Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • States endorse CFPB’s policy statement on abusive conduct

    State Issues

    On July 6, the California attorney announced that he had joined a coalition of state attorneys general in submitting a comment letter endorsing the CFPB’s recently issued policy statement on abusive conduct in consumer financial markets. The multi-state coalition comprises Arizona, California, Colorado, Connecticut, the District of Columbia, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, and Wisconsin. In April, the Bureau issued a policy statement containing an “analytical framework” for identifying abusive conduct prohibited under the Consumer Financial Protection Act, in which it broadly defined abusive conduct as anything that obscures, withholds, de-emphasizes, renders confusing, or hides information about the key features of a product or service. (Covered by InfoBytes here.)

    In their letter, the state attorneys general emphasized the importance of preventing abusive conduct in consumer financial markets and highlighted the partnership between states and the Bureau in achieving this goal. The states also commended the Bureau for providing a clear, analytical framework for what constitutes abusive acts or practices and expressed appreciation for the agency’s use of real enforcement actions as examples of illegal abusive conduct. The multi-state coalition applauded the flexibility and guidance provided by the policy statement and complimented the Bureau for acknowledging the realities of modern consumer markets by clarifying that both acts and omissions can hinder consumers’ understanding of terms and conditions, including the use of fine print or complex language that limits comprehension.

    State Issues Federal Issues State Attorney General CFPB CFPA UDAAP Abusive Consumer Finance

  • District Court orders individual to pay $148 million in student debt-relief scam

    Courts

    On July 7, the U.S. District Court for the Central District of California entered a final judgment and order against an individual defendant accused of operating and controlling a deceptive student loan debt relief operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student loan borrowers. The Bureau and the states alleged that since at least 2015, the debt relief operation violated the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), FDCPA, and various state laws by charging and collecting over $95 million in illegal advance fees from student loan borrowers. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting the purpose and application of the fees they charged and the nature and benefits of their services. Specifically, the debt relief operation allegedly failed to inform borrowers that, among other things, (i) they would request that the loans be placed in forbearance and interest would continue to accrue during the forbearance period, thereby increasing the borrowers’ overall loan balances; and (ii) it was their practice to submit false information about the borrowers to student loan servicers to try to qualify borrowers for lower monthly payments. The individual defendant was accused of owning, controlling, and managing the student loan debt relief operation, materially participating in the operation’s affairs, and providing substantial assistance or support while knowing or consciously avoiding knowledge that the operation was engaging in illegal conduct.

    The individual defendant was held liable, jointly and severally, in the amount of approximately $95,057,757, for the purpose of providing redress to affected borrowers. Because the individual defendant was found to have recklessly violated the TSR and the CFPA, the court also imposed second-tier civil monetary penalties of $147,985,000 to the Bureau, of which $5,000 will be paid to each state. The final judgment also imposes various forms of injunctive relief, including permanent bans on engaging in consumer financial products or services and violating the TSR, CFPA, and similar laws in Minnesota, North Carolina, and California. The individual defendant is also prohibited from disclosing, using, or benefiting from customer information obtained in connection with the offering or providing of the debt relief services, and may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase” a debt relief service from any of the defendants.

    Courts Federal Issues State Issues CFPB Consumer Finance Enforcement Student Lending Debt Relief State Attorney General CFPA TSR FDCPA Debt Collection Settlement

  • Maryland says crypto enforcement could affect money transmitter licensure

    On June 22, the Maryland Commissioner of Financial Regulation issued an advisory on recent enforcement actions by Maryland and federal securities enforcement agencies against cryptocurrency-related businesses that could potentially impact businesses pursuing money transmitter licensure. The actions allege certain businesses offered products constituting securities while they were only licensed as money transmitters by the Commissioner of Financial Regulation. The state takes “character and fitness” into consideration for licensure and although the Commissioner does not enforce securities laws, he or she must consider violations of law, including violations of Maryland securities law, when determining whether to grant licenses. The advisory reads, “compliance with law, particularly Maryland law, regardless of whether or not the law falls within the Commissioner’s purview, must be considered when determining whether a licensee warrants the belief that business will be conducted lawfully, and thus whether the licensee is, or remains, qualified for licensure.” Moreover, violations of securities laws could form the grounds for action by the Commissioner against a licensee, “including but not limited to, an action seeking to revoke a license.”

    Licensing State Issues Enforcement State Attorney General Maryland Money Service / Money Transmitters

  • 26 state AGs support FTC’s proposal on Negative Option Rule

    State Issues

    On June 26, a coalition of 26 state attorneys general from New York, Pennsylvania, Alabama, Arizona, California, Colorado, Connecticut, Delaware, District of Columbia, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Jersey, North Carolina, North Dakota, Oklahoma, Oregon, Vermont, Washington, and Wisconsin, submitted a comment letter in support of the FTC’s proposed amendments to its Negative Option Rule. While the Negative Option Rule is intended to combat unfair or deceptive practices related to subscriptions, memberships, and other recurring-payment programs, the FTC maintained that current laws and regulations do not clearly provide a consistent legal framework for these types of programs. (Covered by InfoBytes here.)

