InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Education Dept. releases IDR proposal
On January 10, the Department of Education (DOE) announced a notice of proposed rulemaking (NPRM) to reduce the cost of federal student loan payments. According to the DOE, the regulations fulfill President Biden’s plan to provide student debt relief for approximately 40 million borrowers and to make the student loan system more manageable for student borrowers. As previously covered by InfoBytes, the three-part debt relief plan was announced in August to provide, among other things, up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the DOE, and up to $10,000 in debt cancellation to non-Pell Grant recipients for borrowers making less than $125,000 a year or less than $250,000 for married couples. Plaintiffs, whose loans are ineligible for debt forgiveness under the program, sued the DOE and the DOE secretary claiming the agency violated the Administrative Procedure Act’s notice-and-comment rulemaking procedures and arbitrarily decided the program’s eligibility criteria. Plaintiffs further contended that the DOE secretary does not have the authority under the HEROES Act to implement the program. Specifically, the NPRM would establish that those making less than $30,577 as an individual or a family of four making less than $62,437 would have their monthly payments reduced to $0.
According to the NPRM, the DOE is proposing to amend the regulations governing income-contingent repayment plans by amending the Revised Pay as You Earn (REPAYE) repayment plan. The NPRM noted that the DOE is looking to restructure and rename the repayment plan regulations under the William D. Ford Federal Direct Loan Program, including combining the Income Contingent Repayment (ICR) and the Income-Based Repayment (IBR) plans under the umbrella term of IDR plans. The NPRM would ensure that a borrower’s balance would not grow due to accumulation of unpaid interest if the borrowers otherwise make their monthly payments. Additionally, the NPRM would also establish that for individuals who borrow $12,000 or less, loan forgiveness can occur after making the equivalent of 10 years of payments. That period increases by one year for each additional $1,000 that is borrowed. The DOE released a Fact Sheet on increasing college accountability, which clarifies information on identifying the lowest-financial-value programs, protecting students and delivering value through greater accountability, increasing collaboration with accreditors, and building a record of action.
The DOE also released a request for information (RFI) to solicit comments on identifying the best ways to calculate the metrics that may be used to identify low-financial-value programs and inform technical considerations. Finally, the DOE released a Fact Sheet on transforming IDR. Among other things, the Fact Sheet discusses decreasing undergraduate loan payments, stopping unpaid interest accumulation, and lowering the number of monthly payments required to receive forgiveness for borrowers with smaller loan balances. Comments are due 30 days after publication in the Federal Register.
FTC seeks to ban noncompete clauses
On January 5, the FTC announced a notice of proposed rulemaking (NPRM) regarding banning the use of noncompete clauses in employment contracts. Among other things, the NPRM, would make it illegal for employers to: (i) enter into, or attempt to enter into, a noncompete agreement with a worker; (ii) maintain a noncompete agreement with a worker; or (iii) represent to a worker that the worker is subject to a noncompete agreement. The NPRM also would require employers to rescind existing noncompete agreements and notify workers that those agreements are no longer in effect. The NPRM extends to both paid and unpaid workers as well as independent contractors. It also extends to non-disclosure agreements or agreements to repay training costs upon early termination of employment if such agreements amount de facto to a noncompete. Finally, the NPRM extends to noncompetes related to the sale of a business unless they involve a person who owns at least 25 percent of the sold business. The ban would be pursuant to Sections 5 and 6(g) of the FTC Act, which declare “unfair methods of competition in or affecting commerce” to be unlawful, and authorize the FTC to issue rules prohibiting such methods.
According to FTC Chair Lina M. Khan, noncompete clauses “block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand.” She noted that by ending noncompete clauses, “the FTC’s proposed rule would promote greater dynamism, innovation, and healthy competition.” According to Commissioner Christine S. Wilson’s dissent, the NPRM is a “radical departure from hundreds of years of legal precedent that employs a fact-specific inquiry into whether a noncompete clause is unreasonable in duration and scope, given the business justification for the restriction.”
Comments are due by March 10.
