InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Republicans seek to overturn CFPB small-biz lending rule; Georgia AG says rule is unnecessary and burdensome
Recently, several House Republicans introduced a joint resolution of disapproval (H.J. Res. 66) under the Congressional Review Act to overturn the CFPB’s small business lending rule. As previously covered by InfoBytes, last month the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act. Effective August 29, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses (defined as an entity with gross revenue under $5 million in its last fiscal year). Both traditional banks and credit unions, as well as non-banks, will be required to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
Also opposing the final rule, Georgia Attorney General Christopher M. Carr sent a letter to CFPB Director Chopra requesting that the final rule be rescinded. Carr argued that the final rule places an unnecessary and expensive burden on financial institutions, and that “[w]ith the current uneasiness in the market and a plethora of other challenges facing community banks, now is not the time to require them to gather more information that has absolutely nothing to do with the process of evaluating which applicants are the strongest and most deserving of capital.” Carr further contended that if lending discrimination is a “rampant problem,” the Bureau should use channels already in place to address this issue. Pointing out that states already have their own consumer protection and anti-discrimination statutes in place, Carr argued that the final rule imposes redundant compliance requirements on financial institutions, particularly community banks. Carr asked the Bureau to “allow states to continue to address lending issues as they occur, rather than saddling small businesses with burdensome regulations.”
Additionally, in April, a group of plaintiffs, including a Texas banking association, filed a lawsuit against the Bureau seeking to invalidate the final rule. (Covered by InfoBytes here.) Plaintiffs argued that the final rule will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses.
New Jersey says realty company misled consumers about homeowner program
On June 6, the New Jersey attorney general and the New Jersey Division of Consumer Affairs filed an action against a realty company and its principals (collectively, “defendants”) for allegedly violating the state’s Consumer Fraud Act by making deceptive misrepresentations about its “Homeowner Benefit Program” (HBP). Concurrently, the New Jersey Real Estate Commission in the Department of Banking and Insurance filed an order to show cause alleging similar misconduct and taking action against the real estate licenses belonging to the company and certain related individuals.
According to the complaint, the defendants’ HBP was marketed to consumers as a low-risk opportunity to obtain quick, upfront cash between $300 and $5000 in exchange for giving defendants the right to act as their real estate agents if they sold their homes in the future. The HBP was not marketed as a loan and consumers were told they were not obligated to repay the defendants or to ever sell their home in the future. However, the press release alleged that the HBP functions as a high-interest mortgage loan giving the defendants the right to list the property for 40 years, and that the loan survives the homeowner’s death and levies a high early termination fee against the homeowners. The complaint further charged the defendants with failing to disclose the true nature of the HBP and failing to present the terms upfront. Moreover, in order to sell the HBP, the defendants allegedly placed unsolicited telephone calls to consumers despite not being licensed as a telemarketer in New Jersey. The complaint seeks an order requiring defendants to discharge all liens against homeowners, pay restitution and disgorgement, and pay civil penalties and attorneys’ fees and costs.
The order to show cause alleges violations of the state’s Real Estate License Act and requires defendants to show why their real estate licenses should not be suspended or revoked, as well as why fines or other sanctions, such as restitution, should not be imposed. Defendants have agreed to cease any attempt to engage New Jersey consumers in an HBP agreement pending resolution of the order to show cause.
FTC seeks to work with states on combatting fraud
On June 7, the FTC announced it is soliciting public comments on how the Commission can work more effectively with state attorneys general to prevent and inform consumers about potential fraud. The FTC said in its announcement that the agency and the AGs share a common mission to protect the public from “deceptive or unfair business practices and from unfair methods of competition through law enforcement, advocacy, research, and education.” The request for public comments comes as a result of the FTC Collaboration Act of 2021 (the “Act”), which requires the Commission to not only solicit public comments, but also to consult directly with interested stakeholders. Signed into law last year, the Act directs the FTC to conduct a study on how to streamline and leverage the relationship between the Commission and the AGs to better protect Americans from fraud and hold those committing malicious acts accountable. The FTC requests comments specifically regarding: (i) the roles and responsibilities of the Commission and AGs that best advance collaboration and consumer protection; (ii) how resources should be dedicated to further such collaboration and consumer protection; and (iii) the accountability mechanisms that should be implemented to promote collaboration and consumer protection between the FTC and AGs.
The completed report will be submitted to the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science, and Transportation. Comments are due 60 days after publication in the Federal Register.
