in deceptive and misleading business practices in connection with their lead-generation practices, by obtaining consumers’ information through various promotional opportunities without clearly disclosing that by providing their contact information, consumers were consenting to receiving telemarketing calls from hundreds of potential sellers. The complaint alleges that from 2018 to 2021, over 4.2 million Pennsylvania consumers registered their information on one of the defendants’ websites. “Under the [Telemarketing Sales Rule (TSR)], a consumer’s express agreement to accept calls delivering a prerecorded message may not be obtained by a lead generator, who is not a seller or a telemarketer. The express agreement must be obtained directly by the seller or telemarketer from the consumer,” the complaint said. Moreover, even if the defendants were not directly making the telemarketing calls themselves, assisting and facilitating the calls is itself a violation of the rules, the complaint noted.
The defendants are charged with violating several federal and state telemarketing laws, including the TSR, and Pennsylvania’s Telemarketer Registration Act (TRA) and Pennsylvania’s Unfair Trade Practices and Consumer Protection Law. The AG’s office seeks a declaration permanently enjoining the defendants from violating the telemarketing and consumer protection laws, along with civil penalties of $1,000 per violation and $3,000 per violation involving a victim age 60 or older. The suit also seeks disgorgement, costs, and a permanent bar on selling consumer data collected in violation of the TSR and TRA.
States launch investigation into banks’ ESG investing and banking
On October 19, a coalition of 19 state attorneys general, led by Missouri, Arizona, Kentucky, and Texas, announced that six large U.S. banks were served civil investigative demands (CIDs) asking for information related to their involvement with the U.N.’s Net-Zero Banking Alliance (NZBA). The Missouri AG’s office, which has led the opposition against ESG (environmental, social, governance) investing and banking practices, stated that NZBA-member banks are required to set emissions reduction targets in their lending and investment portfolios to reach net zero by 2050. According to the Missouri AG, the NZBA serves to “starve companies engaged in fossil fuel-related activities of credit on national and international markets” by requiring banks to cede authority to the U.N. The CIDs seek information from the banks on topics related to, among other things, (i) their involvement in affiliated global climate initiatives; (ii) how NZBA and Principles for Responsible Banking objectives have been incorporated into their operations; and (iii) the extent to which the banks have fulfilled their “commitment to ‘facilitat[e] the necessary transition in the real economy through prioritizing client engagement and offering products and services to support clients’ transition,’” as well as their “commitment to ‘engag[e] on corporate and industry (financial and real economy) action, as well as public policies, to help support a net-zero transition of economic sectors in line with science and giving consideration to associated social impacts.’”
West Virginia AG pings CFPB on "unconstitutionally appropriated" funds
On October 24, the West Virginia attorney general sent a letter to CFPB Director Rohit Chopra, and to the leadership of both the House Financial Services Committee and the Senate Banking Committee, regarding the constitutionality of the Bureau’s continuing operation. As previously covered by a Buckley Special Alert, the U.S. Court of Appeals for the Fifth Circuit held that the CFPB funding structure created by Congress violated the Appropriations Clause of the Constitution, which provides that “no money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law.” The 5th Circuit ruled that, although the CFPB spends money pursuant to a validly enacted statute, the structure violates the Appropriations Clause because the CFPB obtains its funds from the Federal Reserve (not the Treasury), the CFPB maintains funds in a separate account, the Appropriations Committees do not have authority to review the agency’s expenditures, and the Bureau exercises broad authority over the economy. In the letter, the AG argued that the Bureau cannot discharge its duties in a constitutionally permissible way. He further noted that the Bureau “plainly cannot do that with a funding scheme that ‘sever[s] any line of accountability between [Congress] and the CFPB.’” The AG urged the Bureau to reassess its future plans and to reevaluate whether its present regulations have any effect. The letter also requested answers to a series of questions, no later than November 1: (i) “Does the agency believe that any of the regulations that it promulgated under the unconstitutional funding scheme remain in effect? If so, which ones—and why? Similarly, how does the decision affect past enforcement actions?”; and (ii) “What plans does the Bureau plan to undertake to comply with the ruling? How will its ongoing enforcement efforts be effected? How will this change affect any promulgation of regulations? How will bank supervision continue, if at all?”
New Jersey reaches $495 million RMBS settlement with Swiss bank
On October 17, the New Jersey attorney general’s office announced it had reached a $495 million agreement in principle with a Swiss bank to resolve allegations related to its residential mortgage-backed securities (RMBS) practices leading up to the 2008 financial crisis. The AG stated that if finalized, the settlement will be one of the state’s largest civil monetary recoveries in history. According to the AG, the bank violated New Jersey’s securities laws by making material misrepresentations about the risks of the RMBS in offering documents, including by purportedly failing to disclose to investors material defects about the underlying mortgages. The announcement further stated that the bank allegedly sold the RMBS through registration statements, prospectuses, and other offering materials that contained fraudulent representations about the quality of the underlying loans, and allegedly “failed to disclose to investors the wholesale abandonment of underwriting guidelines designed to ensure that the mortgage loans underlying its securities trusts were made in accordance with appropriate lending guidelines; that numerous loan originators had poor track records of defaults and delinquencies; and that some loan originators had even been suspended from doing business with [the bank].” While neither admitting nor denying the allegations, the bank agreed to pay a $100 million civil monetary penalty and will provide approximately $300 million in restitution for affected investors. The bank is also permanently enjoined from future violations of state securities laws.
Pennsylvania announces two settlements involving auto title loans
On October 14, the Pennsylvania AG announced a settlement with the owners of an auto title loan business. According to the settlement, the company made unlawful loans to Pennsylvania borrowers carrying annual interest rates over 200 percent. Under the terms of the settlement, the owners must refund over $1.5 million in unlawful interest charges to consumers. The refunds are in addition to the $3.2 million in debt cancellation victims received under an October 2021 order. The owners are also prohibited from, among other things, knowingly participating in, owning, or working for any company that extends credit to Pennsylvania residents, for seven years after they make their last payment under the settlement.
The Pennsylvania AG also announced a settlement with a Florida-based auto title lender for alleged violations of Pennsylvania usury laws and unfair and deceptive business practices. Under the terms of the settlement, the company, among other things, must cancel all outstanding loans made to Pennsylvania consumers, and refund Pennsylvania consumers all fees and interest they paid, which will result in nearly 200 consumers receiving refunds in the amount of $99,541.