InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC bans debt relief scheme operators
On February 28, the FTC announced the permanent ban of the operators (collectively, “defendants”) of a debt relief scheme from processing debt relief payments and ordered the defendants to pay a $5.3 million fine. According to the FTC’s July 2020 complaint, which was filed jointly with the Florida attorney general in the U.S. District Court for the Middle District of Florida, the defendants allegedly engaged in deceptive and abusive practices by selling their credit card interest rate reduction services to consumers in violation of the FTC Act, the Telemarketing Sales Rule, and the Florida Deceptive and Unfair Trade Practices Act. The FTC and Florida AG claimed that the defendants utilized telemarketing calls promising to reduce consumers’ credit card interest rates permanently and substantially, and, after posing as representatives or affiliates of consumers’ credit card companies, the defendants allegedly claimed they could save consumers thousands of dollars in credit card interest and enable them to pay off their debt faster. The complaint also asserted that the defendants, at times, opened new credit cards that offered low introductory interest rates and transferred the balances of consumers’ existing debt to the new cards. For that, customers paid upfront fees of between $995 and $4,995 while also paying “substantial” fees to transfer the balances.
Under the terms of the settlement, the operators are permanently prohibited from participating the debt relief industry, misrepresenting material facts in connection with any product or service, and engaging in deceptive and abusive telemarketing acts and practices, unsubstantiated claims, and other payment practices. Two individual defendants agreed to pay a $225,000 monetary penalty and the other defendant agreed to pay $200,000.
State AGs urge FTC to take action on impersonation scams
On February 23, a coalition of state attorneys general sent a letter to FTC Chair Lina M. Khan, responding to the Commission’s advance notice of proposed rulemaking and urging the FTC to target “impersonation scams” to ensure consumers are protected from harm. As previously covered by InfoBytes, last December the FTC issued a request for comments on a wide range of questions related to government and business impersonation fraud. According to the FTC, reported losses due to impersonation fraud have spiked during the Covid-19 pandemic, with data from the Social Security Administration reporting $2 billion in total losses between October 2020 and September 2021. The AGs commented that overall, they “believe there is a pressing need for FTC rulemaking to address the scourge of impersonation scams impacting consumers across the United States,” noting that “[a] national rule that encompasses and outlaws such commonly experienced scams discussed [within the letter] would assist attorneys general and their partners in reducing consumer harm, maximizing consumer benefits, and holding bad actors to account.” Among other things, the letter discussed state-specific consumer complaints related to business impersonation, document preparation, regulatory compliance, and lead generation scams, and warned that the FTC should explore the means and instrumentalities used in these types of fraud. One example, the AGs pointed out, is impersonators using third-party payment processing services to effectuate their scams, often times requiring certain payment methods for fictitious overdue mortgage, utility, and student loan debts. In stressing the “burgeoning need for a robust standard outlawing impersonation scams,” the AGs stated that “[w]hen a specific type of unfair or deceptive business practice becomes so prevalent, Commission rulemaking is appropriate.” They further added that these efforts are welcomed as part of their ongoing collaborative relationship with the FTC.
Massachusetts settles with auto lender
On February 18, the Massachusetts attorney general announced that a national auto lender entered into a settlement with the Commonwealth resolving allegations that the lender did not provide sufficient disclosures to consumers related to its debt collection practices, with over 1,000 borrowers expected to be eligible for relief. According to the Assurance of Discontinuance (AOD), the lender allegedly failed to provide certain consumers with sufficient information about the calculation methods for any deficiencies remaining on their auto loans after their cars were repossessed. The AOD requires the auto lender to pay $5.6 million in restitution to eligible borrowers, and cover administration and investigation costs associated with the matter. According to Massachusetts Attorney General Laura Healey, the “settlement, which combines cash payments with debt relief and credit repair, will help many subprime borrowers in need.”
Texas AG issues CID to video streaming company
On February 18, the Texas attorney general issued two Civil Investigative Demands (CIDs) to a video streaming company that focus on the company’s potential facilitation of human trafficking and child privacy violations, as well as other potential unlawful conduct. According to the CIDs, the company allegedly violated section 140A.002, Civil Racketeering Related to Trafficking of Persons, of the Texas Civil Practice and Remedies Code. The CID orders to company to: (i) provide answers and documents in response to the CID; (ii) preserve documents and/or other data which relate to the subject matter or requests of the CID; and (iii) consult the AG prior to processing or making copies of hard-copy documents or electronically stored information in response the CID.
