InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB alleges UDAAP violations by “lease-to-own” financer
On July 19, the CFPB announced it is suing a lease-to-own finance company that provides services that allows consumers, typically with limited access to traditional forms of credit for their financing, to finance merchandise or services over a 12-month period. According to the complaint, the Bureau claims that once a consumer falls behind on payments, the company’s purchase agreement essentially “lock[s] [consumers] into the 12-month schedule—even if they want to return or surrender their financed merchandise.” The alleged violations include:
- Misleading consumers. The company is accused of designing and implementing its financing program in a way that misleads consumers by using print advertisements featuring the phrase “100 Day Cash Payoff” without including details of the purchase agreement financing. The company is accused of misrepresenting that consumers could not terminate their agreement, that consumers could not return their merchandise, and that the “best” or “only” option for consumers who no longer want to finance their merchandise is to enter a “buy-back” agreement. The Bureau alleges that such conduct, among other things, violated the CFPA's prohibition on deceptive and abusive acts and practices.
- Unlawful conditioning of credit extension. The company is accused of violating the EFTA and its implementing Regulation E by allegedly improperly requiring consumers to repay credit through preauthorized automated clearing house debits.
- Failing to establish reasonable policies concerning consumer information. The Bureau alleges that the company violated the FCRA and its implementing Regulation V by not having adequate written policies and procedures to ensure the accuracy and integrity of consumer information that it furnished, considering the company’s “size, complexity, and scope.”
The Bureau seeks, among other things, injunctions to prevent future violations, rescission or reformation of the company's financing agreements, redress to consumers, and civil money penalties.
FTC fines company $7.8 million over health data and third-party advertisers
On July 14, the FTC finalized an order against an online counseling service, requiring it to pay $7.8 million and prohibiting the sharing of consumers’ health data for advertising purposes. The FTC alleged that the respondent shared consumers’ sensitive health data with third parties despite promising to keep such information private (covered by InfoBytes here). The FTC said it will use the settlement funds to provide partial refunds to affected consumers. The order not only bans the respondent from disclosing health data for advertising and marketing purposes but also prohibits the sharing of consumers’ personal information for re-targeting. The order also stipulates that the respondent must now obtain consumers’ affirmative express consent before disclosing personal information, implement a comprehensive privacy program with certain data protection measures, instruct third parties to delete shared data, and adhere to a data retention schedule.
Agencies charge crypto platform and former executives
On July 13, the FTC announced a proposed settlement to resolve allegations that a crypto platform engaged in unfair and deceptive acts or practices in violation of the FTC Act. The FTC also alleges that the defendants violated the Gramm-Leach-Bliley Act by acquiring customer information from a financial institution regarding someone else by providing false or misleading statements. The New Jersey-based crypto company offers various cryptocurrency products and services to customers, such as interest-bearing accounts, personal loans backed by cryptocurrency deposits, and a cryptocurrency exchange. On the heels of its bankruptcy filing in July 2022, the FTC lodged a complaint in federal court alleging that three former executives falsely promised that deposits would be “safer” than bank deposits and always available for withdrawal, and that the platform posed “no risk” or “minimal risk.”
The proposed stipulated order imposes a $4.72 million judgment against the corporate defendants, which is suspended based on their financial condition. The order also bans the corporate defendants from, among other things, “advertising, marketing, promoting, offering, or distributing, or assisting in the advertising, marketing, promoting, offering, or distributing of any product or service that can be used to deposit, exchange, invest, or withdraw assets, whether directly or through an intermediary.”
Other agencies also took action against the company and its former CEO on the same day, including the SEC, which alleges the company sold unregistered crypto asset securities in one of its program offerings. The SEC’s complaint further alleges the company made false and misleading statements and engaged in market manipulation. Additionally, the DOJ unsealed an indictment charging the former CEO and the company’s former chief revenue officer with conspiracy, securities fraud, market manipulation, and wire fraud for illicitly manipulating the price of the company’s token. Additionally, the CFTC filed a civil complaint charging the company and former CEO with fraud and material misrepresentations in connection with the operation of the company’s digital asset-based finance platform. The CFTC alleges the company operated as an unregistered commodity pool operator (CPO), and its former CEO operated as an unregistered associated person of a CPO. The complaint also accuses the former CEO of violating the Commodity Exchange Act and CFTC regulations, among other things. According to the press release, the company agreed to resolve the complaint, while the former CEO is continuing litigation.
