InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS, New York Attorney General reach $9 million settlement with student loan servicer
On January 4, NYDFS and the New York Attorney General announced a joint $9 million settlement with a national student loan servicer to resolve allegations that the servicer, among other things, deceived student loan borrowers about their repayment options and steered them into higher-cost repayment plans. According to a press release issued by the Attorney General’s office, the servicer “steered distressed borrowers away from available income-based repayment plans towards other, more expensive options, thus costing them money and increasing their risk of default.” Additionally, the consent order alleges that the servicer misinformed borrowers—including servicemembers—about their repayment options, such as telling borrowers they were not eligible for Public Service Loan Forgiveness plans when they may have qualified after consolidating their loans. Furthermore, the servicer allegedly (i) improperly processed applications for income-based repayment; (ii) allocated underpayment for certain borrowers to maximize late fees; (iii) improperly processed payments; (iv) failed to accurately report information to credit reporting agencies; (v) failed to “properly recalculate monthly payments for servicemembers when adjusting their interest rates under the Servicemembers’ Civil Relief Act”; (vi) charged improper late fees; and (vii) did not provide borrowers notification of their eligibility for a co-signer release.
The servicer, while neither admitting nor denying the findings alleged by NYDFS and the Attorney General, has agreed to pay $8 million in restitution to New York borrowers and a $1 million fine. Moreover, the servicer has agreed to stop servicing private and federal loans—with the exception of Perkins Loans—over the next five years.
State Attorneys General fine national bank $575 million for incentive compensation, mortgage and auto lending practices
On December 28, a national bank reached a $575 million multistate settlement with 50 states and the District of Columbia. Among other things, the settlement resolves allegations that have been the subject of previous litigation concerning the bank’s incentive compensation sales program (covered by InfoBytes here), as well as allegations involving certain practices related to mortgage rate-lock extension fees, auto loan force-placed insurance policies, and guaranteed asset/auto protection products. As previously covered by InfoBytes, the bank reached a settlement last year with the CFPB and the OCC to resolve allegations concerning its auto and mortgage lending practices, which were previously discontinued and for which voluntary consumer remediation was initiated by the bank.
Massachusetts Attorney General settles with payment processor over data breach claims
On December 19, the Massachusetts Attorney General announced a $155,000 settlement with a California-based payment processor resolving allegations that the company exposed consumers’ personal information online in violation of consumer protection and data security laws. According to the announcement, the company employees accidently removed password protections from public-facing websites, which exposed consumers’ personal data, such as bank account and social security numbers, addresses, and driver’s license numbers. The Attorney General’s investigation claims that company employees appeared to know of the vulnerability for a year before fixing it. Under the terms of the settlement, the company has agreed to comply with Massachusetts laws and is required to (i) maintain a chief information security officer; (ii) conduct employee training on data security; and (iii) “assess and update information security policies relating to changes to its systems and to external vulnerabilities.”
House Democrats urge Kraninger to resume MLA examinations
On December 14, Maxine Waters (D-CA) and 22 other House Democrats issued a letter urging the new CFPB Director, Kathy Kraninger, to resume supervisory examinations of the Military Lending Act (MLA). As previously covered by InfoBytes, according to reports citing “internal agency documents,” the Bureau ceased supervisory examinations of the MLA, contending the law does not authorize the Bureau to examine financial institutions for compliance with the MLA. In response, a bipartisan coalition of 33 state Attorneys General sent a letter to then acting Director, Mick Mulvaney, expressing concern over the decision (covered by InfoBytes here).
The letter from Waters, who is expected to be the next chair of the House Financial Services Committee, and the other 22 Democratic members of the Committee, argues that “there is no question the [CFPB] has the authority and the responsibility to supervise its regulated entities for compliance with the MLA.” As support, the letter cites to the Bureau’s authority to oversee a “wide range of regulated entities,” the establishment of the Bureau’s Office of Servicemember Affairs, and the 2013 amendments to the MLA, which gave the Bureau the authority to enforce the act. The letter also points to the Bureau’s work obtaining $130 million in relief for servicemembers, veterans, and their families through enforcement actions, as well as the 109 complaints the Bureau has received from military consumers since 2011.
New York Attorney General settles with five companies over mobile app security failures
On December 14, the New York Attorney General announced settlements with five companies, including a global payment processor, a credit reporting agency, and a credit score company, whose mobile apps allegedly failed to secure sensitive user data. As part of the Attorney General’s initiative to uncover vulnerabilities before a data breach, the office tested dozens of mobile apps that handled consumer information such as credit card and bank account numbers. After testing, the Attorney General determined that certain versions of the five companies’ apps failed to properly authenticate the “SSL/TLS” certificates, which are used to verify the computer’s identity attempting to establish a connection to the mobile device. According to the Attorney General, this failure could allow an attacker to impersonate the companies’ servers and intercept information, including credit card information, entered into the app by the user. The settlement requires the companies to implement a comprehensive security program to protect their users’ information.
