InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed’s OIG report on CFPB says training improvements needed to meet enforcement goals
Recently, the Office of Inspector General of the Federal Reserve Board released a report assessing the CFPB’s process for conducting enforcement investigations. The report makes two key recommendations. First, noting that the CFPB has not met its stated goal to file or settle 65 percent of its enforcement actions within two years, the OIG recommended that the CFPB Office of Enforcement incorporates the timing expectations for key steps in the enforcement process into the tracking and monitoring of matters. In addition, the Office of the Inspector General also recommended improvements to enforcement staff training on document maintenance and retention requirements for the CFPB’s matter management system. The report states that the recommendations were accepted by the CFPB, with a follow-up to ensure full implementation.
FTC bans data aggregator company from selling consumer data
On January 18, the FTC issued a complaint against a digital platform and data aggregator (the company) and ordered the company to no longer sell or license precise location data, among other requirements. As previously covered by InfoBytes, the FTC’s order followed a recent FTC decision against a data broker in which the FTC alleged the data broker’s contracts were “insufficient to protect consumers from the substantial injury” caused by location data collection as consumers visited sensitive locations, such as churches, healthcare facilities, and schools.
In this case, the company obtained large amounts of personal data on consumers’ demographic data, movements, and purchasing history and retained that information for five years. The company had applications and third-party apps that have been downloaded over 390 million times, leading to about 100 million unique devices sending location data each year to the company. Like the previous FTC order, this FTC order alleged the company collected sensitive information on where consumers live, work, and worship; where their children went to school; where they received medical treatment; and if they attended rallies or demonstrations. The FTC alleged that the company cross-references consumers’ data location histories with points of interest to advertisers, including offering a push notification about a product when a consumer is located near a store that sells that product.
The FTC alleged the company failed to notify users that consumers’ location data is used for targeted advertising. Additionally, the FTC alleged the company retains consumer data “longer than reasonably necessary” which the FTC argues could lead to future consumer injury. According to the FTC, these allegations constitute deceptive or unfair practices as prohibited by Section 5(a) of the FTC Act. Under the order, the company must not materially misrepresent how the company collects or uses consumers’ location data, the company must not sell or license location data, and the company must implement a sensitive location data program as proscribed by the order. The company must also delete all historical location data for all consumers which does not affirmatively consent to the continued retention of such data. The company neither admits nor denies any of these allegations.
Student loan servicer fined $1.8 million by Massachusetts Attorney General
On January 11, the Massachusetts Attorney General (AG) announced a $1.8 million settlement with a student loan servicer, to resolve allegations that the company did not properly communicate Income-Driven Repayment (IDR) plan renewals to borrowers. According to the settlement, IDR plans are a “helpful tool for managing unaffordable federal student loan debt and avoiding the consequences of default… [and respondent] is required to follow specific procedures intended to ensure that borrowers are able to successfully navigate the enrollment and annual recertification processes required for IDR.” The AG alleged that the respondent violated state law by sending written notices that did not meet regulatory requirements and failed to send required notices.
Under the terms of the settlement, respondent will (i) pay $1.8 million; (ii) include certain disclosures in renewal notice correspondence to borrowers; (iii) comply with requirements for FFELP loans owned by the DOE and enrolled in certain repayment plans; (iv) clearly disclosure to certain borrowers that failure to timely provide certain information about income or family size will result in increased monthly payments; and (v) retain copies of each written communication that it sends to borrowers regarding their IDR plans. The student loan servicer enters into this agreement for settlement purposes only (without admission).
NYDFS orders digital currency trading company to pay $8 million
On January 12, NYDFS announced that it had entered into a consent order with a digital currency trading company after an investigation that found the company responsible for compliance failures that violated NYDFS’s virtual currency and cybersecurity regulations, leaving the company vulnerable to illicit activity and cybersecurity threats.
NYDFS found that the company failed to meet its compliance obligations due to (i) deficiencies in the company’s AML program; (ii) failure to file compliant suspicious activity reports; (iii) failure to conduct required OFAC screening; and (iv) failure to maintain an adequate cybersecurity program. In connection with the settlement, the company will surrender its BitLicense, the license required to be held by any company conducting virtual currency business in New York state and pay an $8 million penalty.
OCC releases January enforcement actions
On January 17, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a notice of charges seeking cease and desist orders against three subsidiary banks of the same bank holding company (see here, here, and here), which alleged that each bank engaged in unsafe or unsound practices relating to an investment strategy concentrated in long-term securities. The unsafe practices, the OCC explained, exposed each bank to excessive interest rate risk without adequate sources of contingency funding and contingency capital. The OCC further alleged that each bank failed to mitigate such risk in a timely manner.
DFPI fines online platform for omitting convenience fee disclosures
On January 9, DFPI issued a consent order against an online platform (respondent) that enables merchants to provide installment contracts to customers. The consent order resolved alleged violations of the California Consumer Financial Protection Law (CCFPL) arising from the convenience fees assessed by a third-party service provider when consumers opt to pay their installments online or by phone. According to the consent order, since 2021 respondent guaranteed that consumers entering into contracts on its platform had a fee-free payment method. However, for a time respondent failed to disclose potential optional convenience fees in the initial contract. Although the third-party servicer disclosed the convenience fees to consumers, DFPI took issue with the respondent’s failure to disclose these fees before transferring consumers to the third-party servicer to enter into the contracts. In other words, consumers only became aware of both the existence and amounts of these fees after entering into contractual obligations. DFPI accused respondent of deceiving consumers by failing to disclose this information first.
