InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB settles lawsuit against debt settlement provider
On July 9, the CFPB announced a $25 million settlement with the nation’s largest debt settlement provider to resolve allegations that the company engaged in deceptive acts and practices in violation of the Telemarketing Sales Rule and the Consumer Financial Protection Act. As previously covered by InfoBytes, in 2017 the Bureau claimed, among other things, that the company (i) misled consumers about its ability to negotiate with creditors that the company knew maintained policies against working with settlement companies; (ii) charged advance fees without settling consumers’ debts; and (iii) failed to inform consumers about their rights to refunds from their deposit accounts if they left the settlement program. The proposed stipulated final judgment and proposed order requires the company to pay $20 million in restitution to affected consumers and a $5 million civil money penalty (CMP), in addition to providing certain upfront disclosures to consumers before enrollment. The settlement further enjoins the company from engaging in the alleged unlawful conduct in the future and stipulates that $493,500 of the CMP will be remitted in light of a penalty the company previously paid under a consent order issued by the FDIC in 2018.
CFPB issues latest fair lending report to Congress
On June 28, the CFPB issued its seventh fair lending report to Congress, which outlines the Bureau’s efforts in 2018 to fulfill its fair lending mandate. According to the report, in 2018, the Bureau continued to focus on promoting fair, equitable, and nondiscriminatory access to credit, highlighting several fair lending priorities that continued from years past such as mortgage origination, mortgage servicing, and small business lending. The Bureau also noted two new focus areas for fair lending examinations or investigations: (i) student loan origination, specifically, whether there is discrimination in underwriting and pricing; and (ii) debt collection and model use, specifically, whether there is discrimination in governing auto servicing and credit card collections, including the use of models that predict recovery outcomes. Additionally, the report highlighted several other Bureau activities from 2018, including, among other things (i) issuing guidance to facilitate the implementation of the August 2018 HMDA final rule (covered by InfoBytes here); and (ii) recommending supervisory reviews of third-party credit scoring models, noting that the “use of alternative data and modeling techniques may expand access to credit or lower credit cost and, at the same time, present fair lending risks.”
7th Circuit: HEA does not preempt affirmative misrepresentation claims against student loan servicer
On June 27, the U.S. Court of Appeals for the 7th Circuit vacated the dismissal of an action against a student loan servicer, concluding a borrower is not barred by the Higher Education Act from asserting state-law claims against a student loan servicer if the borrower reasonably and detrimentally relied on affirmative misrepresentations. The class action filed against a federal student loan servicer alleged that the servicer steered borrowers who were struggling to make payments into repayment plans that benefited the servicer to the detriment of borrowers, notwithstanding claims on the servicer’s website indicating that trained experts would assist each borrower choose among options beneficial to the borrower based on individual circumstances. In addition to violations of the Illinois Consumer Fraud and Deceptive Business Practices Act, the complaint alleged that the servicer’s conduct constituted constructive fraud and negligent misrepresentation under Illinois law. The district court dismissed the claims, holding that they were expressly preempted by Section 1098g of the Higher Education Act (HEA), which states “‘[l]oans made, insured, or guaranteed pursuant to a program authorized by title IV of the [HEA] of 1965 (20 U.S.C. 1070 et seq.) shall not be subject to any disclosure requirements of any State Law.’”
On appeal, the 7th Circuit disagreed, concluding the district court’s decision was “overly broad.” Specifically, the appellate court found that the statements made on the servicer’s website were “affirmative misrepresentations,” which would not be covered under the HEA. The appellate court distinguished the instant case from the 9th Circuit’s decision in Chae v. SLM Corp, noting the plaintiffs in Chae complained about alleged “failures to disclose key information in specific ways, such as loan terms and repayment requirements.” Here, however, the 7th Circuit panel determined that the preemption principles enunciated in the Chae opinion do not extend to claims about the servicer’s “affirmative misrepresentations in counseling, where [the servicer] could have avoided liability under state law by remaining silent (or telling the truth) on certain topics.”