CFPB says ruling on funding structure doesn’t affect debt collector’s CID
In December, the CFPB denied a petition by a debt collection agency to set aside a civil investigative demand (CID) issued last October. The company challenged the Bureau’s authority to issue the CID on the grounds that the agency’s funding mechanism is unconstitutional. The company’s argument relied on a decision issued by the U.S. Court of Appeals for the Fifth Circuit on October 19 (covered by a Buckley Special Alert), which found that the Bureau is unconstitutionally funded and vacated the CFPB’s Payday Lending Rule. The Bureau submitted a petition for a writ of certiorari in November asking the U.S. Supreme Court to review the 5th Circuit decision (covered by InfoBytes here).
The debt collection agency and the CFPB held a “meet and confer” at the end of October, and the company argued that during the meet and confer the parties did not agree on two of the company’s objections: (i) the inadequate Notification of Purpose Pursuant to 12 C.F.R. §1080.5 contained in the CID; and (ii) the Bureau’s unconstitutional funding mechanism. The company filed a petition to set aside the CID, arguing that because the Bureau’s funding mechanism is unconstitutional, the Bureau lacks enforcement authority and the CID should be set aside in its entirety. The company claimed a similar nexus exists between the Bureau’s unconstitutional funding mechanism and the concrete harm suffered by the company. Just as the Payday Lending Rule was vacated by the 5th Circuit and set aside as unenforceable, “but for the Bureau’s unconstitutional spending, the CID would not have been issued,” the company said.
In rejecting the company’s arguments, the Bureau commented that it “has consistently taken the position that the administrative process … for petitioning to modify or set aside a CID is not the proper forum for raising and adjudicating challenges to the constitutionality of the Bureau’s statute.” In declining to set aside the CID on constitutional grounds, the Bureau wrote that should it later determine that it is necessary to obtain a court order compelling compliance with the CID, the company will have an opportunity to raise any constitutional arguments as a defense in district court.
FTC finalizes data breach order with online alcohol marketplace
On January 10, the FTC announced it has finalized an order with a company that operates an online alcohol marketplace, along with its CEO, related to a data breach that allegedly exposed the personal information of roughly 2.5 million consumers. As previously covered by InfoBytes, the FTC alleged the respondents were alerted to problems with the company’s data security procedures following an earlier security incident in 2018, which involved hackers accessing company servers to mine cryptocurrency until the company changed its cloud computing account login information. The FTC asserted, however, that the company failed to take appropriate measures to address its security problems even though it publicly claimed it had appropriate security protections in place. Among other things, the respondents allegedly violated the FTC Act by (i) failing to implement basic security measures or put in place reasonable safeguards to secure the personal information it collected and stored; (ii) storing critical database information, including login credentials, on an unsecured platform; (iii) failing to monitor its network for security threats or unauthorized attempts to access or remove personal data; and (iv) exposing customers to hackers, identity thieves, and malicious actors who use personal information to open fraudulent lines of credit or commit other fraud. The respondents neither admit nor deny the allegations.
The terms of the final decision and order prohibit the company from making any misrepresentations in connection with any offered product or service related to how it collects, uses, discloses, maintains, deletes, or permits or denies access to personal information. Additionally, the company is required to destroy any collected personal data that is not necessary for providing products or services to consumers, and must refrain from collecting or maintaining personal information unless it is necessary for specific purposes provided in a data retention schedule. The company must also implement and maintain a comprehensive information security program, establish security safeguards to protect against specified security incidents, obtain initial and biennial third-party information security assessments, and publicly detail on its website information on its data collection practices. The order also requires the CEO to implement an information security program at any relevant business for which he is a majority owner, CEO, or senior officer with information security responsibilities.
