Last Week, This Morning

July 29, 2024

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

Federal Reserve Board Imposes Costly Penalties for UDAP Violations in Connection with Prepaid Debit Card Products

On July 19, the Federal Reserve Board issued an order against Green Dot Corporation, a bank holding company, Green Dot Bank, which is owned and controlled by the holding company, and various nonbank subsidiaries (collectively, "Green Dot") to resolve allegations that Green Dot, among other charges, committed unfair or deceptive acts or practices in violation of Section 5 of the Federal Trade Commission Act in connection with the marketing, selling, and servicing of general purpose reloadable ("GPR") prepaid debit card products.

Specifically, with respect to the prepaid debt card products, the FRB charged that:

  • from November 2017 through January 2021, Green Dot Bank engaged in a deceptive act or practice by misrepresenting through GPR prepaid debit card packaging, cardholder agreements, and online disclosures that such accounts would be closed after consumers spent their account balances down to zero dollars when, in fact, many accounts remained open despite having a zero-dollar account balance, and those consumers continued to incur monthly fees.
  • from June 2019 through December 2020, Green Dot Bank engaged in a deceptive act or practice by misrepresenting through GPR prepaid debit card packaging, point-of-sale advertising, and online disclosures that consumers could register their GPR prepaid debit card accounts by telephone or online when, in fact, consumers could not register the cards telephonically and only could register their accounts online. This violation allegedly resulted from the bank's discontinuation of the telephonic registration option without updating the card packaging, which prevented customers who lacked internet access from registering and using their cards.
  • from May 2020 through June 2020, Green Dot Bank engaged in unfair acts or practices through its lack of reasonable policies and procedures to permit the bank's legitimate customers to cure account blocks and obtain access to their funds in their GPR prepaid debit card accounts receiving Washington state unemployment insurance benefits.
  • from August 2020 through at least September 2020, due to a third-party payment processor's data migration error, Green Dot Bank engaged in an unfair act or practice by failing to timely release extended authorization holds in connection with certain GPR prepaid debit card transactions made by consumers until several days after the settlement of the transactions, thereby reducing available account balances and denying consumers access to their funds.

In addition to these charges, the FRB alleged that a nonbank subsidiary of the holding company that had contracted with a major tax preparer to offer tax return preparation payment services to the tax preparer's customers failed to adequately disclose the tax refund processing fee on the tax preparer's website. Finally, the FRB alleged that Green Dot did not maintain effective consumer compliance risk management and anti-money laundering programs. The FRB imposed a civil money penalty of $44 million.

Amicus brief(ly): There are three important take-aways from this expensive development with the FRB. First, UDAP authority is available to regulators under both federal and state law, so it should be a part of every compliance management system. We see UDAP claims based on alleged deception where, if the facts alleged are true, financial services providers made avoidable mistakes. Second, audit and compliance testing are crucial functions that a good CMS should incorporate, including audits of third-party vendors. Better auditing and testing may have prevented the alleged data migration issue referenced in the order. And third, the FRB does not get involved in a lot of enforcement actions and rarely for such high dollars, so the FRB really cares about the issues addressed in this order.

Broad Confidentiality Agreements with Employees May Violate CFPA's Whistleblower Protections

On July 24, the Consumer Financial Protection Bureau issued Circular 2024-04 to remind regulators and the public that companies that require their employees to sign broad confidentiality agreements that do not clearly permit communications with government enforcement agencies or cooperation with government investigations risk violating the Consumer Financial Protection Act's prohibition on discrimination against whistleblowers and undermining the government's ability to enforce the law.

Section 1057 of the CFPA provides anti-retaliation protections for covered employees - defined as "any individual performing tasks related to the offering or provision of a consumer financial product or service" - who provide information to the CFPB or any other federal, state, or local law enforcement agency regarding potential violations of laws and rules that are subject to the CFPB's jurisdiction.

The CFPB concludes in the circular that "[a]lthough confidentiality agreements can be entered into for legitimate purposes, such as to ensure the protection of confidential trade secrets, such agreements, depending on how they are worded and the context in which they are employed, could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed information related to suspected violations of federal consumer financial law to government investigators. Threats of this nature can lead to violations of Section 1057 and impede investigations into potential wrongdoing, including the CFPB's efforts to uncover violations of the consumer financial protection laws it enforces."

