Last Week, This Morning

November 25, 2024

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

Please note that we will not deliver "Last Week, This Morning" next week due to the Thanksgiving holiday. The next email will be delivered to your inbox on Monday, December 9. We wish you a very happy Thanksgiving with friends and family!

FTC Files Complaint Against Provider of Small Business Financing

The Federal Trade Commission recently announced that it filed a complaint against a company, and its founder and CEO, that promises to help arrange financing for small business owners. The FTC is seeking injunctive and monetary relief for the defendants' alleged violations of Section 5(a) of the FTC Act, the Telemarketing and Consumer Fraud and Abuse Prevention Act, the Telemarketing Sales Rule, and the Consumer Review Fairness Act of 2016.

According to the FTC's complaint, the company allegedly promises in its online advertising that it can secure business loans or business lines of credit for small business owners, specifically advertising the company as "the market leader in business loans for small businesses" and as providing the "Best Startup Business Loans of 2024." However, the FTC alleges that once business owners signed a contract with the company, the company merely applied for personal credit cards on behalf of the small business owners instead of procuring business loans or lines of credit. The FTC alleges that the credit cards are ones that the business owners could have applied for on their own. In addition, the FTC alleges that the company charged business owners 10% of the total credit limit on the credit cards issued, plus additional fees. The business owners allegedly never approved or signed any credit card applications that were submitted by the company on their behalf. The FTC also alleges that if business owners attempted to cancel the contract with the company, the company imposed an early termination fee of as much as $995. Finally, the FTC's complaint alleges that the company pressured business owners to provide positive online reviews of the company before they received any services, included contract provisions that illegally prohibited business owners from leaving negative reviews of the company, deleted negative reviews of the company, and encouraged its employees to post fake positive reviews of the company.

Amicus brief(ly): This is another in a long line of FTC lawsuits involving deceptive advertising, so we are compelled to remind readers to make sure your product and service fulfilment aligns with your marketing. The FTC alleges that vulnerable small business owners worked with the company to apply for credit but paid significant fees to the company for multiple applications that ultimately hurt the owners' personal credit scores. The FTC also alleges that the company posted fake online reviews and engaged in other deceptive marketing tactics, both online and through telemarketing. If the allegations about marketing are true, there is a laundry list of activities in the complaint that would make most marketing compliance professionals really uneasy. Sometimes it is difficult to glean useful takeaways from a regulatory development like this where the allegations - again, if proven to be true - describe deceptive activity that most companies would not consider engaging in. For that reason, we commend readers to the complaint if you are curious but fall back to the consistent recommendation to review your marketing materials to ensure that they reflect the actual products and services you offer without hiding any material terms.
FDIC Updates Risk Management Manual of Examination Policies

On November 19, the Federal Deposit Insurance Corporation announced that it updated its Risk Management Manual of Examination Policies, which provides FDIC examiners information relating to examination activities and supervisory practices.

The current update concerns Part VI, Section 22.1 of the Manual: Examination Documentation Modules ("ED Modules"). According to the FDIC, the ED Modules "provide examiners with tools to identify and assess the range of matters considered during examination activities, and they are updated periodically to reflect changes in laws, regulations, and policies. Examiners use the ED Modules in the risk-focused examination framework to tailor examination procedures to the business model, complexity, and risk profile of individual institutions. The extent to which each ED Module is completed varies depending on the complexity and risk profile of each institution. The ED Modules are organized by banking activities and processes in three categories: Primary ED Modules cover examination planning and the assessment of the Capital, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk (CAMELS) areas; Supplemental ED Modules cover additional program areas; and Reference ED Modules provide more detailed procedures for specific banking activities that are addressed at a higher level in the Primary and Supplemental Modules."

The current update adds 25 Reference ED Modules that the FDIC has updated over the past couple of years to Section 22.1.