Court grants summary judgment in favor of FTC and Florida State Attorney General in debt relief scam case
On December 10, the U.S. District Court for the Middle District of Florida granted the FTC and the Florida attorney general’s motion for summary judgment against an individual accused of participating in a scheme that allegedly targeted financially distressed consumers through illegal robocalls selling bogus credit card debt relief services and interest rate reductions. According to a 2016 complaint, several interrelated companies and the founder of such companies (defendants), among other things, allegedly violated the FTC Act, the Telemarketing Sales Rule, and the Florida Deceptive and Unfair Trade Practices Act by (i) claiming to be “licensed enrollment center[s]” for major credit card networks with the ability to work with a consumer’s credit card company or bank to substantially and permanently lower credit card interest rates; (ii) charging up-front payments for debt relief and rate-reduction services; and (iii) pitching credit card debt-elimination services, claiming the defendants could access money from a government fund to pay off consumers’ credit card debt in 18 months, when in actuality, no such government fund existed. In some cases, the defendants instructed consumers to stop paying their credit-card bills, resulting in “significant harm in the form of reduced creditworthiness, higher interest rates on their existing credit-card debt, and higher overall credit-card debt due to the accrual of late fees and interest charges.”
The court entered a permanent injunction ordering the defendant founder of the companies involved to pay over $23 million in equitable monetary relief. The order also permanently restrains and enjoins such defendant from, among other things, participating—whether directly or indirectly—in (i) telemarketing; (ii) advertising, marketing, selling, or promoting any debt relief products or services; or (iii) misrepresenting material facts.
Illinois Attorney General settles with bank over pre-crisis marketing and sale of RMBS
On December 4, the Illinois Attorney General announced a $17.25 million settlement with a national bank resolving allegations of misconduct in the marketing and sale of residential mortgage backed securities (RMBS) dating back to before the 2008 mortgage crisis. According to the announcement, the bank’s $17.25 million settlement will be distributed to the Teachers Retirement System of the State of Illinois, the State Universities Retirement System of Illinois, and the Illinois State Board of Investment. Additional details on the settlement have not been made available by the state.
Virginia Attorney General joins bipartisan coalition to stop or reduce robocalls
On December 6, Virginia Attorney General Mark Herring announced he is joining a bipartisan group of 40 state Attorneys General to stop or reduce “annoying and dangerous” robocalls. The multistate group is reviewing, through meetings with several major telecom companies, the technology the companies are pursuing to combat robocalls. According to the announcement, the working group’s goals are to (i) develop an understanding of the technology that is feasible to combat unwanted robocalls; (ii) encourage the major telecom companies to expedite a technological solution for consumers; and (iii) determine if the states should make further recommendations to the FCC. As previously covered by InfoBytes, in October, a group of 35 Attorneys General, including Herring, submitted reply comments to the FCC in response to a public notice seeking ways the FCC could create rules that would enable telephone service providers to block more illegal robocalls. In their comments to the FCC, the coalition encouraged the FCC to implement rules and additional reforms that go beyond the agency’s 2017 call-blocking order, which allows phone companies to proactively block illegal robocalls originating from certain types of phone numbers.
Coalition of state Attorneys General announce settlement to resolve allegations concerning debt buyers’ collection and litigation practices
On December 4, the North Carolina Attorney General, along with 41 other state Attorneys General and the District of Columbia, announced a $6 million settlement with a national group of debt buyers to resolve allegations concerning the debt buyers’ collection and litigation practices. According to the press release, the debt buyers allegedly engaged in robo-signing practices by signing and filing large quantities of affidavits in state courts without first verifying the provided information. Under the terms of the settlement, the debt buyers have agreed to (i) completely eliminate or reduce the judgment balances for affected consumers in the participating states; (ii) reform their business practices by carefully verifying the information in affidavits for the courts and present accurate documents in court proceedings; (iii) review original account documents and provide substantiating documentation to consumers free of charge when a consumer disputes a debt; (iv) “maintain proper oversight and training over its employees and the law firms that it uses”; and (v) refrain from reselling debt for two years.
New York Attorney General reaches largest ever COPPA settlement to resolve violations of children’s privacy
On December 4, the New York Attorney General announced the largest Children’s Online Privacy Protection Act (COPPA) settlement in U.S. history—totaling approximately $6 million —to resolve allegations with a subsidiary of a telecommunications company that allegedly conducted billions of auctions for ad space on hundreds of websites it knew were directed to children under the age of 13. According to the Attorney General’s office, the subsidiary collected and disclosed personal data on children through auctions for ad space, allowing advertisers to track and serve targeted ads to children without parental consent. Under COPPA, operators of websites and other online services are prohibited from collecting or sharing the information of children under the age of 13 unless they give notice and have express parental consent. Among other things, the subsidiary also allegedly placed ads on other exchanges that possessed the capability to auction ad space on child-directed websites, but that when it won ad space on COPPA-covered websites, the subsidiary treated the space as it would any other and collected user information to serve targeted ads.
Under the terms of the settlement, the subsidiary must (i) create a comprehensive COPPA compliance program, which requires annual COPPA training for staff, regular compliance monitoring, and the retention of service providers that can comply with COPPA, as well as a third party who will assess the privacy controls; (ii) enable website operators that sell ad inventory to indicate what portion of a website is subject to COPPA; and (iii) destroy the personal data it collected on children.