Amicus brief(ly): Whether or not this guidance from the CFPB was necessary, issuing the circular is consistent with the CFPB's pattern of regularly letting us know of its position. The CFPB advises here that, consistent with its mission, it will push through NDAs and other agreements designed to protect trade secrets to make sure that whistleblowers have access to the government if they have information about potentially harmful practices to share. Having seen the CFPB in action, we have no doubt that it will look to Section 1057 to protect whistleblowers, and we did not need them to say it in the circular.

FTC Obtains Preliminary Injunction Against Debt Relief Services Providers

On July 22, the Federal Trade Commission announced that a federal district court preliminarily enjoined and froze the assets of two companies operating as USA Student Debt Relief. The FTC's complaint alleged violations of the Federal Trade Commission Act, the Telemarketing Sales Rule (which implements the Telemarketing and Consumer Fraud and Abuse Prevention Act), and the Gramm-Leach-Bliley Act in connection with the defendants' student loan debt relief services.

Specifically, the FTC's complaint alleged that USA Student Debt Relief and three individual officers of the companies used deceptive online advertising and illegal telemarketing, including calls to consumers on the National Do Not Call Registry, to offer their debt relief services. The FTC alleged that many of these telemarketing calls were made to Spanish-speaking consumers in Puerto Rico who were provided contracts written in English, even though the defendants marketed their services to those consumers in Spanish. In addition, the FTC alleged that the defendants falsely represented that they were affiliated with the U.S. Department of Education or with loan servicers that contract with the department to service federal student loans. The FTC further alleged that the defendants falsely promised to enroll consumers in federal programs that offer low, fixed monthly loan payments followed by lump-sum loan forgiveness, but to take advantage of these programs, consumers purportedly had to pay illegal advance fees of several hundred dollars followed by monthly fees. Finally, the FTC alleged that the defendants marketed their debt relief services by posting fake reviews and testimonials to their website and social media profiles, as well as to third-party consumer review platforms. In 2023, the defendants settled state enforcement actions in California and Minnesota related to their unlawful debt relief operation.

Amicus brief(ly): There is low-hanging fruit in the FTC's allegations against these debt relief services providers. If the allegations are true, the FTC could have made just about all of its claims under its UDAP authority - from the bait-and-switch marketing to Spanish-speaking consumers to the false suggestion of an affiliation with the Department of Education and charging consumers (advance fees, no less) to enroll them in programs into which they could enroll themselves for no charge. The statutory bases for the claims are more compelling, but either way this injunction and the enforcement action that will follow appear to simply be addressing bad practices.

Federal Agencies Seek Comment on Bank-Fintech Arrangements

On July 25, the Federal Deposit Insurance Corporation, the Federal Reserve Board, and the Office of the Comptroller of the Currency issued a request for information on arrangements between banks and financial technology companies that provide consumers and businesses a broad range of financial products and services, including consumer credit products, commercial loans, payment products, and deposit accounts. The RFI states that "[a]lthough these arrangements may provide benefits, supervisory experience has highlighted a range of risks with these bank-fintech arrangements. The agencies support responsible innovation and support banks in pursuing bank-fintech arrangements in a manner consistent with safe and sound practices and applicable laws and regulations, including but not limited to, consumer protection requirements (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering). This request solicits input on the nature of bank-fintech arrangements, including their benefits and risks, effective risk management practices regarding bank-fintech arrangements, and the implications of such arrangements, including whether enhancements to existing supervisory guidance may be helpful in addressing risks associated with these arrangements." Comments must be received within 60 days after the date the RFI is published in the Federal Register, which is expected shortly.

Amicus brief(ly): The federal banking regulators' focus on bank-fintech partnership comes at a time when states are paying keen attention to this space as well. An increasing number of states are requiring non-bank fintech providers to have licenses and for their programs to adhere to substantive state laws that would apply if the bank in the partnership were not involved, which limits the effectiveness of the bank-fintech partnership. The regulators seek information about whether and how they might help reduce risks to the banks involved in these partnerships without dampening innovation, and they specifically seek information about the benefits of bank-fintech arrangements. This is a development to watch as it may ultimately result in more federal regulation in this space.

