InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Payment processor fined $75k, partner owes $243M in CFPB suit
On July 31, the District Court for the Central District of California entered judgment in favor of the court-appointed receiver for defendants against the non-party provider of payment processing and escrow services to defendants and its managing member in the amount of $75,000, following a July 10 order requiring defendant to pay $243 million in redress and civil penalties. These judgments were entered in connection with the lawsuit filed by the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, against a student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees (covered by InfoBytes here).
The defendant companies and one of the controlling business partners settled in 2020, but the court ordered the remaining controlling business partner to pay $243 million in redress and civil penalties earlier in July based on his involvement in violating various laws through the operation, including the TSR and the CFPA. Of the $243 million, the CFPB is entitled to over $95 million as redress for unlawful fees paid by consumers affected by the student loan debt relief operation and nearly $148 million of civil money penalties, and Minnesota, North Carolina, and California are each entitled to $5,000 of civil money penalties. The recent judgment of $75,000 entered against the non-party payment processing service provider resulted from the settlement of a separate lawsuit alleging that the service provider facilitated the fraud perpetuated by the defendants in the student loan debt relief operation and later attempted to deceptively transfer consumer funds held by defendants to avoid their transfer to the receiver.
California AG warns against unlawful employer-driven debt arrangements
On July 25, California Attorney General Rob Bonta issued a Legal Alert to remind all employers of state-law restrictions on employer-driven debt. Bonta highlighted concerns about employers engaging in exploitative practices that lead to employees accumulating debts as a result of their employment. (Also covered by InfoBytes here). Such practices may include employers withholding wages, failing to reimburse necessary expenses, or charging fees that are unlawful under California labor laws.
The alert outlines that employer-driven debt arrangements may violate California Labor Code section 2802, “which mandates that employers ‘indemnify employees for all necessary expenditures or losses incurred by the employee in direct consequence of the discharge of his or her duties.’” Regarding job training, the alert mentions that California law forbids employers from making workers repay training costs, except in two cases: (i) when the training is necessary for legally practicing the profession, and (ii) when the worker voluntarily undertakes the training, not due to employer mandate. The alert warns companies that engage in exploitative practices that the protections established in the Labor Code cannot be waived by contract. The alert also states that such practices risk violating the state’s Rosenthal Fair Debt Collection Practices Act, which “prohibits an employer or its agent from engaging in unfair or deceptive acts or practices when attempting to collect on employer-driven debt.” Finally, the alert notes that if an employer takes advantage of a worker’s lack of information or knowledge about the risks or costs of the debt, they may violate the California Consumer Financial Protection Law.
Feds, states launch “Operation Stop Scam Calls”
On July 18, the FTC, along with over 100 federal and state law enforcement partners nationwide, including the DOJ, FCC, and attorneys general from all 50 states and the District of Columbia, announced a new initiative to combat illegal telemarketing calls, including robocalls. The joint initiative, “Operation Stop Scam Calls,” targets telemarketers and the companies that hire them, lead generators that provide consumers’ telephone numbers to robocallers and others who falsely represent that consumers consented to receive the calls. The initiative also targets Voice over Internet Protocol (VoIP) service providers that facilitate illegal robocalls, many of which originate overseas.
In connection with Operation Stop Scam Calls, the FTC has initiated five new cases against companies and individuals allegedly responsible for distributing or assisting in the distribution of illegal telemarketing calls to consumers across the country. According to the announcement, the actions reiterate the FTC’s position “that third-party lead generation for robocalls is illegal under the Telemarketing Sales Rule (TSR) and that the FTC and its partners are committed to stopping illegal calls by targeting anyone in the telemarketing ecosystem that assists and facilitates these calls, including VoIP service providers.” The announcement also states that more than 180 enforcement actions and other initiatives have been taken by 48 federal and 54 state agencies as part of Operation Stop Scam Calls.
Among the new actions announced a part of Operation Stop Scam Calls is a complaint filed against a “consent farm” lead generator, which allegedly uses “dark patterns” to collect consumers’ broad agreement to provide their personal information and receive robocalls and other marketing solicitations through a single click of a button or checkbox via its websites. Under the terms of the proposed order, the defendant would be required to pay a $2.5 million civil penalty and would be banned from engaging in, assisting, or facilitating robocalls. The defendant would also be required to implement measures to limit its lead generation practices, establish systems for monitoring its own advertising and that of its affiliates, comply with comprehensive disclosure requirements concerning the collection of consumers’ consent to the sale of their information, and delete all previously collected consumer information.