Under the terms of the consent order, respondent must pay a $50,000 penalty and must disclose information about the potential convenience fees that may be assessed by a servicer.
Title lender reaches settlement with Pennsylvania AG
On January 10, Pennsylvania AG Michelle Henry announced a settlement with a national auto title lending company, resolving alleged violations of the Pennsylvania Unfair Trade Practices and Consumer Protection Law and the Loan Interest and Protection Law (LIPL). According to the settlement, since 2016, the lender made thousands of vehicle title loans to Pennsylvania residents, with interest rates exceeding 100 percent without the necessary license required by the Consumer Discount Company Act.
The AG also noted that some of the loans resulted from leads that they bought from third parties who purported to have physical offices in Pennsylvania, when in fact, neither the lender nor its lead generators were in Pennsylvania. The AG also said that most Pennsylvania-based borrowers drove to one of the lender’s Delaware locations. Nonetheless, the AG said, “Pennsylvania usury laws apply because [the lender] collected money from Pennsylvania consumers and repossessed vehicles in Pennsylvania.” In the settlement, the lender denies all allegations of unlawful conduct, including the assertion that it knowingly acquired leads from third parties leading to loans for Pennsylvania residents. The lender explained its position that until the U.S. Court of Appeals for the Third Circuit rendered its opinion in another matter in January 2022, it held a “good faith and reasonable belief” based on then-existing law, particularly the Commerce Clause of the U.S. Constitution, that its operations were lawful.
Among other things, the settlement (i) requires the lender to pay $2.2 million in consumer restitution; (ii) requires the lender to cancel approximately $3.7 million in existing loans; (iii) enjoins and prohibits the lender from violating the LIPL; and (iv) requires the lender to return any repossessed vehicles at no charge and refund consumers of all repossession fees previously charged.
FTC acts against fintech app for misrepresentations made about cash advances
On January 2, the FTC issued a complaint and stipulated order against a personal finance mobile application that offers its users short-term cash advances through “floats.” According to the complaint, the defendant misrepresented its claims to induce users into enrolling in a subscription plan. Specifically, the defendant advertised that its users could instantly receive a cash advance larger than available, claimed cash advance limits would increase over time, and promised to make cash available “instantly” for no extra fee.
According to the complaint, employees have admitted that the defendant company “lie[s]” to users. Users allegedly received misleading advertisements that stated how cash advances or “floats” constitute “free money” when there is actually a $1.99 subscription fee listed in tiny font. Additionally, the defendant advertised that users would receive “money in minutes” for “free” with “no hidden fees” despite having to pay a hidden $4 fee to receive their money instantly. The FTC alleges from user responses that many of them would have not enrolled in this program had they known they would be advanced less than promised. Further, the FTC alleges the defendant discriminates against consumers by categorically refusing to provide cash advances to consumers who receive public assistance benefits or derive income from gig work––even after they pay subscription fees.
Under this order, the FTC found the defendant violated the FTC Act, the Restore Online Shoppers’ Confidence Act (ROSCA), as well as ECOA and its implementing rule, Regulation B. The stipulated order, which names the company’s cofounders in addition to the company itself, prohibits the company from further misrepresentations, requires implementation of a fair lending program, requires a simple cancellation mechanism, and provides for a monetary judgment of $3 million.
FTC, Connecticut file complaint against auto dealer for deceptive and unfair practices
On January 4, the FTC and the State of Connecticut issued a joint complaint against an auto dealer and its owner for alleged violations of the FTC Act and the Connecticut Unfair Trade Practices Act. According to the complaint, the dealership allegedly imposed additional fees, including certification fees, add-on charges, and government charges, without consumers’ explicit consent. The FTC alleged that the dealership made misrepresentations regarding advertised prices, charging consumers additional fees when they would attempt to purchase vehicle, and charged customers for certification fees for vehicles that had been advertised as “certified.” The complaint also alleged that the dealership would charge consumers for add-ons, such as GAP insurance, service contracts, maintenance contracts, and total loss protection with or without express consent, and at times after the consumer specifically declined the add-on. The complaint further alleged that the dealership often stated in advertisements that a vehicle was certified but did not report the sale of that vehicle or pay the certification fee to the manufacturer, so consumers did not receive the actual benefits. The complaint seeks consumer redress, disgorgement of ill-gotten money, civil penalties, and a permanent injunction.
FDIC releases November enforcement actions
On December 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in November. The FDIC made 12 orders public including, “five consent orders, three prohibition orders, two orders terminating consent orders, one order to pay a civil money penalty (CMP), and one order dismissing both a notice of assessment of CMPs and an order to pay.” Included is a stipulated order and written agreement with a Tennessee-based bank (the Bank) to resolve alleged violations of the Bank Secrecy Act (BSA) and weaknesses in board and management oversight of its information technology function. The Bank agreed to the conditions of the consent order which requires the Bank to, among other things (i) establish an action plan to correct the bank’s Anti-Money Laundering/Countering the Financing for Terrorism (AML/CFT) program deficiencies and alleged violations; (ii) retain qualified IT management; (iii) perform a cybersecurity assessment; and (iv) designate someone responsible for coordinating and monitoring day-to-day compliance with the BSA.