InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
AGs support FTC disgorgement authority
On June 28, a coalition of 28 state attorneys general sent a letter to Congress in support of H.R. 2668, the Consumer Protection and Recovery Act. The bill would give the FTC authority to seek restitution and disgorgement, among other equitable remedies, for consumer protection and antitrust violations in federal court without first going through a lengthy administrative process. As previously covered by InfoBytes, in April, the U.S. Supreme Court unanimously reversed the U.S. Court of Appeals for the Ninth Circuit’s decision in AMG Capital Management v. FTC, holding that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement.” The ruling reversed a $1.3 billion restitution award in a case alleging that payday loan companies had deceived and overcharged customers. The coalition urged lawmakers to reinstate the “essential tools that the FTC needs to combat fraud and anticompetitive conduct and protect an honest marketplace.”
CFPB, Georgia AG allege debt-relief violations
On June 29, the CFPB announced a stipulated final judgment and order against a financial services company and its owners for allegedly deceiving consumers into hiring the company. According to the complaint filed in the U.S. District Court for the Northern District of Georgia with the Georgia attorney general, the defendants violated the Telemarketing and Consumer Fraud and Abuse Prevention Act, the Telemarketing Sales Rule, the Consumer Financial Protection Act, and Georgia’s Fair Business Practices Act by using telemarketing practices to deceptively induce consumers to hire the company, by, among other things, falsely promising to help them: (i) reduce their credit card debts by advertising to potential customers through direct mailers; and (ii) improve consumers’ credit scores by claiming they could restore their credit scores and that they had a “credit restoration team.” In addition, the defendants “collected millions of dollars in advance fees, claiming that it provided a ‘debt validation’ program that used the debt-verification process set forth in the [FDCPA] to invalidate and eliminate debt and improve consumers’ credit record, history, or rating.” Under the terms of the order, the defendants are banned from the telemarketing of any consumer financial product and selling financial advisory, debt relief, or credit repair services. The defendants must also pay a fine of $150,001, $15,000 of which will be remitted to the state of Georgia, and a penalty of approximately $30 million in consumer redress (full payment of which may be suspended if certain conditions are met).
State AGs argue FDIC’s “valid-when-made rule” violates APA
On June 17, eight state attorneys general (from California, Illinois, Massachusetts, Minnesota, New Jersey, New York, North Carolina, and the District of Columbia) filed an opposition to the FDIC’s motion for summary judgment and reply in support of their motion for summary judgment in a lawsuit challenging the FDIC’s “valid-when-made rule.” As previously covered by InfoBytes, last August the AGs filed a lawsuit in the U.S. District Court for the Northern District of California arguing, among other things, that the FDIC does not have the power to issue the rule, and asserting that the FDIC has the power to issue “‘regulations to carry out’ the provisions of the [Federal Deposit Insurance Act]” but not regulations that would apply to non-banks. The AGs also claimed that the rule’s extension of state law preemption would “facilitate evasion of state law by enabling ‘rent-a-bank’ schemes,” and that the FDIC failed to explain its consideration of evidence contrary to its assertions, including evidence demonstrating that “consumers and small businesses are harmed by high interest-rate loans.” The complaint asked the court to declare that the FDIC violated the Administrative Procedures Act (APA) in issuing the rule and to hold the rule unlawful. The FDIC countered in May (covered by InfoBytes here) that the AGs’ arguments “misconstrue” the rule, which “does not regulate non-banks, does not interpret state law, and does not preempt state law.” Rather, the FDIC argued that the rule clarifies the FDIA by “reasonably” filling in “two statutory gaps” surrounding banks’ interest rate authority.
In response, the AGs argued that the rule violates the APA because the FDIC’s interpretation in its “Non-Bank Interest Provision” (Provision) conflicts with the unambiguous plain-language statutory text, which preempts state interest-rate caps for federally insured, state-chartered banks and insured branches of foreign banks (FDIC Banks) alone, and “impermissibly expands the scope of § 1831d to preempt state rate caps as to non-bank loan buyers of FDIC Bank loans.” Additionally, the AGs challenged the FDIC’s claim that its Provision “does not implicate rent-a-bank schemes or the true lender doctrine because the Provision only applies ‘if a bank actually made the loan,’” emphasizing that the FDIC’s “mere statement that it does not condone rent-a-bank schemes” is insufficient and that “choosing to not address true-lender issues is an insufficient response to comments that the Provision creates significant uncertainty about those issues.” Moreover, the AGs claimed that the Provision is “arbitrary and capricious” and fails to meaningfully address valid concerns and criticisms raised by commenters, and that the rule constitutes “in substance if not form, a reversal of the FDIC’s previous stance” that the FDIC is “obligated to acknowledge and explain.”
