The U.S. Court of Appeals for the Third Circuit has ruled that in determining whether a credit report is accurate or misleading under the Fair Credit Reporting Act’s “maximum possible accuracy” requirement, a district court should apply a “reasonable reader” standard.  Ballard Spahr attorneys are currently representing clients in cases involving this legal issue.

Bibbs v. Trans Union LLC was one of three district court cases consolidated on appeal in which the plaintiff alleged that Trans Union had violated the FCRA requirements (1) in 15 U.S.C. Sec. 1681e(b) for a consumer reporting agency (CRA) to “assure maximum possible accuracy” in its credit reports, and (2) in 15 U.S.C. Sec. 1681i(a) for a CRA to “conduct a reasonable reinvestigation to determine whether [information disputed by the consumer] is inaccurate.”  The plaintiffs in each of the three cases had obtained student loans, with two of the plaintiffs having obtained their loans from the same lender.   Following nonpayment by each of the plaintiffs, their respective lenders closed their accounts and transferred them.  Once the loans were transferred, their account balances with the lenders immediately went to zero and all of their payment obligations were transferred.  Each plaintiff’s credit report contained the same negative pay status notation: “Account 120 Days Past Due Date.”

It was undisputed that (1) the plaintiffs failed to make timely payments on their loans, (2) Trans Union accurately reported their accounts as late until the dates they were closed and the balances were transferred, and (3) the plaintiffs owed no balance to their previous creditors once the accounts were transferred.   The plaintiffs argued that the negative pay status notations on their credit reports were inaccurate and could mislead prospective creditors to incorrectly assume that the plaintiffs were currently more than 120 days past due.  The plaintiffs’ lawyers sent letters to Trans Union disputing the accuracy of the credit reports in which they stated that it was impossible for the plaintiffs’ current status to be listed as late when they owed no money to the previous creditors.  After investigating the disputes, Trans Union sent each plaintiff a report with the results of its investigation in which it explained that for accounts that have been closed and paid, the pay status represented the last known status of the account. Trans Union did not update or correct the disputed information and instead stated that the reports were correct. 

The district court in each case granted Trans Union’s motion for judgment on the pleadings and dismissed the case without ordering further discovery.   On appeal, the Third Circuit first considered whether it was correct for the district courts to use a “reasonable creditor” standard to determine whether Trans Union’s credit reports were misleading.  The plaintiffs argued that even if the reports would not mislead a “reasonable creditor,” other less sophisticated users could be misled.  After looking at the FCRA’s definition of “creditor” which includes “any person” who engages in the activities described, the Third Circuit found it “unreasonable to assume that Congress, in requiring ‘maximum possible accuracy’ and allowing individuals and entities other than sophisticated creditors to use credit reports to make decisions, drafted the FCRA with the intention that only sophisticated creditors should understand the information that these reports contain.” (emphasis included)

Despite finding that the “reasonable creditor” standard  did not exclude unsophisticated individuals and entities, the Third Circuit nevertheless concluded that the term “reasonable creditor” did not accurately reflect the FCRA’s intent because the FCRA does not limit the permissible use of consumer reports to creditors and contemplates a range of permissible users.  To account for these possibilities, the Third Circuit adopted a “reasonable reader” standard.  It characterized the “reasonable reader” standard as “run[ning]the gamut to include sophisticated entities like banks and less sophisticated individuals such as local landlords.”  According to the Third Circuit:

A court applying the reasonable reader standard to determine the accuracy of an entry in a report must make such a determination by reading the entry not in isolation, but rather by reading the report in its entirety.  On the other hand, if an entry is inaccurate or ambiguous when read both in isolation and in the entirety of the report, that entry is not accurate under Sec. 1681e(b).

Applying the  “reasonable reader” standard to Trans Union’s credit reports, the Third Circuit concluded that the reports were not inaccurate or misleading. Trans Union argued that when read in the entirety of the reports, the pay statuses were clearly historical notations.  It asserted that since each report also indicated in two places that the account was closed and listed a $0 loan balance, the past due status could not create ambiguity regarding a plaintiff’s financial obligations. 

While stating that “perhaps Trans Union could have made the reports even clearer,” the Third Circuit nevertheless found the reports to be clear as is.  It acknowledged that despite the “goal” of maximum possible accuracy set by Sec. 1681e(b), “the possibility of further clarity is not an indication of vagueness; just because a report could potentially be a bit clearer does not mean that it is not very clear at present.”   Agreeing with Trans Union, the Third Circuit found that a reasonable interpretation of Trans Union’s reports in their entirety was that the pay status of a closed account was historical information.  As a result, the Third Circuit held that the reports were accurate under Sec 1681e(b).

In affirming the district courts’ grants of summary judgment to Trans Union, the Third Circuit also ruled that the district courts had correctly dismissed the plaintiffs’ claims that Trans Union violated Sec. 1681i(a) by failing to conduct a good faith investigation.  It considered the plaintiffs’ claims under 1681i(a) to be foreclosed by its holding that the pay status notations were neither inaccurate nor misleading to a reasonable reader.

Finally, the Third Circuit rejected the plaintiffs’ argument that discovery was necessary to determine whether the pay status notations would mislead a creditor and whether creditors were likely to make adverse credit decisions against the plaintiffs based on the lower credit scores caused by the notations.  Because it considered the reasonable reader standard to be an objective and not a subjective standard, the Third Circuit deemed the credit reports to be accurate under 1681i(a) as matter of law, thereby making discovery unnecessary.  The Third Circuit noted that even if the pay status notations reduced the plaintiffs’ credit scores, “this sort of adverse historical notation and consequence” was permissible under Sec. 1681e(b) and that while the reduced credit scores could lead creditors to make adverse credit decisions, “it would be within their right to do so because [the plaintiffs’] credit reports are accurate.”