Pennsylvania AG Rule Amendments Address Vehicle Advertising, Disclosures, Inspections, and "AS-IS" Sales

Effective August 19, 2024, the Pennsylvania Office of Attorney General amended the commonwealth's Automotive Industry Trade Practices rules in Chapter 301 of Title 37. Specifically, the amendments expand the definition of "advertisement" in Section 301.1 to include an oral, written, or graphic statement which offers for sale a particular motor vehicle or motor vehicle goods and services or which indicates the availability of a motor vehicle or motor vehicle goods and services that is placed on a web site, in a mobile application, on a social media outlet, or on any other electronic platform. In addition, Section 301.2, which describes unfair methods of competition and unfair or deceptive acts or practices, currently requires an advertiser or seller to disclose, prior to the sale, certain conditions that it knows or should know exist in the vehicle. The amendments require the disclosure to now be in writing. Further, the amendments provide that, except in certain circumstances, it is an unfair method of competition and unfair or deceptive act or practice to advertise or offer a vehicle for sale: (1) unless a certified inspection mechanic has inspected the vehicle for certain conditions not more than 30 days after the vehicle comes into the inventory of the selling dealer or advertiser, and (2) unless the selling dealer has inspected the vehicle for certain conditions not more than 30 days prior to the sale if the vehicle accumulates 500 or more miles while in the selling dealer or advertiser's inventory. Finally, the amendments add that it is an unfair method of competition and unfair or deceptive act or practice for a dealer to offer for sale a vehicle using the term "AS-IS" without including, in a clear and conspicuous manner on the face of the sale contract, a list of the conditions set forth in Section 301.2(5) that are present in the vehicle.

Amicus brief(ly): Pennsylvania is amending its vehicle advertising and sales standards to catch up with a growing number of other states that have issued similar regulations related to the condition of used cars for sale. At this point, dealers should be aware of these kinds of regulations and should have adopted some least-common-denominator best practices that focus on providing consumer buyers with as much information as possible about known condition defects in the cars the dealers are selling. The requirements in these regulations are familiar. Dealers in any state should take note of them and check their sale disclosures to make sure that potential buyers know as much about the condition of the car they are thinking about buying as the dealer knows.

U.S. Sues Over Force-Placement of Collateral Protection Insurance

On July 25, the United States brought a civil complaint under the Financial Institutions Reform, Recovery and Enforcement Act against National General Holdings Corporation and its subsidiaries (collectively, "National General"), alleging that, between October 2005 and September 2016, National General force-placed its collateral protection insurance product on vehicles financed through Wells Fargo Bank, N.A., even though it knew or recklessly disregarded the fact that vehicle owners already had insurance through other insurers.

Wells Fargo contracted with National General to identify whether a vehicle owner had the requisite car insurance and referred to this process as loan "tracking." The U.S. alleged that National General knew or recklessly disregarded the fact that its tracking efforts were deficient, yet they continued to improperly force-place insurance on vehicle owners. According to the U.S.'s complaint, National General's tracking efforts were deficient for a variety of reasons, including that it repeatedly mailed letters seeking insurance information to vehicle owners at addresses that had previously been returned as undeliverable; made no phone calls to insurance carriers, agents, or vehicle owners to obtain outside insurance information despite internal requirements to make a certain number of phone calls, and failed to match insurance information in their possession to financed vehicles. The complaint alleges that this conduct resulted in vehicle owners paying premiums and other fees associated with the CPI, vehicle owners defaulting on their financing contracts leading to vehicle repossessions, and negative impacts on vehicle owners' credit scores. The U.S. is seeking penalties under the FIRREA.

Amicus brief(ly): In the consumer credit world we do not run into FIRREA claims very often, but the substance of these claims against National General are pretty germane in the secured consumer credit context. A number of states have laws addressing force-placed collateral protection insurance, and the allegations in this complaint would have upset most of them. The laws assume the secured creditor will have some means of detecting whether the consumer is carrying required collateral protection insurance or not, or (impliedly) that they'll outsource that responsibility to a specialist. In this case, the creditor contracted that tracking out to National General, which appears from the allegations to have gotten ahead of itself and missed some easy and practical ways to avoid these claims about its core service. Without a doubt, creditors need a means to ensure that their collateral is insured against loss, but providers must have some common-sense, practical processes in place to deal with foreseeable events like returned mail and due diligence processes to ensure that they take basic and necessary steps before causing consumers to incur expenses.


1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.