Other actions were taken against a California-based telemarketing lead generator, a telemarketing company that provides soundboard calling services to clients who use robocalls to sell a range of products and services, a New Jersey-based telemarketing outfit that placed tens of millions of calls to consumers whose numbers are listed on the National Do Not Call Registry, and Florida-based defendants accused of assisting and facilitating the transmission of roughly 37.8 million illegal robocalls by providing VoIP services to over 11 foreign telemarketers.
Washington releases FAQs for My Health My Data Act
On June 20, the Washington attorney general published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act—a comprehensive health privacy law that provides broad restrictions on the use of consumer health data (covered by InfoBytes here). The FAQs include information on the law’s effective dates and applicability. According to the AG, “all persons, as defined in the Act, must comply with section 10 beginning July 23, 2023. Regulated entities that are not small businesses must comply with sections 4 through 9 beginning March 31, 2024. Small businesses, as defined in the Act, must comply with sections 4 through 9 beginning June 30, 2024. For sections 4 through 9, the effective dates apply to the entirety of the section and are not limited to the subsections in which the effective dates appear.” Additionally, the FAQs clarify that a business that is covered by the Act must provide a link to its consumer health data privacy policy on its homepage.
The FAQs also address a potential conflict between Sections 6 and 9 of the Act regarding the right to delete and consumers’ authorizations to sell data, respectively. Section 9 mandates that any person, not just regulated entities, must obtain consumer authorization before selling or offering to sell their data. Both the seller and purchaser are required to retain a copy of the authorization, which may contain consumer health data for six years. However, Section 6 stipulates that consumer health data should be deleted from a regulated entity’s network upon the consumer’s request. The FAQs advise that in cases where a consumer requests deletion under Section 6, any authorizations stored under Section 9 must be redacted to eliminate any information related to the data that was sold.
California probes employers’ CCPA compliance
On July 14, the California attorney general announced it recently sent inquiries to several large employers as part of an investigation into companies’ compliance with their legal obligations under the California Consumer Protection Act (CCPA). The investigation centers on how companies handle the personal information of employees and job applicants. As previously covered by InfoBytes, temporary exemptions related to human resource and business-to-business data provided by the CCPA and the California Privacy Rights Act expired on January 1 of this year. Amendments were introduced last legislative session that would have extended the exemption for “personal information that is collected and used by a business solely within the context of having an emergency contact on file, administering specified benefits, or a person’s role . . . [in] that business.” The amendments also proposed extending certain exemptions related to “personal information reflecting a communication or a transaction between a business and a company, partnership, sole proprietorship, nonprofit, or government agency that occurs solely within the context of the business conducting due diligence or providing or receiving a product or service.” However, the amendments were not adopted, and the exemptions expired.
The AG said they are sending the inquiry letters “to learn how employers are complying with their legal obligations.” Covered businesses subject to the CCPA are required to comply with the statute’s privacy protections as they relate to employee data, including providing notice of privacy practices and honoring consumer requests to exercise their rights to access, delete, and opt out of the sale and sharing of their personal information.
CFPB, states sue company over deceptive student lending and collection
On July 13, the CFPB joined state attorneys general from Washington, Oregon, Delaware, Minnesota, Illinois, Wisconsin, Massachusetts, North Carolina, South Carolina, and Virginia in taking action against an education firm accused of engaging in deceptive marketing and unfair debt collection practices. California’s Department of Financial Protection and Innovation is participating in the action as well. Prior to filing for bankruptcy, the Delaware-based defendant operated a private, for-profit vocational training program for software sales representatives. The joint complaint, filed as an adversary proceeding in the firm’s bankruptcy case, alleges that the defendant charged consumers up to $30,000 for its programs. The complaint further alleges that the defendant encouraged consumers who could not pay upfront to enter into income share agreements, which required minimum payments equal to between 12.5 and 16 percent of their gross income for 4 to 8 years or until they had paid a total of $30,000, whichever came first.