Amicus brief(ly): The federal regulators' examination manuals and other published material about their oversight provide valuable insights into their areas of focus for examinations. The FDIC and other regulators frequently publish updates to their examination procedures, offering transparency to regulated entities about what they'll be looking for when exercising that oversight function. The FDIC's updates in this turn include a series of examination process updates that it has recently published, adding them in the aggregate to the Risk Management Manual's appendix. There is good information in these updated documents, which are as focused on safety and soundness as they are on any specific regulatory compliance concern. For example, at the beginning of each new Core Analysis Procedure, the FDIC cites specific reference sources on which it relied to put the procedure together. For nonbanks, including businesses engaged with banks in bank partnership lending models, these resources are quite useful in that they identify current regulatory concerns across credit and asset types.
CFPB Final Rule Establishes Its Supervisory Authority over Providers of Digital Consumer Payment Applications

On November 21, the Consumer Financial Protection Bureau finalized a rule confirming the agency's supervisory authority, under the Consumer Financial Protection Act, over nonbank companies offering digital funds transfer and payment wallet applications by defining "larger participants" in the market to include such companies that handle more than 50 million covered consumer payment transactions per year. Under the CFPA, the CFPB has supervisory authority over "larger participants" of markets for consumer financial products and services, as defined by CFPB rules.

The CFPB proposed the rule in November 2023 to establish increased oversight over larger, nonbank market participants in the payments ecosystem, specifically those in the "general-use digital consumer payment applications" market. This market includes providers of funds transfer and payment wallet functionalities through digital applications for consumers' general use in making payments to other persons for personal, family, or household purposes. Examples include consumer financial products and services that are commonly described as "digital wallets," "payment apps," "funds transfer apps," "peer-to-peer payment apps," "person-to-person payment apps," and "P2P apps." The CFPB stated that the larger market participants covered by the final rule collectively process over 13 billion payment transactions per year.

Although the CFPB currently has enforcement authority over these companies, the final rule extends that authority by permitting the CFPB to supervise and examine covered companies to ensure compliance in areas such as privacy and surveillance, error disputes, fraud, and "debanking," where consumers lose access to their payment apps without notice or where there are disruptions to consumers' ability to make or receive payments. The final rule does not impose new substantive consumer protection requirements.

The most notable changes from the proposed rule are: (1) an increased transaction threshold from 5 million consumer payment transactions to 50 million transactions; and (2) clarification that only transactions conducted in U.S. dollars count toward the threshold amount.

The final rule will be effective 30 days after publication in the Federal Register.

Amicus brief(ly): The adjustments from the proposed rule to the final rule may reflect that the CFPB was most interested in regulating the very biggest nonbank providers of digital funds transfers and payment wallets like Apple and Google, whose annual transactions should easily exceed that transaction threshold of 50 million. The CFPB identifies a need for regulation in the rulemaking as it relates to things like error resolution and customer service by the nonbank payment and wallet providers, where a consumer's issue may be better addressed by the payment or wallet provider rather than the consumer's bank or credit union. We have seen several of these rulemakings to define "larger participants" in certain markets at this point - the action will come when the providers have to endure examinations and prudential regulation by the CFPB like banks and other providers do, though that potential pain point may be on hold as a result of the pending federal administration change.

Pennsylvania Extends Lemon Law to Motorcycles

On November 18, Pennsylvania enacted Senate Bill 155, which amends the Automobile Lemon Law to add coverage for motorcycles but not dual sport motorcycles driven off road. Currently, the Lemon Law protects new vehicle buyers by requiring manufacturers to repair or correct, at no cost, any nonconformity that significantly impairs the use, value, or safety of the vehicle, as long as the defect occurs within the first year after delivery of the vehicle, within the first 12,000 miles of use, or during the term of the warranty, whichever occurs first. In the case of a motorcycle, S.B. 155 extends the Lemon Law's protections to nonconformities that occur within a year following delivery of a motorcycle to the buyer or during the term of the warranty, whichever occurs first, but there is no mileage trigger for the end of the protection period for motorcycles.