New York reaches settlement with medical management company over patient data
On May 23, the New York attorney general announced a settlement with a medical management company, for allegedly failing to protect over 428,000 New Yorkers’ personal and health data from a 2020 ransomware cyberattack affecting roughly 1.2 million consumers nationwide. According to the AG’s investigation, the company implemented a new version of its software in January 2019, but allegedly failed to conduct a series of security tests and scans that could have identified any security problems. Further, the private information maintained by the company was not encrypted. Notably, information for 13 consumers was apparently discovered on the dark web days after the hack. The investigation concluded that the company, amongst the 28 areas where they failed to maintain reasonable data security practices to protect patients’ private and health information, allegedly failed to maintain appropriate patch management processes, conduct regular security testing of its systems, and encrypt the personal information on its servers. Under the terms of the assurance of discontinuance, the company, while neither admitting or denying the allegations, agreed to pay $550,000 in penalties, and will improve its data security practices and offer affected customers free credit monitoring services.
Texas amends breach notification requirements
On May 27, the Texas governor signed SB 768 to amend the state’s data breach notification statutes. The Act requires entities to notify the attorney general “as soon as practicable” and not later than 30 days after the date a computerized security system breach occurs involving at least 250 Texas residents. The Act now details that notification must be submitted electronically using a form accessible through the attorney general’s website. No substantive changes were made to the required information within the form. The Act is effective September 1.
Fintech fined over interest charges billed as tips and donations
A California-based fintech company recently entered separate consent orders with California, Connecticut, and the District of Columbia to resolve allegations claiming it disguised interest charges as tips and donations connected to loans offered through its platform. The company agreed to (i) pay a $100,000 fine in Connecticut and reimburse Connecticut borrowers for all loan-related tips, donations, and fees paid; (ii) pay a $30,000 fine in the District of Columbia, including restitution; and (iii) pay a $50,000 fine in California, plus refunds of all donations received from borrowers in the state. The company did not admit to any violations of law or wrongdoing.
The Connecticut banking commissioner’s consent order found that the company engaged in deceptive practices, acted as a consumer collection agency, and offered, solicited, and brokered small loans for prospective borrowers without the required licensing. The company agreed that it would cease operations in the state until it changed its business model and practices and was properly licensed. Going forward, the company agreed to allow consumers to pay tips only after fully repaying their loans. The consent order follows a temporary cease and desist order issued in 2022.
A consent judgment and order reached with the D.C. attorney general claimed the company engaged in deceptive practices by misrepresenting the cost of its loans and by not clearly disclosing the true nature of the tips and donations. The AG maintained that the average APR of these loans violated D.C.’s usury cap. The company agreed to ensure that lenders accessing the platform are unable to see whether a consumer is offering a tip (or the amount of tip) and must take measures to make sure that withholding a tip or donation will not affect loan approval or loan terms. Among other actions, the company is also required to disclose how much lenders can expect to earn through the platform.
In the California consent order, the Department of Financial Protection and Innovation (DFPI) claimed that the majority of consumers paid both a tip and a donation. A pop-up message encouraged borrowers to offer the maximum tip in order to have their loan funded, DFPI said, alleging the pop-up feature could not be disabled without using an unadvertised, buried setting. These tips and/or donations were not included in the formal loan agreement generated in the platform, nor were borrowers able to view the loan agreement before consummation. According to DFPI, this amounted to brokering extensions of credit without a license. Additionally, the interest being charged (after including the tips and donations) exceeded the maximum interest rate permissible under the California Financing Law, DFPI said, adding that by disclosing that the loans had a 0 percent APR with no finance charge, they failed to comply with TILA.
Pennsylvania reaches $11 million settlement with rent-to-own company
On May 15, the Pennsylvania attorney general announced a $11.4 million settlement with a rent-to-own lender and its subsidiaries accused of engaging in predatory practices targeting low-income borrowers and employing deceptive collection practices. According to the AG, the lender disguised one-year rent-to-own agreements as “100-Day Cash Payoffs” and then concealed the balances owed. The AG maintained that consumers were locked into binding 12-month agreements that included high leasing fees (equal to 152 percent APR interest). The AG explained that consumers entitled to restitution and relief “had already satisfied the cash price, the sales tax on the cash price, and the processing fees associated with their purchase – yet still owed [the lender] a balance.” Additionally, the AG accused the lender of using a web-based portal for creating and signing contracts, which made it easy for persons other than the consumer to sign the agreements.
The order requires the lender to pay $7.3 million in restitution that will be distributed to affected consumers, $200,000 in civil penalties, and $750,000 in costs to be paid to the AG to be used for public protection and education purposes. Additionally, the lender is required to reduce the balances of delinquent lease-to-own accounts for certain rental purchase agreements, resulting in a $3.15 million aggregate reduction in balances. The lender has also agreed to, among other things, not represent or imply that failure to pay a debt owed or alleged to be owed “will result in the seizure, attachment or sale of any property that is the subject of the debt unless such action is lawful” or that the lender’s subsidiary intends to take such actions. The lender is also prohibited from collecting any amount, including interest, fees, charges, or expenses incidental to the principal obligation, unless the amount is expressly authorized by the agreement creating the obligation or permitted by law. Furthermore, the lender’s subsidiaries must clearly and conspicuously disclose customer balances during servicing calls and through a customer portal.