DOJ says court will oversee social media company’s housing ads into 2026
On January 9, the DOJ informed a New York federal judge that it had reached a follow-up agreement with a global social media company to ensure its compliance with a June 2022 settlement that required the company to stop using a tool that allowed advertisers to exclude certain users from seeing housing ads based on their sex and estimated race/ethnicity. Explaining that the tool violated the Fair Housing Act, the letter said the company agreed to allow the tool to expire and agreed to build a system to reduce variances in its housing ad delivery system related to sex and estimated race/ethnicity. A follow-up agreement reached between the parties on compliance targets established that the company will be subject to court oversight and regular compliance review through June 27, 2026. The company released a statement following the settlement announcing it is making changes “in part to address feedback we’ve heard from civil rights groups, policymakers and regulators about how our ad system delivers certain categories of personalized ads, especially when it comes to fairness.” The company further noted that “while HUD raised concerns about personalized housing ads specifically, we also plan to use this method for ads related to employment and credit. Discrimination in housing, employment and credit is a deep-rooted problem with a long history in the US, and we are committed to broadening opportunities for marginalized communities in these spaces and others.”
FDIC announces Florida disaster relief
On January 9, the FDIC issued FIL-02-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Florida affected by Hurricane Nicole from November 7 to November 30. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and encouraged institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
DOJ, HUD say Fair Housing Act extends to algorithm-based tenant screening
On January 9, the DOJ and HUD announced they filed a joint statement of interest in a pending action alleging discrimination under the Fair Housing Act (FHA) against Black and Hispanic rental applicants based on the use of an algorithm-based tenant screening system. The lawsuit, filed in the U.S. District Court for the District of Massachusetts, alleged that Black and Hispanic rental applications who use housing vouchers to pay part of their rent were denied rental housing due to their “SafeRent Score,” which is derived from the defendants’ algorithm-based screening software. The plaintiffs claimed that the algorithm relies on factors that disproportionately disadvantage Black and Hispanic applicants, such as credit history and non-tenancy related debts, and fails to consider that the use of HUD-funded housing vouchers makes such tenants more likely to pay their rents. Through the statement of interest, the agencies seek to clarify two questions of law they claim the defendants erroneously represented in their motions to dismiss: (i) the appropriate standard for pleading disparate impact claims under the FHA; and (ii) the type of companies that fall under the FHA’s application.
The agencies first challenged that the defendants did not apply the proper pleading standard for a claim of disparate impact under the FHA. Explaining that in order to establish an FHA disparate impact claim, “plaintiffs must show ‘the occurrence of certain outwardly neutral practices’ and ‘a significantly adverse or disproportionate impact on persons of a particular type produced by the defendant’s facially neutral acts or practices,’” The agencies disagreed with the defendants’ assertion that the plaintiffs “must also allege specific facts establishing that the policy is ‘artificial, arbitrary, and unnecessary.” This contention, the agencies said, “conflates the burden-shifting framework for proving disparate impact claims with the pleading burden.” The agencies also rejected arguments that the plaintiffs must challenge the entire “formula” of the scoring system and not just one element in order to allege a statistical disparity, in addition to providing “statistical findings specific to the disparate impact of the scoring system.” According to the agencies, the plaintiffs adequately identified an “essential nexus” between the algorithm’s scoring system and the disproportionate effect on certain rental applicants based on race.
The agencies also explained that residential screening companies, including the defendants, fall under the FHA’s purview. While the defendants argued that the FHA does not apply to companies “that are not landlords and do not make housing decisions, but only offer services to assist those that do make housing decisions,” the agencies contended that this misconstrues the clear statutory language of the FHA and presented case law affirming that FHA liability reaches “a broad array of entities providing housing-related services.”
“Housing providers and tenant screening companies that use algorithms and data to screen tenants are not absolved from liability when their practices disproportionately deny people of color access to fair housing opportunities,” Assistant Attorney General Kristen Clarke of the DOJ’s Civil Rights Division stressed. “This filing demonstrates the Justice Department’s commitment to ensuring that the Fair Housing Act is appropriately applied in cases involving algorithms and tenant screening software.”