FTC and NY AG settle with phantom debt operation
On July 1, the FTC announced, together with the New York attorney general, a settlement with two New York-based phantom debt operations and their principals (collectively, “defendants”) resolving allegations that the operations bought, placed for collection, sold lists of, and collected on fake debts that consumers did not owe. As previously covered by InfoBytes, the June 2018 complaint alleged that the defendants ran a deceptive and abusive debt collection scheme in violation of the FTC Act, the FDCPA, and New York state law. The settlement order against one company and its owners bans the defendants from debt collection activities, including buying, placing for collection, and selling debt. The order requires the defendants to pay a combined $676,575, suspending the total judgment of $6.75 million, due to inability to pay. The settlement order against the other company and its owner prohibits the defendants from engaging in unlawful collection practices and requires the payment of $118,000, suspending the total judgment of $4.94 million, due to inability to pay.
OFAC sanctions Maduro regime officials in Venezuela
On June 27 and 28, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated two Maduro regime officials and the son of Maduro for engaging in significant corruption and fraud to the detriment of the people of Venezuela. Specifically, OFAC designated the two regime officials pursuant to Executive Order (E.O.) 13692, for having previously received bribes from two Venezuelan businessmen in exchange for awarding contracts for expensive equipment to maintain Venezuelan electrical infrastructure, which were incompatible with the Venezuelan electrical system. Continued corruption and mismanagement resulted in persistent countrywide blackouts, limiting the people’s access to basic goods, services, and potable water supplies, among other things.
Additionally, pursuant to E.O. 13692, OFAC designated the son of Maduro for being a current or former official of the Government of Venezuela and a member of Venezuela’s illegitimate National Constituent Assembly, “which seeks to rewrite the Venezuelan constitution and dissolve Venezuelan state institutions, [and] was created through an undemocratic process instigated by Maduro’s government to subvert the will of the Venezuelan people.”
FTC holds fourth annual PrivacyCon to address hot topics
On June 27, the FTC held its fourth annual PrivacyCon, which hosted research presentations on a wide range of consumer privacy and security issues. Following opening remarks by FTC Chairman Joseph Simons, the one-day conference featured four plenary sessions covering a number of hot topics:
- Session 1: Privacy Policies, Disclosures, and Permissions. Five presenters discussed various aspects of privacy policies and notices to consumers. The panel discussed current trends showing that privacy notices to consumers have generally become lengthier in recent years, which helps cover the information regulators require, but often results in information overload for consumers more generally. One presenter advocated the concept of a condensed “nutrition label” for privacy, but acknowledged the challenge of distilling complicated activities into short bullets.
- Session 2: Consumer Preferences, Expectations, and Behaviors. This panel addressed research concerning consumer expectations and behaviors with regard to privacy. Among other anecdotal information, the presenters noted that many consumers are aware that personal data is tracked, but consumers are generally unaware of what data collectors ultimately do with the personal data once collected. To that end, one presenter advocated prescriptive limits on data collection in general, which would take the onus off consumers to protect themselves. Separately, with regard to the Children’s Online Privacy Protection Act (COPPA), one presenter noted that the law generally aligns with parents’ privacy expectations, but the implementing regulations and guidelines are too broad and leave too much room for implementation variations.
- Session 3: Tracking and Online Advertising. In the third session, five presenters covered various topics, including privacy implications of free versus paid-for applications to the impact of the EU’s General Data Protection Regulation (GDPR). According to the presenters, current research suggests that the measurable privacy benefits of paying for an app are “tenuous at best,” and consumers cannot be expected to make informed decisions because the necessary privacy information is not always available in the purchase program on a mobile device such as a phone. As for GDPR, the panel agreed that there are notable reductions in web use, with page views falling 9.7 percent in one study, although it is not clear whether such reduction is directly correlated to the May 25, 2018 effective date for enforcement of GDPR.
- Session 4: Vulnerabilities, Leaks, and Breach Notifications. In the final presentation, presenters discussed new research on how companies can mitigate data security vulnerabilities and improve remediation. One presenter discussed the need for proactive identification of vulnerabilities, noting that the goal should be to patch the real vulnerabilities and limit efforts related to vulnerabilities that are unlikely to be exploited. Another presenter analyzed data breach notifications to consumers, noting that all 50 states have data breach notification laws, but there is no consensus as to best practices related to the content or timing of notifications to consumers. The presenter concluded with recommendations for future notification regulations: (i) incorporate readability testing based on standardized methods; (ii) provide concrete guidelines of when customers need to be notified, what content needs to be included, and how the information should be presented; (iii) include visuals to highlight key information; and (iv) leverage the influence of templates, such as the model privacy form for the Gramm-Leach-Bliley Act.