CFPB, states sue company over deceptive student lending and collection
On July 13, the CFPB joined state attorneys general from Washington, Oregon, Delaware, Minnesota, Illinois, Wisconsin, Massachusetts, North Carolina, South Carolina, and Virginia in taking action against an education firm accused of engaging in deceptive marketing and unfair debt collection practices. California’s Department of Financial Protection and Innovation is participating in the action as well. Prior to filing for bankruptcy, the Delaware-based defendant operated a private, for-profit vocational training program for software sales representatives. The joint complaint, filed as an adversary proceeding in the firm’s bankruptcy case, alleges that the defendant charged consumers up to $30,000 for its programs. The complaint further alleges that the defendant encouraged consumers who could not pay upfront to enter into income share agreements, which required minimum payments equal to between 12.5 and 16 percent of their gross income for 4 to 8 years or until they had paid a total of $30,000, whichever came first.
The complaint asserts that the defendant engaged in deceptive practices by misrepresenting its income share agreement as not a loan and not debt, and mislead borrowers into believing that no payments would need to be made until they received a job offer from a technology company with a minimum annual income of $60,000. The defendant is also accused of failing to disclose important financing terms, such as the amount financed, finance charges, and annual percentage rates, as required by TILA and Regulation Z. The complaint also claims that the defendant hired two debt collection companies to pursue collection activities on defaulted income share loans. One of the defendant debt collectors is accused of engaging in unfair practices by filing debt collection lawsuits in remote jurisdictions where consumers neither resided nor were physically present when the financing agreements were executed. The complaint further alleges the two defendant debt collectors violated the FDCPA and the CFPA by deceptively inducing consumers into settlement agreements and falsely claiming they owed more than they did.
According to the Bureau and the states, after the Delaware Department of Justice and Delaware courts began scrutinizing the debt collection lawsuits, the defendant unilaterally changed the terms of its contracts with consumers to force them into arbitration even though none of them had agreed to arbitrate their claims. Additionally, the complaint contends that settlement agreements marketed as being “beneficial” to consumers actually released consumers’ claims against the defendant and converted income share loans into revised “settlement agreements” that obligated them to make recurring monthly payments for several years and contained burdensome dispute resolution and collection terms.
The complaint seeks permanent injunctive relief, monetary relief, consumer redress, and civil money penalties. The CFPB and states are also seeking to void the income share loans.
FTC bans operators of auto-warranty scam
On July 6, the FTC announced that it reached an agreement on a stipulated order to resolve a lawsuit against the operators of a telemarketing scam that pitched “extended automobile warranties” to hundreds of thousands of consumers nationwide. The stipulated order, which has been approved by the U.S. District Court for the Southern District of Florida, imposes a lifetime ban against a consulting group and its owner from any outbound telemarketing business and any involvement with extended automobile warranty sales. In February 2022, the FTC sued several companies—including the consulting group and its owner—in connection with their alleged involvement in the telemarketing scam, alleging that they had defrauded consumers out of millions of dollars. The complaint alleged that the companies made numerous unsolicited calls, falsely claiming to be affiliated with vehicle manufacturers and inaccurately promoting their products as offering comprehensive “bumper-to-bumper” protection.
In addition to the lifetime ban, the stipulated order includes a monetary judgment of $6.5 million, which is partially suspended based on the defendants’ alleged inability to pay. The FTC reached a separate settlement with three of the other original defendant companies and their owners in March 2023.