FCC chair asks Congress to act on robocalls
In December, FCC Chair Jessica Rosenworcel sent a letter to twelve senators in response to their June 2022 letter inquiring about combating robocalls. In the letter, Rosenworcel highlighted the FCC’s efforts to combat robocalls by discussing the agency’s “important” proposed rules, adopted in May, to ensure gateway providers that channel international call traffic comply with STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out robocalls (covered by InfoBytes here). She also highlighted the FCC’s enforcement efforts, such as a December action where the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations—“largest robocall operation the FCC has ever investigated” (covered by InfoBytes here).
Rosenworcel requested additional authority from Congress to combat robocalls and robotexts more effectively. Specifically, Rosenworcel asked the senators to “fix the definition of autodialer” – since robotexts are neither prerecorded nor artificial voice calls, the TCPA only provides consumers protection from robotexts if they are sent from autodialers. She further noted that the Supreme Court's decision in Facebook v. Duguid (covered by a Buckley Special Alert) narrowed the definition of autodialer under the TCPA, resulting in the law only covering equipment that generates numbers randomly and sequentially. She wrote that as a result, “equipment that simply uses lists to generate robotexts means that fewer robotexts may be subject to TCPA protections, and as a result, this decision may be responsible for the rise in robotexts.” Among other things, she also requested that Congress update the TCPA to permit for administrative subpoenas for all types of non-content customer records, and for Congress to grant the FCC the authority and resources to increase court enforcement of fines.
CFPB says exam manual and general supervisory findings are nonbinding
On January 9, the CFPB released a blog post, What new supervised institutions need to know about working with the CFPB, discussing what institutions can expect from a supervisory relationship with the Bureau. Among other things, the Bureau noted that it relies on a “prioritization” process that includes analyzing risk to consumers to determine which consumer financial markets and which entities to include in its supervisory work. Specifically, the Bureau noted that when conducting an examination, CFPB examiners generally, among other things: (i) collect and review available information from within the CFPB, other agencies, and public sources, consistent with statutory requirements; (ii) review documents and information obtained through information requests sent to supervised entities; and (iii) conduct portions of exams to observe, conduct interviews, review additional documents and information, transaction test, and assess compliance management.
The Bureau emphasized that examiners use the Supervision and Examination Manual as a resource when conducting exams and other supervisory activities. While supervised institutions are bound by statutes and regulations, and not by the manual, the CFPB makes its manual publicly available. The Bureau highlighted the disclaimer attached to the manual, which notes that it “should not be relied on as a legal reference.” The Bureau also stressed that legal discussions in the exam manual are not binding on examiners or other CFPB staff, and noted that at the end of an exam or other supervisory activities, examiners provide the supervised institution with their findings, which may include “matters requiring attention” (MRA). Examiners use MRAs to communicate specific goals to address violations of law, risk of such violations, or compliance management deficiencies.
Agencies highlight downpayment assistance, child privacy in regulatory agendas
Recently, the Office of Information and Regulatory Affairs released fall 2022 regulatory agendas for the FTC and HUD. With respect to an FTC review of the Children’s Online Privacy Protection Rule (COPPA) that was commenced in 2019 (covered by InfoBytes here), the Commission stated in its regulatory agenda that it is still reviewing comments. COPPA “prohibits unfair or deceptive acts or practices in connection with the collection, use and/or disclosure of personal information from and about children under the age of 13 on the internet,” and, among other things, “requires operators of commercial websites and online services, with certain exceptions, to obtain verifiable parental consent before collecting, using, or disclosing personal information from or about children.”
HUD stated in its regulatory agenda that it anticipates issuing a notice of proposed rulemaking in March that would address mortgage downpayment assistance programs. The Housing and Economic Recovery Act of 2018 amended the National Housing Act to add a clause that prohibits any portion of a borrower’s required minimum cash investment from being provided by: “(i) the seller or any other person or entity that financially benefits from the transaction, or (ii) any third party or entity that is reimbursed, directly or indirectly, by any of the parties described in clause (i).” According to the agenda, FHA continues to receive questions about prohibitions on persons or entities that may financially benefit from a mortgage transaction, including “whether down payment assistance programs operated by government entities are being operated in a fashion that would render such assistance prohibited.” A future NPRM would clarify the circumstances in which government entities are deriving a prohibited financial benefit.