The complaint asserts that the defendant engaged in deceptive practices by misrepresenting its income share agreement as not a loan and not debt, and mislead borrowers into believing that no payments would need to be made until they received a job offer from a technology company with a minimum annual income of $60,000. The defendant is also accused of failing to disclose important financing terms, such as the amount financed, finance charges, and annual percentage rates, as required by TILA and Regulation Z. The complaint also claims that the defendant hired two debt collection companies to pursue collection activities on defaulted income share loans. One of the defendant debt collectors is accused of engaging in unfair practices by filing debt collection lawsuits in remote jurisdictions where consumers neither resided nor were physically present when the financing agreements were executed. The complaint further alleges the two defendant debt collectors violated the FDCPA and the CFPA by deceptively inducing consumers into settlement agreements and falsely claiming they owed more than they did.
According to the Bureau and the states, after the Delaware Department of Justice and Delaware courts began scrutinizing the debt collection lawsuits, the defendant unilaterally changed the terms of its contracts with consumers to force them into arbitration even though none of them had agreed to arbitrate their claims. Additionally, the complaint contends that settlement agreements marketed as being “beneficial” to consumers actually released consumers’ claims against the defendant and converted income share loans into revised “settlement agreements” that obligated them to make recurring monthly payments for several years and contained burdensome dispute resolution and collection terms.
The complaint seeks permanent injunctive relief, monetary relief, consumer redress, and civil money penalties. The CFPB and states are also seeking to void the income share loans.
States urge Supreme Court to find CFPB funding unconstitutional
On July 10, the West Virginia attorney general, along with 26 other states, filed an amicus brief in support of respondents in Consumer Financial Protection Bureau v. Community Financial Services Association of America, arguing that the CFPB’s funding structure violates the Constitution and that by operating outside the ordinary appropriations process states are often left “out in the cold.” In their brief, the states urged the U.S. Supreme Court to uphold the U.S. Court of Appeals for the Fifth Circuit’s decision in which it found that the Bureau’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here). The 5th Circuit’s decision also vacated the agency’s Payday Lending Rule on the premise that it was promulgated at a time when the Bureau was receiving unconstitutional funding.
Arguing that the Bureau is operating beyond the boundaries established by the Constitution, the states maintained that the current funding mechanism limits Congress’s ability to oversee the agency. “Even if the CFPB has done some good—and some would even dispute that premise—it wouldn't matter,” the states said, warning that “sidelining Congress can greenlight an agency to wreak havoc,” especially if the “agency wields broad regulatory and enforcement powers over the entire U.S. financial system, acts under the control of a single powerful figure, and lacks other protections from meaningful oversight.”
The appropriations process plays a crucial role in enabling states to influence agency actions indirectly, the states maintained, explaining that when an agency initiates a new enforcement initiative or significant rulemaking endeavor, it is required to publicly outline its projected work in order to secure the necessary funding to carry it out. “Disclosure on the front end of the appropriations process can empower affected parties—including the [s]tates—to take quick, responsive actions beyond lobbying their representatives (up to suing to stop illegal action, if need be).” In contrast, the Bureau’s insulation from this process has allowed it to hide its actions from public view, the states wrote. As an example, the Bureau has repeatedly declined to interpret or provide further clarity on how the provisions governing unfair, deceptive, or abusive acts or practices work.
The brief also highlighted examples of when Congress used funding cuts through the appropriations process to curtail agencies’ powers. Additionally, unlike the challenges of amending authorizing statutes, appropriations bills must be passed by Congress each year to avoid a government shutdown, which can be “a painful pill to swallow for the sake of standing up for an agency’s policy choice,” the states noted, adding that “[b]ecause appropriations involves both oversight committees and appropriations committees, agencies may have ‘less flexibility to ally themselves with executive branch officials or interest groups.’”
The states also urged the Court to “ignore doomsaying” about the consequences of finding the funding structure unconstitutional. Should the Court agree to invalidate the funding structure, Congress can pass a proper appropriations bill for the Bureau, the states explained, adding that “a rebuke from this Court would no doubt grease the sticky wheels of the legislative process and move them a bit faster.” Moreover, states could also fill any gaps should Congress somehow pare back the CFPB’s funding, the brief stressed.
