InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Ohio enacts robocall legislation
On December 1, Ohio’s governor signed into law SB 54, which, under most circumstances, prohibits companies from knowingly transmitting Caller ID information that is either misleading or inaccurate through a telecommunication service or voiceover Internet protocol service. Among other things, the bill creates additional penalties for inaccurate caller ID, provides the Ohio attorney general the authority to file civil actions in state or federal court, provides state criminal penalties in certain instances, and requires entities that use a telephone number that is identified as “unknown” or “blocked” to leave voicemail messages and include the person's identity. The law is effective March 2, 2022.
New York reaches $1.2 million settlement with debt collectors
On November 16, the New York attorney general announced a settlement with an illegal debt collection scheme operation and its operator (collectively, “respondents”) to resolve allegations that the respondents used illegal tactics to collect consumer debt, which included false threats of criminal action, wage garnishment, driver’s license suspension, and lawsuits. According to the AG, the operator started his debt collection career collecting debts with a network of New York-based debt collectors that settled with the CFPB and New York AG in 2019 to resolve allegations that the defendants engaged in improper debt collection tactics in violation of the CFPA, the FDCPA, and various New York laws. (Covered by InfoBytes here.) Using different names, the operator allegedly continued to use deceptive and illegal threats to collect on consumer debts. In addition, the AG claimed the operator was a debt broker, “selling debts to and placing debts for collection with other collectors that engaged in egregious violations of the law.”
Under the terms of the settlement agreement, the respondents, among other things, must pay $1.2 million to the office of the AG in restitution and penalties and must dissolve all of the associated debt collection companies. The respondents are also permanently banned from engaging in consumer debt collection, consumer debt brokering, consumer lending, debt settlement, credit repair services, and payment processing.
Illinois AG, IDFPR settle with three payday lenders
On November 5, the Illinois attorney general and the Illinois Department of Financial and Professional Regulation (IDFPR) announced a settlement resolving allegations that three companies violated Illinois lending laws by generating payday loan leads without a license and arranging high-cost payday loans for out-of-state payday unlicensed lenders. The AG and IDFPR further alleged that the companies falsely represented their loan network as being “trustworthy,” although the loan terms and conditions did not comply with Illinois law, which violated the Illinois’ Consumer Fraud and Deceptive Business Practices Act. The AG sued the companies in 2014 after the companies refused to comply with a cease and desist order issued by IDFPR, which required them to become licensed. According to the announcement, under the terms of the settlement, the companies are prohibited from: (i) arranging or offering small-dollar loans, online or otherwise, without being licensed by IDFPR; (ii) advertising or offering any small consumer loan arrangements or lead generation services in Illinois, unless they are licensed by IDFPR; and (iii) providing services associated with arranging or offering small dollar loans to Illinois consumers without being licensed by IDFPR.
Kansas AG fines companies for unlawful data disposal
On November 1, the Kansas attorney general ordered three national companies that manage business documents to pay fines totaling nearly $500,000 for the alleged unlawful disposal of records containing consumers’ personal information. According to the Kansas AG, the companies violated the Kansas Consumer Protection Act and the Wayne Owen Act by repeatedly disposing of records in unsecured trash receptacles without “rendering the personal information unreadable or undecipherable.” By engaging in these actions, the AG stated, the companies failed to comply with the requirements that companies implement and maintain reasonable policies and procedures and exercise reasonable care to protect personal information from unauthorized access and use, and take reasonable steps to destroy records containing personal information when they are no longer needed. Under the terms of the consent judgments (see here, here, and here), the companies must pay the fine, implement measures to ensure the proper disposal of documents, conduct employee training on the proper handling and disposal of personal information, and evaluate their information security programs and policies to ensure personal information is protected.
California AG takes action against casino for AML violations
On November 5, the California attorney general filed an administrative accusation with the California Gambling Control Commission against a California casino for violating the Bank Secrecy Act’s (BSA) anti-money laundering provisions. The action, which follows a federal investigation, alleges that the casino “overlooked, neglected, or was willfully blind to accusations and actions taken against other casinos for violations of the BSA and for failing to maintain adequate Anti Money Laundering (AML) programs.” The casino had previously entered into a Non-Prosecution Agreement with the U.S. Attorney’s Office for the Central District of California, accepted responsibility for “failing to properly file reports for a foreign national who conducted millions of dollars in cash transactions at the casino,” and agreed to pay $500,000 and undergo an increased review of its AML compliance program to prevent future violations, according to a DOJ press release. The California AG now seeks to hold the casino and its owners responsible for state law violations.