Currently, if a manufacturer fails to repair or correct a nonconformity after a reasonable number of attempts, the manufacturer must, at the buyer's option, replace the motor vehicle or accept return of the vehicle and refund the full purchase price. The duty to replace or refund does not apply in certain circumstances, including if the nonconformity is the result of modification or alteration of the vehicle. S.B. 155 provides that the phrase "modification or alteration" includes a modification or alteration made to a motorcycle after the date of actual delivery to the buyer.

Currently, the Lemon Law provides a presumption that a reasonable number of attempts have been undertaken to repair or correct a nonconformity if the same nonconformity has been subject to repair three times by the manufacturer, its agents, or authorized dealers and the nonconformity still exists or the vehicle is out of service by reason of any nonconformity for a cumulative total of 30 or more days. S.B. 155 adds, with respect to a motorcycle, that it will be presumed that a reasonable number of attempts have been undertaken if manufacturer-sourced parts have been used in the attempts to repair the nonconformity.

S.B. 155 adds that the 30-day out-of-service time period for purposes of determining if a reasonable number of repair attempts have been undertaken does not apply to the period during which a motorcycle is being stored at a manufacturer's authorized service and repair facility, even if repairs to correct a nonconformity are made during the storage period, if the purchaser waives the 30-day period in writing or enters into a contract for storage of the motorcycle.

Finally, S.B. 155 adds that the presumption of a reasonable number of attempts to repair a nonconformity and the extension of the 30-day period for which the vehicle is out of service only apply to a motorcycle if all attempts to correct a nonconformity are made by the same manufacturer's authorized service and repair facility or if the buyer provides a complete set of repair records, related to the nonconformity, to a manufacturer's authorized service and repair facility that has not previously attempted to repair the nonconformity. The manufacturer's authorized service and repair facility that performed the repairs must provide an affidavit that the nonconformity has been subject to repair three times.

The amendments are effective May 18, 2025.

Amicus brief(ly): Pennsylvania legislators have explained that this new law will ensure that motorcycle buyers enjoy the same protections against defective products as car buyers. In the definition of "new motor vehicle" for purposes of the lemon law, the state moves "motorcycles" from the list of excluded products to an included product and makes a few adjustments from there to account for motorcycles among the protected vehicles in the statute. Motorcycle manufacturers will have six months to adjust to the updates and ensure that they have procedures in place to manage required repairs and/or replace defective motorcycles. This is a win for motorcycle enthusiasts in Pennsylvania.

HUD Extends Compliance Date for Certain Provisions of Final Rule Requiring Mortgagees to Conduct Meetings with Borrowers in Default

On November 21, the Department of Housing and Urban Development extended the compliance date for certain provisions of its final rule entitled "Modernization of Engagement with Mortgagors in Default" that require mortgagees to conduct meetings with all borrowers in default. The compliance date for these provisions is extended until July 1, 2025. According to HUD, it is taking this action to permit mortgagees sufficient time to update their mortgage servicing policies and procedures to comply with the policy that will be established in a forthcoming mortgagee letter (the draft mortgagee letter can be found here).

The final rule, published in the August 2 Federal Register, updated HUD's current regulation that requires mortgagees of Federal Housing Administration-insured single family mortgages to meet in person with borrowers who are in default on their mortgage payments. For most mortgages insured pursuant to 24 CFR Part 203 - Single Family Mortgage Insurance - the final rule:

  • allows mortgagees to use electronic and other remote communication methods for conducting interviews with borrowers to satisfy FHA's early default intervention requirements;
  • eliminates the requirement that mortgagees make at least one trip to the mortgaged property to schedule a meeting with the borrower; and
  • expands the meeting requirement to include borrowers who do not reside in the mortgaged property or have a mortgaged property that is not within 200 miles of their mortgagee, its servicer, or a branch office.
Amicus brief(ly): The 6-month extension to allow additional time to update mortgage servicing policies and procedures is very welcome. HUD appears to recognize the challenges in updating those policies and procedures, including training materials, customer communications, and other materials that mortgage servicers have told HUD take time to build and operationalize correctly. HUD also acknowledges in this rule that it needs to finalize its pending guidance on compliance with the updated meeting requirements so that servicers can work that guidance into their updated materials.

1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.