Several amicus briefs were also filed this week in support of CFSA, including an amici curiae brief filed by the U.S. Chamber of Commerce and several banking associations and an amici curiae brief filed by 132 members of Congress, including 99 representatives and 33 senators, which urged the Court to uphold the 5th Circuit’s decision.
States endorse CFPB’s policy statement on abusive conduct
On July 6, the California attorney announced that he had joined a coalition of state attorneys general in submitting a comment letter endorsing the CFPB’s recently issued policy statement on abusive conduct in consumer financial markets. The multi-state coalition comprises Arizona, California, Colorado, Connecticut, the District of Columbia, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, and Wisconsin. In April, the Bureau issued a policy statement containing an “analytical framework” for identifying abusive conduct prohibited under the Consumer Financial Protection Act, in which it broadly defined abusive conduct as anything that obscures, withholds, de-emphasizes, renders confusing, or hides information about the key features of a product or service. (Covered by InfoBytes here.)
In their letter, the state attorneys general emphasized the importance of preventing abusive conduct in consumer financial markets and highlighted the partnership between states and the Bureau in achieving this goal. The states also commended the Bureau for providing a clear, analytical framework for what constitutes abusive acts or practices and expressed appreciation for the agency’s use of real enforcement actions as examples of illegal abusive conduct. The multi-state coalition applauded the flexibility and guidance provided by the policy statement and complimented the Bureau for acknowledging the realities of modern consumer markets by clarifying that both acts and omissions can hinder consumers’ understanding of terms and conditions, including the use of fine print or complex language that limits comprehension.
District Court orders individual to pay $148 million in student debt-relief scam
On July 7, the U.S. District Court for the Central District of California entered a final judgment and order against an individual defendant accused of operating and controlling a deceptive student loan debt relief operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student loan borrowers. The Bureau and the states alleged that since at least 2015, the debt relief operation violated the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), FDCPA, and various state laws by charging and collecting over $95 million in illegal advance fees from student loan borrowers. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting the purpose and application of the fees they charged and the nature and benefits of their services. Specifically, the debt relief operation allegedly failed to inform borrowers that, among other things, (i) they would request that the loans be placed in forbearance and interest would continue to accrue during the forbearance period, thereby increasing the borrowers’ overall loan balances; and (ii) it was their practice to submit false information about the borrowers to student loan servicers to try to qualify borrowers for lower monthly payments. The individual defendant was accused of owning, controlling, and managing the student loan debt relief operation, materially participating in the operation’s affairs, and providing substantial assistance or support while knowing or consciously avoiding knowledge that the operation was engaging in illegal conduct.
The individual defendant was held liable, jointly and severally, in the amount of approximately $95,057,757, for the purpose of providing redress to affected borrowers. Because the individual defendant was found to have recklessly violated the TSR and the CFPA, the court also imposed second-tier civil monetary penalties of $147,985,000 to the Bureau, of which $5,000 will be paid to each state. The final judgment also imposes various forms of injunctive relief, including permanent bans on engaging in consumer financial products or services and violating the TSR, CFPA, and similar laws in Minnesota, North Carolina, and California. The individual defendant is also prohibited from disclosing, using, or benefiting from customer information obtained in connection with the offering or providing of the debt relief services, and may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase” a debt relief service from any of the defendants.
Maryland says crypto enforcement could affect money transmitter licensure
On June 22, the Maryland Commissioner of Financial Regulation issued an advisory on recent enforcement actions by Maryland and federal securities enforcement agencies against cryptocurrency-related businesses that could potentially impact businesses pursuing money transmitter licensure. The actions allege certain businesses offered products constituting securities while they were only licensed as money transmitters by the Commissioner of Financial Regulation. The state takes “character and fitness” into consideration for licensure and although the Commissioner does not enforce securities laws, he or she must consider violations of law, including violations of Maryland securities law, when determining whether to grant licenses. The advisory reads, “compliance with law, particularly Maryland law, regardless of whether or not the law falls within the Commissioner’s purview, must be considered when determining whether a licensee warrants the belief that business will be conducted lawfully, and thus whether the licensee is, or remains, qualified for licensure.” Moreover, violations of securities laws could form the grounds for action by the Commissioner against a licensee, “including but not limited to, an action seeking to revoke a license.”