District Court grants MTD in CFPB, NY AG debt collector case
On October 27, the U.S. District Court for the Western District of New York denied a motion to dismiss an action brought by the CFPB and the New York attorney general against the operators of a debt-collection scheme, rejecting the defendants’ argument that they did not have fraudulent intent and their actions were taken for legitimate reasons. As previously covered by InfoBytes in April, the CFPB and the AG filed a complaint against the defendants for allegedly transferring ownership of his $1.6 million home to his wife and daughter for $1 shortly after he received a civil investigative demand and learned that the Bureau and the AG were investigating his debt-collection activities. The complaint further alleged that the transfer of the property was a fraudulent transfer under the FDCPA and made with the intent to defraud (a violation of the New York Debtor and Creditor Law), and that the owner-defendant “removed and concealed assets in an effort to render the Judgment obtained by the Government Plaintiffs uncollectable.” In 2019 the Bureau and the AG settled with the debt collection operation to resolve allegations that the defendants established and operated a network of companies that harassed and/or deceived consumers into paying inflated debts or amounts they may not have owed (covered by InfoBytes here).
The court denied the defendants’ motion to dismiss, concluding that the CFPB and AG raised sufficient allegations that the debtor’s transfers and mortgage on his property were knowingly fraudulent. The court determined that fraudulent intent under the FDCPA may be determined by several factors, sometimes called “badges of fraud,” including whether “‘the transfer or obligation was to an insider,’ ‘the debtor retained possession or control of the property transferred after the transfer,’ ‘before the transfer was made or obligation was incurred, the debtor had been sued or threatened with suit,’ ‘the value of the consideration received by the debtor was reasonably equivalent to the value of the asset transferred or the amount of the obligation incurred,’ and ‘the transfer occurred shortly before or shortly after a substantial debt was incurred.’” The court held it was reasonable to infer that the defendant was aware “that he would likely face civil prosecution” and judgments “would be beyond his ability to pay.” The court noted that the defendant engaged in transferring a personally significant asset—his $1.6 million residence—to two insiders for nominal consideration, which was considered to be “highly unusual.” Additionally, the defendant alleged that he continued to “’reside at and exercise control over’ the property and is now unwilling or unable to pay off the judgment,” which indicated the conveyance was also part of a sham divorce. Further, the court noted that “the complaint plausibly alleges that the mortgage ‘was not granted in good faith’ and was ‘made with the intent to make it appear that the Property was encumbered.’”
9th Circuit denies bid to block Arizona’s dealer data privacy law
On October 25, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s order denying a motion for preliminary injunction against enforcement of an Arizona statute designed to strengthen privacy protections for consumers whose data is collected by auto dealers. Under the Dealer Law, database providers are prohibited from limiting access to dealer data by dealer-authorized third parties and are required to create a standardized framework to facilitate access. The plaintiffs—technology companies that license dealer management systems (DMS)—sued the Arizona attorney general and the Arizona Automobile Dealers Association in an attempt to stop the Dealer Law from taking effect. The plaintiffs contended that the Dealer Law is preempted by the Copyright Act because it gives dealers the right to access plaintiff’s systems and create unlicensed copies of its dealer management system, application programming interfaces, and data compilations. The plaintiffs further claimed the Dealer Law is a violation of the U.S. Constitution’s contracts clause.
On appeal, the 9th Circuit agreed that the plaintiffs were not entitled to a preliminary injunction. The appellate court concluded that the Dealer Law was not preempted by the Copyright Act, because, among other things, the plaintiffs could comply with the Dealer Law without having to create a new copy of its software to process third-party requests. Moreover, the 9th Circuit noted that even if the plaintiffs had to create copies of their DMS on their servers to process third-party requests, they failed to established that those copies would infringe their reproduction right, and the copies the plaintiffs took objection to “would be copies of its own software running on its own servers and not shared with anyone else.” The appellate court further held that the Dealer Law was not a violation of the U.S. Constitution’s contracts clause because, among other things, plaintiffs did not show that complying with the Dealer Law prevented them from being able to keep dealer data confidential. “Promoting consumer data privacy and competition plainly qualify as legitimate public purposes,” the appellate court wrote. “[Plaintiffs] point[] out that the Arizona Legislature did not make findings specifying that those were the purposes motivating the enactment of the statute, but it was not required to do so. The purposes are apparent on the face of the law.”