9th Circuit denies rent-to-own company’s arbitration bid
On June 28, the U.S. Court of Appeals for the 9th Circuit affirmed the denial of a rent-to-own company’s motion to compel arbitration in a putative class action alleging the company charged excessive prices. According to the opinion, three named plaintiffs filed suit against the company in 2017, alleging that the company structured its rent-to-own pricing in violation of California law, including the Karnette Rental-Purchase Act, the Unfair Competition Law, the Consumers Legal Remedies Act, and the state’s prohibitions against usurious loans. The plaintiffs sought public injunctive relief, as well as compensatory damages and restitution, among other things. The company moved to compel arbitration in accordance with the arbitration agreement executed in connection with the plaintiff’s rent-to-own air conditioner contract. The district court denied the motion to compel arbitration, concluding that the arbitration agreement violates the California Supreme Court decision in McGill v. Citibank, N.A (covered by a Buckley Special Alert here) because it constitutes a waiver of the plaintiff’s substantive right to seek public injunctive relief. Moreover, the court concluded that McGill was not preempted by the Federal Arbitration Act (FAA), and that the agreement’s severance clause allowed for the plaintiff’s Karnette Act, UCL, and CLRA claims to be severed from the arbitration.
On appeal, the 9th Circuit agreed with the district court, rejecting the company’s arguments that McGill was preempted by the FAA. The appellate court found that McGill does not interfere with the bilateral nature of a typical arbitration, stating “[t]he McGill rule leaves undisturbed an agreement that both requires bilateral arbitration and permits public injunctive claims.” Moreover, the appellate court noted that the severance clause in the agreement, which precludes an arbitrator from awarding public injunctive relief, is triggered by the McGill rule, and disagreed with the company that the arbitrator would still adjudicate liability first, concluding that the clause provides “the entire claim be severed for judicial determination.”
VA updates fee guidance for IRRRLs
On June 28, the Department of Veterans Affairs (VA) issued Circular 26-19-17, which provides new funding fee guidance to lenders and servicers concerning Interest Rate Reduction Refinancing Loans (IRRRLs). The new guidance, effective immediately, requires, among other things, that: (i) a Certificate of Eligibility (COE) be obtained for IRRRLs to ensure the funding fee exemption information is up to date at the time of closing; (ii) lenders ask active duty servicemembers if they have a pre-discharge claim pending, and, if so, contact the Regional Loan Center to request assistance in obtaining a proposed or memorandum rating in the event the servicemember is eligible for a funding fee exemption; and (iii) if a lender or servicer is notified by the VA or the veteran of an overpayment of a funding fee, such lender initiate a refund request in the Funding Fee Payment System (FFPS) within three business days.
CFPB updates Payday Rule Small Entity Compliance Guide
On June 28, the CFPB updated its Small Entity Compliance Guide for the Payday Lending Rule, which covers the payment-related requirements of the Rule. In addition to technical corrections, the update reflects the delayed compliance date for the mandatory underwriting provisions of the Rule. As previously covered by InfoBytes, on June 6, the Bureau released a final rule to delay the August 19, 2019 compliance date for the mandatory underwriting provisions of the Rule. Compliance with these provisions is now required by November 19, 2020.
FDIC announces centralized division for large, complex financial institution activities
On June 27, the FDIC announced that it will form a new division titled, “Division of Complex Institution Supervision and Resolution (CISR),” to centralize and consolidate the supervision and resolution activities for the largest banks and complex financial institutions. The division will be responsible for the supervision and monitoring of banks with assets greater than $100 billion for which the FDIC is not the primary federal regulator. It will also be responsible for planning and executing the FDIC's resolution mandates for such banks and for other financial companies if necessary to protect U.S. financial stability. FDIC Chairman McWilliams stated that the new division, which will consolidate functions currently handled by three separate areas of the FDIC, “will enable [the FDIC] to take a more holistic approach to the supervision and resolution of these institutions and the unique challenges they present.” The division is expected to be operational on July 21.