FCC proposes record $45 million fine against robocaller
On February 18, the FCC released a proposed $45 million fine against a lead generator accused of conducting an illegal robocall campaign that made false claims about the Covid-19 pandemic to induce consumers into purchasing health insurance. This is the FCC’s largest ever proposed robocall fine to date. According to the FCC, the lead generator violated the TCPA by placing 514,467 robocalls to cellphones and landlines without subscribers’ prior express consent or an emergency purpose. The Florida-based lead generator allegedly purchased lists of phone numbers from third-party vendors and acquired phone numbers from consumers seeking health insurance quotes online, “without clearly disclosing that, by providing contact information, the consumers would be subject to robocalls.” It then left prerecorded voice messages marketing insurance plans sold by companies that had hired the lead generator. Many of these robocalls, the FTC claimed, were also unlawfully made to consumers on the Do Not Call Registry. FCC Chairwoman Jessica Rosenworcel issued a statement announcing that, in addition to the record fine, the Commission also established a new partnership with 16 state attorneys general in order to share information and resources to mitigate robocalls.
Agencies defeat states’ valid-when-made challenge
On February 8, the U.S. District Court for the Northern District of California granted cross-motions for summary judgment in favor of the OCC and FDIC (see here and here), upholding their respective rules which clarify that interest charges that are permissible when a loan is originated “shall not be affected by the sale, assignment, or other transfer of the loan.” The judgments resolve lawsuits brought by several state attorneys general in 2020, challenging both the OCC’s final rule on “Permissible Interest on Loans that are Sold, Assigned, or Otherwise Transferred” (known also as the valid-when-made rule) and the FDIC’s final rule which clarified that under the Federal Deposit Insurance Act (FDIA), whether interest on a loan is permissible is determined at the time the loan is made and is not affected by the sale, assignment, or other transfer of the loan.
In the OCC matter, the states’ argued that the agency’s valid-when-made rule (which effectively reversed the U.S. Court of Appeals for the Second Circuit’s 2015 Madden v. Midland Funding decision, and was covered by InfoBytes here) impermissibly preempts state law, is contrary to the plain language of section 85 (and section 1463(g)(1)), and contravenes the judgment of Congress, which declined to extend preemption to nonbanks. Moreover, the states contended that the OCC failed to give meaningful consideration to the commentary received regarding the rule, essentially enabling “‘rent-a-bank’ schemes.” The OCC countered that its rule does not preempt state law but rather “merely interprets” banks’ authority to charge interest. (Covered by InfoBytes here.) The court agreed with the OCC, holding that the OCC was interpreting the scope of 12 U.S.C. § 85, not determining whether to preempt state laws, and therefore was not required to follow the procedures set forth in 12 U.S.C. § 25b as the states alleged, including consulting with the CFPB. Applying the Chevron framework, the court upheld the OCC’s interpretations of the National Bank Act and Home Owners’ Loan Act. Acting Comptroller of the Currency Michael J. Hsu issued a statement following the decision, in which he emphasized that while the court’s order “affirmed the validity of the OCC’s rule,” the “legal certainty should be used to the benefit of consumers and not be abused.” He added that the agency “is committed to strong supervision that expands financial inclusion and ensures banks are not used as a vehicle for ‘rent-a-charter’ arrangements.”
In the FDIC matter, the states argued, among other things, that the FDIC did not have the power to issue the final rule under 12 U.S.C. § 1831d, and asserted that while the FDIC may issue “regulations to carry out” the provisions of the FDIA, it cannot issue regulations that would apply to nonbanks. The states also claimed that the rule’s extension of state law preemption would facilitate evasion of state law by enabling “rent-a-bank” schemes. The FDIC countered that the states’ arguments misconstrue the rule, which does not regulate nonbanks, does not interpret state law, and does not preempt state law. Rather, the FDIC argued that the rule clarifies the FDIA by “reasonably” filling in “two statutory gaps” surrounding banks’ interest rate authority. (Covered by InfoBytes here.) The court rejected the states’ argument that the FDIC exceeded its authority, and held that under Chevron, the agency’s interpretation of 12 U.S.C. § 1831d is not unreasonable. In upholding the FDIC’s interpretation, the court stated that the final rule “does not purport to regulate either the transferee’s conduct or any changes to the interest rate once a transaction is consummated.”