District Court approves non-party settlement in student debt-relief action
On October 20, the U.S. District Court for the Central District of California approved a settlement with two non-parties in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, alleging a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint asserted that the defendants violated the CFPA, the Telemarketing Sales Rule, and various state laws. Amended complaints (see here and here) also added new defendants and included claims for avoidance of fraudulent transfers under the FDCPA and California’s Uniform Voidable Transactions Act, among other things. A stipulated final judgment and order was entered against the named defendant in July (covered by InfoBytes here), which required the payment of more than $35 million in redress to affected consumers, a $1 civil money penalty to the Bureau, and $5,000 in civil money penalties to each of the three states. The court also previously entered final judgments against several of the defendants, as well as a default judgment and order against two other defendants (covered by InfoBytes here, here, here, and here). The most recent settlement resolves a dispute between a court-appointed receiver and the two non-parties. The settlement requires the non-parties to pay $675,000 to the receiver.
States, consumer advocates urge agencies to explicitly disavow rent-a-bank schemes
On October 18, consumer advocates and several state attorneys general and financial regulators responded to a request for comments issued by the OCC, Federal Reserve Board, and the FDIC on proposed interagency guidance designed to aid banking organizations in managing risks related to third-party relationships, including relationships with fintech-focused entities. (See letters here and here.) As previously covered by InfoBytes, the proposed guidance addressed key components of risk management, such as (i) planning, due diligence and third-party selection; (ii) contract negotiation; (iii) oversight and accountability; (iv) ongoing monitoring; and (v) termination. Consumer advocates and the states, however, expressed concerns that the agencies’ proposed guidance does not “highlight the significant risks associated with high-cost lending involving third-party relationships,” and does not include measures to prevent banks from entering into nonbank lending partnerships (e.g. “rent-a-bank schemes”).
According to the consumer advocates’ letter, the agencies’ guidance “should unequivocally declare that it is inappropriate for a bank to rent out its charter to enable attempted avoidance of state consumer protection laws, in particular interest rate and fee caps, or state oversight through licensing regimes.” The consumer advocates stated that they are aware of six FDIC-supervised banks involved in rent-a-bank schemes with nonbank lenders making allegedly illegal high-cost loans, and urged the FDIC to take immediate, “overdue” action to put an end to them. Among other things, the consumer advocates said the new guidance should explicitly specify: (i) that a bank’s involvement in lending that exceeds state interest rate limits with a nonbank is a “critical activity”; (ii) that lending partnerships involving loans exceeding a fee-inclusive 36 percent annual percentage rate (APR) “pose especially high risks”; and (iii) that in instances where a loan exceeds the Military Lending Act’s 36 percent APR, the federal banking supervisor will directly examine the third-party partner and charge the bank for the cost of the examination.
The states wrote in their letter that “experience teaches us that, in the absence of an explicit disavowal of rent-a-bank schemes, the [p]roposed [g]uidance invites continued abuse of banks’ interest exportation rights, to the considerable detriment of state regulation, consumer protection, and banks’ safety and soundness.” The states strongly encouraged the agencies to “explicitly disavow rent-a-bank schemes.”
New York takes action on cryptocurrency lending platforms
On October 18, the New York attorney general ordered two unregistered cryptocurrency lending platforms to immediately cease their activities in the state and directed three additional platforms to provide information about their activities and products. The AG clarified that most virtual currency lending products “fall squarely within any of several categories of ‘security’ under the Martin Act,” and therefore platforms must comply with the Martin Act’s registration requirements unless exempt. According to the AG, the virtual currency lending products identified in these actions “promise a fixed or variable rate of return to investors, and claim to deliver those returns by, among other things, trading with, or further lending those virtual assets.” As such, the products are securities under the Martin Act, particularly those that accept virtual currencies in exchange for a rate of return. The press release provided a redacted version of a cease letter sent to one of the two unregistered platforms, which stated that platforms engaging in unregistered activity have committed a fraudulent practice under the Martin Act and may face civil remedies. The platform is ordered to cease the alleged activity within 10 days or explain why the AG should not take further action. A different redacted letter requested information about the recipient’s products, where it operates, how the platform uses deposited virtual currency, whether U.S. dollars can be deposited or withdrawn from the platform, all financial institutions that are used, and whether the companies accept tethers, among other things. The letter also requested examples of agreements, contracts, and risk disclosures, as well as due diligence policies and procedures. These letters follow other actions taken recently by the AG against cryptocurrency trading platforms and token issuers (see e.g. InfoBytes here and here).