FTC proposal would ban deceptive reviews
On June 30, the FTC introduced a proposed rule to combat deceptive review practices and ensure consumer protection in light of the impact and progression of technology and artificial intelligence. The rule seeks to prohibit the creation and sale of fake consumer reviews, prevent review hijacking, and restrict the manipulation of reviews through incentives. Under the proposed rule, businesses would be prohibited from creating or selling reviews by individuals who do not exist or lack real experience with the product or service. Additionally, the proposed rule prohibits businesses from providing compensation or incentives in exchange for consumer reviews expressing specific sentiments, whether positive or negative. To enhance transparency and integrity, the proposed rule also includes provisions related to insider reviews and testimonials. It also emphasizes the importance of transparency by requiring disclosure of relationships in insider reviews and testimonials. Under these provisions, officers and managers of companies would be required to disclose their relationships when writing reviews or testimonials about their products or services. Businesses would also be obligated to disclose relationships in testimonials written by insiders. Moreover, the FTC's proposed rule targets businesses that create or control websites claiming to provide impartial opinions about a particular category of products or services, including their offerings. Further, it prohibits businesses from using unjustified legal threats, intimidation, or false accusations to prevent or remove negative consumer reviews. This provision aims to preserve the independence and authenticity of consumer reviews, preventing businesses from manipulating public perception through controlled review websites. Considering the widespread influence of social media, the rule would prohibit businesses from selling or buying fake followers or views.
The FTC is currently seeking public comments on the proposed rule.
Default judgment entered against provider of immigration bonds
The U.S. District Court for the Western District of Virginia recently entered default judgment against defendants accused of misrepresenting the cost of immigration bond services and deceiving migrants to keep them paying monthly fees by making false threats of deportation for failure to pay. As previously covered by InfoBytes, the defendants—a group of companies providing immigration bond products or services for non-English speaking U.S. Immigration and Customs Enforcement detainees—were sued by the CFPB and state attorneys general from Massachusetts, New York, and Virginia in 2021 for allegedly engaging in deceptive and abusive acts and practices in violation of the Consumer Financial Protection Act (CFPA). The defendants argued that the court lacked subject matter jurisdiction because the Bureau did not have authority to enforce the CFPA since the defendants are regulated by state insurance regulators and are merchants, retailors, or sellers of nonfinancial goods or services. However, the court disagreed, explaining that “limitations on the CFPB’s regulatory authority do not equate to limitations on this court’s jurisdiction.” (Covered by InfoBytes here.)
As explained in the court’s opinion, last year the plaintiffs filed a motion for sanctions and for an order to show cause why the court should not hold the defendants in contempt for actions relating to several ongoing discovery disputes. The court determined that the defendants failed to demonstrate that “factors other than obduracy and willfulness” led to their failure to comply with multiple discovery orders and that the defendants engaged in a “pattern of knowing noncompliance with numerous orders of the court.” These delays, the court said, have significantly harmed the plaintiffs in their ability to prepare their case. Finding each defendant in civil contempt of court, the court also entered a default judgment against the defendants, citing them for discovery violations in other cases. The court set June deadlines for briefs on remedies and damages.
FTC proposes changes to Health Breach Notification Rule
On May 18, the FTC issued a notice of proposed rulemaking (NPRM) and request for public comment on changes to its Health Breach Notification Rule (Rule), following a notice issued last September (covered by InfoBytes here) warning health apps and connected devices collecting or using consumers’ health information that they must comply with the Rule and notify consumers and others if a consumer’s health data is breached. The Rule also ensures that entities not covered by HIPAA are held accountable in the event of a security breach. The NPRM proposed several changes to the Rule, including modifying the definition of “[personal health records (PHR)] identifiable health information,” clarifying that a “breach of security” would include the unauthorized acquisition of identifiable health information, and specifying that “only entities that access or send unsecured PHR identifiable health information to a personal health record—rather than entities that access or send any information to a personal health record—qualify as PHR related entities.” The modifications would also authorize the expanded use of email and other electronic methods for providing notice of a breach to consumers and would expand the required content for notices “to include information about the potential harm stemming from the breach and the names of any third parties who might have acquired any unsecured personally identifiable health information.” Comments on the NPRM are due 60 days after publication in the Federal Register.
The same day, the FTC also issued a policy statement warning businesses against making misleading claims about the accuracy or efficacy of biometric technologies like facial recognition. The FTC emphasized that the increased use of consumers’ biometric information and biometric information technologies (including those powered by machine learning) raises significant consumer privacy and data security concerns and increases the potential for bias and discrimination. The FTC stressed that it intends to combat unfair or deceptive acts and practices related to these issues and outlined several factors used to determine potential violations of the FTC Act.