D.C. reaches nearly $4 million settlement with online lender to resolve usury allegations
On February 8, the District of Columbia attorney general announced a nearly $4 million settlement with an online lender to resolve allegations that lender marketed high-costs loans carrying interest rates exceeding D.C.’s interest rate cap. As previously covered by InfoBytes, the AG filed a complaint in 2020, claiming the lender violated the District of Columbia Consumer Protection Procedures Act (CPPA) by offering two loan products to D.C. residents carrying annual percentage rates (APR) ranging between 99-149 percent and 129-251 percent. Interest rates in D.C., however, are capped at 24 percent for loans with the rate expressed in the contract (loans that do not state an express interest rate in the contract are capped at six percent), and licensed money lenders that exceed these limits are in violation of the CPPA. According to the AG, the lender—who allegedly never possessed a money lending license in D.C.—violated the CPPA by (i) unlawfully misrepresenting it was allowed to offer loans in D.C. and failing to disclose or adequately disclose that its loans contain APRs in excess of D.C. usury limits; (ii) engaging in unfair and unconscionable practices through misleading marketing efforts; and (iii) violating D.C. usury laws.
Under the terms of the settlement, the company is required to (i) pay at least $3.3 million in restitution to refund alleged interest overcharges to D.C. borrowers; (ii) provide more than $300,000 in debt forgiveness to D.C. borrowers who would have paid future interest amounts in connection with an outstanding loan balance; and (iii) pay $450,000 to the District. According to the announcement, the company has also agreed that it “will not on its own, or working with third parties such as out of state banks, engage in any act or practice that violates the CPPA in its offer, servicing, advertisement, or provision of loans or lines of credit to District consumers.” The company is also prohibited from charging usurious interest rates, must delete negative credit information associated with its loans and lines of credit, and may not represent that it can offer loans or lines of credit in D.C. without first obtaining a D.C. money lender license.
Georgia reaches settlement with rent-to-own company over deceptive business practices
On February 8, the Georgia attorney general announced a settlement with a rent-to-own company accused of allegedly engaging in deceptive sales and marketing practices and violating the FDCPA. While the company did not admit to the allegations, it agreed to pay $145,590 in civil money penalties, with an additional $170,910 due if the company violates any of the settlement terms. The company is also required to (i) ensure its advertising, sales, and marketing practices comply with the Georgia Fair Business Practices Act and the Georgia Lease-purchase Agreement Act; (ii) refrain from engaging in harassing and unlawful debt collection practices; and (iii) verify debts are accurate before placing them with a third-party collection agency. “Our office takes seriously allegations of deceptive business practices, and companies that take advantage of our citizens will be held accountable,” the AG stated.
Colorado releases guidance on data privacy and security in advance of CPA implementation
On January 28, the Colorado attorney general issued prepared remarks and guidance on data security best practices in advance of the implementation of the Colorado Privacy Act (CPA). As covered by a Buckley Special Alert, the CPA was enacted last July to establish a framework for personal data privacy rights and provides consumers with numerous rights, including the right to access their personal data, opt-out of certain uses of personal data, make corrections to personal data, request deletion of personal data, and obtain a copy of personal data in a portable format. The Colorado AG has enforcement authority for the CPA, which does not have a private right of action. The CPA is effective July 1, 2023 with certain opt-out provisions taking effect July 1, 2024.
AG Phil Weiser stated that, by this fall, his office will post a formal Notice of Proposed Rulemaking, including a proposed set of model rules, with the goal of adopting a final rule roughly a year from now. AG Weiser also outlined best practices that will be weighed in determining whether a company is acting reasonably to safeguard sensitive information. Notably, the AG’s office will first evaluate whether a company has identified the types of data it collects and established a system for storing and managing that data (including disposal procedures). Considerations will then be made as to whether the company has a written information security policy and a written data incident response plan. The AG’s office will also examine a company’s practices for monitoring vendors’ data security measures. AG Weiser also referenced the recently released Data Security Best Practices guidance, which outlines key steps companies should take to protect consumer data, including ways to adopt information security and incident response policies, train employees on mitigating and responding to cybersecurity attacks, and notify appropriate parties in the event of a data breach, among other topics.
California investigating loyalty programs for CCPA compliance
On January 28, the California attorney general announced an “investigative sweep” of businesses operating loyalty programs in the state. The California Consumer Privacy Act (CCPA), which became effective January 1, 2020, requires businesses that offer financial incentives in exchange for personal information, including loyalty programs, to provide consumers with a notice that clearly describes the material terms of the financial incentive program before consumers opt-in. (See InfoBytes coverage of the CCPA here.) Notices of noncompliance were sent to several businesses whose loyalty programs allegedly violated the CCPA, including data brokers, marketing companies, businesses handling children’s information, media outlets, and online retailers. Businesses have 30 days to cure or fix the alleged violation and come into compliance with the law before the initiation of an enforcement action. “I urge all businesses in California to take note and be transparent about how you’re using your customer’s data,” Attorney General Rob Bonta stated in the announcement. “My office continues to fight to protect consumer privacy, and we will enforce the law.”