Crypto company settles NY AG’s hidden-fee claims
On May 18, the New York attorney general announced a settlement with a Brooklyn-based cryptocurrency company to resolve claims that it charged investors “exorbitant and undisclosed fees” to store cryptocurrency in an account that was advertised as being free on its website. The fees charged to investors to use its wallet storage were allegedly so high that they completely cleaned out investors’ accounts, the AG said. The company agreed to the AG’s findings that it regularly charged and increased fees without properly notifying investors. According to the AG’s investigation, the company changed the wallet storage fee structure four times without clearly disclosing the fee increase, which led to some investors being charged fees equal to 96 percent of the value of their account holdings. In total, the company took approximately $4.25 million from investors. The AG maintained that the company also failed to register as a commodity broker dealer in the state for a period of time, and that while it was eventually granted a virtual currency license pursuant to 23 NYCRR Part 200, it failed to file a registration statement. Under the terms of the assurance of discontinuance, the company is required to pay $508,910 in restitution to the state and provide full restitution to all investors who were misled. The company is also required to provide monthly refund status updates to the AG, limit the amount of fees charged for using its wallet service to 0.002 percent per cryptocurrency per month for at least five years, and ensure that it adequately discloses all fees to investors.
Default judgment entered against provider of immigration bonds
The U.S. District Court for the Western District of Virginia recently entered default judgment against defendants accused of misrepresenting the cost of immigration bond services and deceiving migrants to keep them paying monthly fees by making false threats of deportation for failure to pay. As previously covered by InfoBytes, the defendants—a group of companies providing immigration bond products or services for non-English speaking U.S. Immigration and Customs Enforcement detainees—were sued by the CFPB and state attorneys general from Massachusetts, New York, and Virginia in 2021 for allegedly engaging in deceptive and abusive acts and practices in violation of the Consumer Financial Protection Act (CFPA). The defendants argued that the court lacked subject matter jurisdiction because the Bureau did not have authority to enforce the CFPA since the defendants are regulated by state insurance regulators and are merchants, retailors, or sellers of nonfinancial goods or services. However, the court disagreed, explaining that “limitations on the CFPB’s regulatory authority do not equate to limitations on this court’s jurisdiction.” (Covered by InfoBytes here.)
As explained in the court’s opinion, last year the plaintiffs filed a motion for sanctions and for an order to show cause why the court should not hold the defendants in contempt for actions relating to several ongoing discovery disputes. The court determined that the defendants failed to demonstrate that “factors other than obduracy and willfulness” led to their failure to comply with multiple discovery orders and that the defendants engaged in a “pattern of knowing noncompliance with numerous orders of the court.” These delays, the court said, have significantly harmed the plaintiffs in their ability to prepare their case. Finding each defendant in civil contempt of court, the court also entered a default judgment against the defendants, citing them for discovery violations in other cases. The court set June deadlines for briefs on remedies and damages.
New York proposes “landmark” crypto legislation
On May 5, New York Attorney General Letitia James announced proposed legislation to increase oversight of the cryptocurrency industry. Calling the “landmark legislation” the “strongest and most comprehensive set of regulations on cryptocurrency in the nation,” James said the bill would increase transparency, eliminate conflicts of interest, and impose “commonsense” investor protection measures consistent with other financial services regulations. Among other things, the bill would strengthen NYDFS’ regulatory authority over digital assets and codify the Department’s ability to license digital asset brokers, marketplaces, investment advisors, and issuers prior to engaging in business in the state. NYDFS would also be given jurisdiction to enforce violations of law within the crypto industry, including by issuing subpoenas; imposing civil penalties of $10,000 per violation per individual or $100,000 per violation per firm; collecting restitution, damages, and penalties; and shutting down businesses found to be engaging in fraud and illegal activities.
The bill would also strengthen investor protections by enacting and codifying “know-your-customer” protections, “[b]anning the use of the term ‘stablecoin’ to describe or market digital assets unless they are backed 1:1 with U.S. currency or high-quality liquid assets as defined in federal regulations,” and requiring crypto platforms to reimburse victims of fraud, similar to a bank’s responsibility under the EFTA. Other provisions would, among other things, (i) implement protections to stop conflicts of interest, including by preventing common ownership of crypto issuers, marketplaces, brokers, and investment advisers and preventing such persons from engaging in more than one of those activities; and (ii) require public reporting of financial statements to increase transparency and mandate that companies be required to undergo independent audits and publish audited financial statements, among other things.
The proposed bill will be submitted by the attorney general’s office to the New York Senate and Assembly for their consideration during the 2023 legislative session.