FTC tackles illegal pyramid scheme
On June 16, the FTC and the Arkansas attorney general filed a complaint against the operators of a “blessing loom” investment program (defendants), alleging that they acted as an illegal pyramid scheme that bilked millions of dollars from thousands of consumers. The joint complaint alleges that the defendants violated the FTC Act, Consumer Review Fairness Act, and the Arkansas Deceptive Trade Practices Act by: (i) participating in a pyramid scheme, which constitutes a deceptive act; (ii) prohibiting the ability of an individual to engage in a covered communication; and (iii) falsely representing goods and services. The complaint alleges that the defendants lured people into enrolling in their program by falsely guaranteeing investment returns as high as 800 percent, with some members allegedly paying as much as $62,700 to participate in the program. In addition, the defendants allegedly, among other things, (i) targeted Black communities and stated in the “[program’s] Bible,” which contains program membership bylaws, that all program members must, with no exceptions, be of African-American descent; (ii) targeted financially distressed consumers; (iii) falsely claimed the program provided “a means to achieve financial freedom and generational wealth”; (vi) attempted to hide their illegal activity from law enforcement and payment processors by forbidding certain payment applications to be used by members; and (v) prohibited members from publishing material related to the program online, such as comments and reviews. The complaint seeks to permanently enjoin the defendants’ illegal operation and requests that the court award redress for injured consumers. The complaint also seeks to impose civil penalties on the defendants under Arkansas state law.
NYDFS, state AGs offer recommendations on climate disclosures to SEC
On June 14, NYDFS and a coalition of 12 state attorneys general led by the California attorney general submitted separate letters (see here and here) in response to a request for input by Acting SEC Chair Allison Herren Lee, providing recommendations on disclosing information on climate change risks that entities are facing. Among other things, NYDFS recommends that the SEC: (i) make disclosures reliable, balanced, understandable, consistent over time, comparable among institutions within a sector, and provided in a timely manner; (ii) provide disclosure of the corporate governance and board oversight relating to climate-related issues and risks, such as policies, procedures, internal controls, and management information systems; (iii) disclose how an institution identifies, assesses, monitors, and manages climate-related risks and how such risks are integrated; and (iv) encourage agencies to take an equitable approach “that reflects each institution’s exposure to climate risks and the nature, scale, size, and complexity of its business.” NYDFS notes that “[d]eveloping and managing standards related to the disclosure of risks related to climate change requires collaboration among state and federal regulators and the industries that they regulate.”
The AGs advise the SEC to require that private and public companies analyze climate change-related risks altering their businesses and disclose that information, asserting that the current disclosure requirements under the SEC are insufficient. The letter includes recommendations, such as requiring SEC-regulated firms to (i) make annual disclosures of their greenhouse gas emissions and any plans to address their emissions; (ii) evaluate and disclose the potential impacts of climate change and climate change regulation; and (iii) disclose corporate governance and risk management practices as they relate to climate change.
District Court approves new settlement in student debt-relief action
On June 15, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against one of the defendants in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney in 2019, which alleged a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint alleged that the defendants violated the Consumer Financial Protection Act, the Telemarketing Sales Rule, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the complaint asserts the defendants engaged in deceptive practices by misrepresenting (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness; and (iii) their ability to actually lower borrowers’ monthly payments.
The finalized settlement issued against the relief defendant—who acted in an individual capacity and also as trustee of a trust, and who neither admits nor denies the allegations—requires the liquidation of certain assets up to but not exceeding $3 million as monetary relief to go to the CFPB and the People of the State of California. If the liquidation value of the asset is less than $3 million, the relief defendant “will be additionally liable for the difference between the liquidation value of the [asset] and $3,000,000, up to but not exceeding $500,000.” The relief defendant is also liable to all plaintiffs for $88,381.80. In addition, the relief defendant must comply with certain reporting and recordkeeping requirements and fully cooperate with the plaintiffs.
The court previously entered final judgments against four of the defendants, as well as a default judgment and order against two other defendants (covered by InfoBytes here and here). Orders have yet to be entered against the remaining defendants.
Washington AG announces settlement with debt collection agency
On June 8, the Washington attorney general announced a settlement with a Colorado-based collection agency for alleged unlawful debt collection practices in violation of Washington’s Consumer Protection Act and Collection Agency Act, including assessing fees and costs on consumers even when no funds were captured in the garnishment, operating without a license for over a year, and failing to provide legally required garnishment exemptions to state residents. Under the terms of the consent decree, the debt collection agency must pay back approximately $475,000 in restitution to as many as 5,000 state residents and forgive up to $250,000 in fees and costs to resolve the lawsuit. The debt collection agency must also pay $414,000 to the AG’s office for the cost of the investigation and to fund the ongoing work of the office’s Consumer Protection Division. In addition to paying the fines, the agency is also required to: (i) discontinue assessing fees on consumers from whom the company has not collected funds; (ii) provide legally required garnishment exemptions to consumers; and (iii) incorporate legally required evidence when submitting garnishment judgment applications to the court.