    In March, the FTC issued a notice of proposed rulemaking (NRPM), which would apply to all subscription features in all media (including “the internet, telephone, in-print, and in-person transactions”) and would regulate additional types of negative-option practices, including automatic renewals, free trial offers, and continuity plans. The NPRM proposes to add a new “click to cancel” provision making it as easy for consumers to cancel their enrollment as it was to sign up. Sellers would be required to first ask consumers whether they want to hear about new offers or modifications before making a pitch when consumers are trying to cancel their enrollment. Sellers further must provide consumers who are enrolled in negative option programs with an annual reminder involving anything other than physical goods before they are automatically renewed.

    In their letter, the states expressed support for the FTC’s NPRM, in particular, the provisions that would preserve state authority to regulate negative-option marketing and to enact greater protections and stricter laws than those proposed by the FTC. The states also agreed that the NPRM provides additional guidance and clarity on how businesses can comply with existing legal frameworks. However, the states urged the FTC to consider additional clarifications and improvements, including (i) requiring businesses to “clearly and conspicuously inform consumers of any conditions (or lack thereof) concerning cancellation”; (ii) requiring businesses to obtain an additional round of consent before charging a consumer at the end of a free trial; (ii) clarifying businesses’ cancellation mechanisms must be cost effective, timely, simple, and easy to use; (iii) expanding the methods that a consumer may use to cancel a recurring contract and allowing “all consumers to cancel through any medium that the seller uses to sell subscriptions or memberships, regardless of the medium through which that particular consumer signed up”; and (iv) requiring businesses to provide negative option reminders in additional ways—“not only through the same medium that the consumer used to consent to the negative option feature but also through any other medium that the seller uses to communicate with the consumer.”

    State Issues Agency Rule-Making & Guidance State Attorney General FTC Negative Option

  • Unregistered crypto platform to pay $1.8 million to New York

    State Issues

    On June 15, the New York attorney general announced a settlement with a Hong Kong-based cryptocurrency platform to resolve allegations that the company failed to register as a securities and commodities broker-dealer and falsely represented itself as a crypto exchange. The respondent’s platform enables investors to buy and sell cryptocurrency. An investigator was able to create an account on the platform using a New York-based IP address to buy and sell tokens even though the respondent was not registered with the state. (Under New York law, securities and commodities brokers are required to be registered.) The respondent is ordered to refund more than one million dollars to investors and pay more than $600,000 to the state. According to the settlement, investors will receive their refunds in the form of cryptocurrency within 90 days. Additionally, the respondent must cease operating in the U.S., and implement geoblocking to prevent New York IP addresses from accessing its platform. The platform is also banned from offering, selling, or purchasing securities and commodities in New York, and must send weekly emails to its investors in New York, advising them to withdraw their funds from their accounts, or their funds will be transferred to the AG’s office. “Unregistered crypto platforms pose a risk to investors, consumers, and the broader economy,” the AG said, further warning of the serious consequences to other crypto platforms that do not follow New York law. This settlement follows other crypto-related legislation and suits from the New York AG (covered by InfoBytes here).

    State Issues Digital Assets Fintech State Attorney General Cryptocurrency Enforcement New York

  • Republicans seek to overturn CFPB small-biz lending rule; Georgia AG says rule is unnecessary and burdensome

    Federal Issues

    Recently, several House Republicans introduced a joint resolution of disapproval (H.J. Res. 66) under the Congressional Review Act to overturn the CFPB’s small business lending rule. As previously covered by InfoBytes, last month the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act. Effective August 29, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses (defined as an entity with gross revenue under $5 million in its last fiscal year). Both traditional banks and credit unions, as well as non-banks, will be required to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).

    Also opposing the final rule, Georgia Attorney General Christopher M. Carr sent a letter to CFPB Director Chopra requesting that the final rule be rescinded. Carr argued that the final rule places an unnecessary and expensive burden on financial institutions, and that “[w]ith the current uneasiness in the market and a plethora of other challenges facing community banks, now is not the time to require them to gather more information that has absolutely nothing to do with the process of evaluating which applicants are the strongest and most deserving of capital.” Carr further contended that if lending discrimination is a “rampant problem,” the Bureau should use channels already in place to address this issue. Pointing out that states already have their own consumer protection and anti-discrimination statutes in place, Carr argued that the final rule imposes redundant compliance requirements on financial institutions, particularly community banks. Carr asked the Bureau to “allow states to continue to address lending issues as they occur, rather than saddling small businesses with burdensome regulations.”

    Additionally, in April, a group of plaintiffs, including a Texas banking association, filed a lawsuit against the Bureau seeking to invalidate the final rule. (Covered by InfoBytes here.) Plaintiffs argued that the final rule will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses.