FTC obtains TROs to halt student loan debt relief schemes
On May 8, the FTC announced that the U.S. District Court for the Central District of California recently issued temporary restraining orders (TROs) against two student loan debt relief companies that allegedly tricked consumers into paying for nonexistent repayment and loan forgiveness programs. According to the complaints (see here and here), the defendants allegedly made deceptive claims in order to lure low-income consumers into paying hundreds to thousands of dollars in illegal upfront fees as part of a purported plan to pay down their student loans. The defendants allegedly made consumers believe that they were enrolled in a legitimate loan repayment program, that their loans would be forgiven in whole or in part, and that most or all of their payments would be applied to their loan balances. The FTC alleges that, in reality, the defendants pocketed the borrowers’ payments. The FTC also charged the defendants with falsely claiming to be or be affiliated with the Department of Education and stating that they were purchasing borrowers’ debt from federal student loan servicers in order to secure debt relief on their behalf. When consumers realized the debt relief program did not exist, the defendants allegedly often refused to provide refunds.
According to the FTC, these deceptive misrepresentations violated Section 5 of the FTC Act and the Telemarketing Sales Rule (TSR). The FTC also alleges that the companies violated the Gramm-Leach-Bliley Act (GLBA), by using deceptive tactics to obtain consumers’ financial information, and the TSR, by calling numbers listed on the National Do Not Call Registry and by failing to pay required Do Not Call Registry fees for access. In issuing the TROs (see here and here), which temporarily halt the two schemes and freeze the defendants’ assets, the court noted that, upon “[w]eighing the equities and considering the FTC’s likelihood of ultimate success on the merits,” there is good cause to believe that immediate and irreparable harm will occur as a result of the defendants’ ongoing violations of the FTC Act, the TSR, and the GLBA, unless the defendants are restrained and enjoined.
OCC, FDIC say some overdraft fees may be unfair or deceptive
On April 26, the OCC and FDIC issued supervisory guidance addressing consumer compliance risks associated with bank overdraft practices. (See OCC Bulletin 2023-12 and FDIC FIL-19-2023.) The guidance highlighted certain practices that may result in increased risk exposure, including assessing overdraft fees on “authorize positive, settle negative” (APSN) transactions and assessing representment fees each time a third party resubmits the same item for payment after being returned by a bank for non-sufficient funds. The agencies provided guidance for banks that may help control risks associated with overdraft protection programs and achieve compliance with Dodd-Frank’s UDAAP prohibitions and section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices.
The FDIC’s supervisory guidance expanded on the 2019 Consumer Compliance Supervisory Highlights (covered by InfoBytes here), and warned that APSN overdraft fees present risks of unfairness under both statutes as consumers “cannot reasonably avoid” receiving these fees because they lack “the ability to effectively control payment systems and overdraft processing systems practices.” The FDIC cited the “complicated nature of overdraft processing systems” as another impediment to a consumer’s ability to avoid injury. The FDIC also emphasized that risks of unfairness exist both in “available balance” or “ledger balance” methods of assessing overdraft fees, but cautioned that risks may be “more pronounced” when a bank uses an available balance method. Furthermore, the FDIC warned that disclosures describing how transactions are processed may not mitigate UDAAP and UDAP risk. Banks are encouraged to “ensure customers are not charged overdraft fees for transactions consumers may not anticipate or avoid,” and should take measures to ensure overdraft programs provided by third parties comply with all applicable laws and regulations, as such arrangements may present additional risks if not properly managed, the FDIC explained.
The OCC’s guidance also warned that disclosures may be deceptive under section 5 if they fail to clearly explain that multiple or additional fees may result from multiple presentments of the same transaction. Recognizing that some banks have already implemented changes to their overdraft protection programs, the OCC also acknowledged that “[w]hen supported by appropriate risk management practices, overdraft protection programs may assist some consumers in meeting short-term liquidity and cash-flow needs.” The OCC encouraged banks to explore other options, such as offering low-cost accounts and low-cost alternatives for covering overdrafts, such as overdraft lines of credit and linked accounts.