FDIC counters states’ challenge to “valid-when made” rule
On May 20, the FDIC filed a motion for summary judgment in response to a challenge brought by eight state attorneys general to the FDIC’s valid-when-made rule. As previously covered by InfoBytes, the FDIC’s final rule clarifies that, under the Federal Deposit Insurance Act (FDIA), whether interest on a loan is permissible is determined at the time the loan is made and is not affected by the sale, assignment, or other transfer of the loan. The AGs filed a lawsuit last year (covered by InfoBytes here) arguing, among other things, that the FDIC does not have the power to issue the rule, and asserting that while the FDIC has the power to issue “‘regulations to carry out’ the provisions of the FDIA,” it cannot issue regulations that would apply to nonbanks. The AGs also claimed that the rule’s extension of state law preemption would “facilitate evasion of state law by enabling ‘rent-a-bank’ schemes,” and that the FDIC failed to explain its consideration of evidence contrary to its assertions, including evidence demonstrating that “consumers and small businesses are harmed by high interest-rate loans.”
The FDIC countered that the AGs’ arguments “misconstrue” the rule, which “does not regulate non-banks, does not interpret state law, and does not preempt state law.” Rather, the FDIC argued that the rule clarifies the FDIA by “reasonably” filling in “two statutory gaps” surrounding banks’ interest rate authority. “The rule, which enjoys widespread support from the banking industry, represents a reasonable interpretation of [the FDIA], and should be upheld under Chevron’s familiar two-step framework,” the FDIC stated. Moreover, the FDIC contended, among other things, that the rule is appropriate because the FDIA does not address at what point in time the validity of a loan’s interest rate should be determined and is “silent” about what effect a loan’s transfer has on the validity of the interest rate. The FDIC also challenged the AGs’ argument that it is improperly trying to regulate non-banks, pointing out that the rule “regulates the conduct and rights of banks when they sell, assign, or transfer loans” and that “any indirect effects the rule has on non-banks do[es] not place the rule outside the agency’s authority.”
Colorado sues PSLF student loan servicer
On May 26, the Colorado attorney general filed a complaint against a Pennsylvania-based student loan servicer that handles the Public Service Loan Forgiveness (PSLF) program, alleging the servicer failed to comply with state law when asked to provide certain documentation. Under the Colorado Student Loan Servicers Act (SLSA), the state is “authorized to conduct examinations and investigations of student loan servicers that are servicing student education loans owned by residents of Colorado.” The SLSA also allows the state to enforce compliance by bringing a civil action to prevent servicers from violating the SLSA and to obtain other appropriate relief. According to the AG’s press release, the state requested information related to the servicer’s handling of the PSLF program during the Covid-19 pandemic. The servicer allegedly refused to produce the requested materials and only provided certain limited documents regarding non-government owned loans related to its business line. The complaint seeks a preliminary and permanent injunction compelling the servicer to comply with the AG’s oversight authority and provide the requested documentation.
New York AG reaches agreement with online retailer to resolve data breach
On May 18, the New York attorney general announced an agreement with an online water filtration retailer to resolve an investigation into a 2019 data breach that allegedly compromised the sensitive personal information of roughly 324,000 customers. According to the AG, the data breach impacted the retailer’s website for nearly a year, and compromised information including credit card holders’ names, billing addresses, expiration dates, and security codes. The data breach occurred after attackers exploited a known vulnerability in the retailer’s online checkout process that the retailer had not patched. After a credit card payment system management company notified the retailers of suspicious activity, the retailer conducted an internal investigation that “erroneously concluded” that no breach had occurred. After additional reports of compromise, a credit card company asked the retailer to hire a forensic investigator to review the retailer’s systems, and it was this forensic investigation that ultimately discovered “conclusive evidence” of the breach.
Under the terms of the assurance of discontinuance, the retailer is required to pay a $200,000 fine, half of which is suspended unless the retailer is found to have “materially misstated its financial condition.” In addition, the retailer is required to adopt several security measures, including (i) creating a comprehensive information security program; (ii) designing an incident response and data breach notification plan to encompass “preparation, detection and analysis, containment, eradication, and recovery”; (iii) incorporating personal information safeguards and controls, “including encryption, segmentation, penetration testing, logging and monitoring, virus protection policy, custom application code change reviews, authentication policy and procedures, management of service providers, and patch management”; and (iv) agreeing to conduct third-party security assessments over the next five years.