    Federal Issues State Issues CFPB Small Business Lending U.S. House Congressional Review Act State Attorney General Section 1071 Georgia

  • New Jersey says realty company misled consumers about homeowner program

    State Issues

    On June 6, the New Jersey attorney general and the New Jersey Division of Consumer Affairs filed an action against a realty company and its principals (collectively, “defendants”) for allegedly violating the state’s Consumer Fraud Act by making deceptive misrepresentations about its “Homeowner Benefit Program” (HBP). Concurrently, the New Jersey Real Estate Commission in the Department of Banking and Insurance filed an order to show cause alleging similar misconduct and taking action against the real estate licenses belonging to the company and certain related individuals.

    According to the complaint, the defendants’ HBP was marketed to consumers as a low-risk opportunity to obtain quick, upfront cash between $300 and $5000 in exchange for giving defendants the right to act as their real estate agents if they sold their homes in the future. The HBP was not marketed as a loan and consumers were told they were not obligated to repay the defendants or to ever sell their home in the future. However, the press release alleged that the HBP functions as a high-interest mortgage loan giving the defendants the right to list the property for 40 years, and that the loan survives the homeowner’s death and levies a high early termination fee against the homeowners. The complaint further charged the defendants with failing to disclose the true nature of the HBP and failing to present the terms upfront. Moreover, in order to sell the HBP, the defendants allegedly placed unsolicited telephone calls to consumers despite not being licensed as a telemarketer in New Jersey. The complaint seeks an order requiring defendants to discharge all liens against homeowners, pay restitution and disgorgement, and pay civil penalties and attorneys’ fees and costs.

    The order to show cause alleges violations of the state’s Real Estate License Act and requires defendants to show why their real estate licenses should not be suspended or revoked, as well as why fines or other sanctions, such as restitution, should not be imposed. Defendants have agreed to cease any attempt to engage New Jersey consumers in an HBP agreement pending resolution of the order to show cause.

    State Issues Licensing Enforcement New Jersey Consumer Finance Predatory Lending State Attorney General State Regulators

  • FTC seeks to work with states on combatting fraud

    Agency Rule-Making & Guidance

    On June 7, the FTC announced it is soliciting public comments on how the Commission can work more effectively with state attorneys general to prevent and inform consumers about potential fraud. The FTC said in its announcement that the agency and the AGs share a common mission to protect the public from “deceptive or unfair business practices and from unfair methods of competition through law enforcement, advocacy, research, and education.” The request for public comments comes as a result of the FTC Collaboration Act of 2021 (the “Act”), which requires the Commission to not only solicit public comments, but also to consult directly with interested stakeholders. Signed into law last year, the Act directs the FTC to conduct a study on how to streamline and leverage the relationship between the Commission and the AGs to better protect Americans from fraud and hold those committing malicious acts accountable. The FTC requests comments specifically regarding: (i) the roles and responsibilities of the Commission and AGs that best advance collaboration and consumer protection; (ii) how resources should be dedicated to further such collaboration and consumer protection; and (iii) the accountability mechanisms that should be implemented to promote collaboration and consumer protection between the FTC and AGs.

    The completed report will be submitted to the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science, and Transportation. Comments are due 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues CFPB Consumer Protection State Attorney General Consumer Finance

  • New York reaches settlement with medical management company over patient data

    Privacy, Cyber Risk & Data Security

    On May 23, the New York attorney general announced a settlement with a medical management company, for allegedly failing to protect over 428,000 New Yorkers’ personal and health data from a 2020 ransomware cyberattack affecting roughly 1.2 million consumers nationwide. According to the AG’s investigation, the company implemented a new version of its software in January 2019, but allegedly failed to conduct a series of security tests and scans that could have identified any security problems. Further, the private information maintained by the company was not encrypted. Notably, information for 13 consumers was apparently discovered on the dark web days after the hack. The investigation concluded that the company, amongst the 28 areas where they failed to maintain reasonable data security practices to protect patients’ private and health information, allegedly failed to maintain appropriate patch management processes, conduct regular security testing of its systems, and encrypt the personal information on its servers. Under the terms of the assurance of discontinuance, the company, while neither admitting or denying the allegations, agreed to pay $550,000 in penalties, and will improve its data security practices and offer affected customers free credit monitoring services.

    Privacy, Cyber Risk & Data Security State Issues State Attorney General Data Breach New York

  • Texas amends breach notification requirements

    Privacy, Cyber Risk & Data Security

    On May 27, the Texas governor signed SB 768 to amend the state’s data breach notification statutes. The Act requires entities to notify the attorney general “as soon as practicable” and not later than 30 days after the date a computerized security system breach occurs involving at least 250 Texas residents. The Act now details that notification must be submitted electronically using a form accessible through the attorney general’s website. No substantive changes were made to the required information within the form. The Act is effective September 1.

    Privacy, Cyber Risk & Data Security State Issues Texas Data Breach State Attorney General Consumer Protection

Pages

Upcoming Events