Eight national trade groups have filed a petition with the CFPB that urges the Bureau to engage in rulemaking to define larger participants in the market for data aggregation services.  The trade groups are the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Counsel, Independent Community Bankers of America, National Association of Federally Insured Credit Unions, National Bankers Association, and Clearing House Association.  The petition has been docketed by the CFPB pursuant to the new procedure that the CFPB established in February 2022 for members of the public to submit petitions for rulemaking (including amendments to or repeals of existing rules). 

The trade groups assert that there is currently a “supervisory imbalance” among participants in the market for aggregation services, with large data holders such as banks and credit unions regularly supervised by the CFPB while non-depository entities such as data aggregators and data users are not examined by the CFPB.  They point out that “the current market largely relies on discrete and contractual relationships by data holders to maintain oversight and assess any potential risks to consumers by data aggregators and data uses, or requires data holders to implement other mitigation strategies for screen scraping activities.”  According to the trade groups, the current situation creates “an unsustainable model as the aggregation services market grows.”  They raise the potential for inconsistent enforcement of the laws applicable to data aggregators which, in turn, “raise[s] the prospect that potential consumer harm associated with the activities of data aggregators and data users will not be timely identified and remedied.”  According to the trade associations, the CFPB’s use of its risk-based supervisory authority to supervise data aggregators as companies that “pose risk” would be insufficient “to effectuate consistent and abiding supervision of all larger participants in the data aggregation market” because any entity that allegedly poses risk can challenge that order and the orders may be terminated after two years.

The CFPB is currently engaged in rulemaking to implement Section 1033 of the CFPA.  Section 1033 requires consumer financial services providers to give consumers access to certain financial information.  In October 2020, the CFPB issued an Advance Notice of Proposed Rulemaking (ANPR) in connection with the 1033 rulemaking.  In their petition, the trade groups assert that the CFPB “should ensure that data aggregators and data users that are larger participants in the aggregation services market—not just banks and credit unions—are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information.”  They also assert that the position they espouse was supported by “a broad and diverse collation of nonbank organizations (including data aggregators”) that submitted comments in response to the ANPR.  The trade groups do not suggest a standard for the CFPB to use for determining whether a data aggregator qualifies as a “larger participant.”

In addition to asking the CFPB to amend its larger participant rule to add a new section covering providers of data aggregation services, the trade groups also petition the CFPB to define “aggregation service” as a “financial product or service” for purposes of the CFPA.  They assert that the CFPB has authority to promulgate such a regulation and cite to various provisions of the CFPA as the source of such authority.

The trade associations indicate that their petition is filed pursuant to Section 553(e) of the Administrative Procedure Act (APA).  Section 553(e) provides that “[e]ach
agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule,” a denial of which must be justified by a statement of reasons pursuant to section 555(e) of the APA and can be appealed to the courts under sections 702 and 706 of the APA.  They also note that the APA requires that “[p]rompt notice … be given of the denial in whole or in part” of any petition under 5 U.S.C. § 553, and that any denial shall include a “brief statement of the grounds for denial.”

In Director Chopra’s recent interviews with several news reporting organizations, a persistent theme was the CFPB’s concerns about the entry of big tech companies into financial services, particularly in connection with payments and the companies’ ability to collect and monetize data about consumers.  Those concerns are the focus of a new CFPB report issued last week titled “The Convergence of Payments and Commerce: Implications for Consumers.”

The report explores the implications of recent innovations in the payments space that “may blur the traditional lines of banking and commerce” and focuses on “how large technology platforms and other emerging business models that operate outside of the traditional banking system use peoples’ sensitive spending and transaction data.”  The CFPB observes that many firms operating in the market for retail financial services are moving from seeing their customers’ value as generating revenue from using the firm’s financial products (i.e. interest and fee income) “to the customer as a source of behavioral and financial data to be leveraged and potentially sold to create an additional revenue stream.”  According to the CFPB, this means “in essence [that] the customer’s information could become a revenue source, a ‘lead generator’ for the financial institution, and if that organization so chooses, for other companies that can use the data for their own revenue generation activities.”

The report looks closely at three new product categories or “new use cases”  (“super apps,” buy-now-pay later (BNPL), and “embedded commerce”) and makes the following observations:

  • Super apps. These apps originated in China with WeChat and Alibaba and provide “a comprehensive ecosystem where users can find almost anything they need so users can stay engaged within a single app.”  The financial services offered by these apps include bill payment, person-to-person payments, insurance, and investments.   These apps “are essentially the ‘internet in an app.’”  In the U.S., instead of the “internet in an app” approach, the more targeted “bank in an app” approach is gaining traction.  Beyond mobile banking apps, this approach combines additional services related to financial services and payments to add value and retain users.  (The PayPal wallet is cited as an example of the U.S. super app.)  While super apps can be a valuable tool for consumers, “they can potentially be exploited to take advantage of consumers who aren’t fully aware of what it is that they have, and what it is that they have agreed to.”
  • BNPL.  This product was initially offered by BNPL providers partnering with individual merchants.  Consumers interacted with BNPL on the merchant partners’ website checkout pages and providers earned revenues from merchant discount fees.  Recently, BNPL providers have moved to a “lead generation” model by selling advertising space on their own apps to merchants who pay referral or affiliate fees to acquire customers, with the referral fees potentially exceeding ten percent of the transaction amount (which is several times higher than the average merchant discount fees charged in the initial BNPL model).  The newer model allows BNPL providers to use virtual debit and credit cards to make any merchant a BNPL merchant because consumers can use one-time virtual cards issued within a BNPL app at almost any merchant that accepts standard card payment methods.  The app allows a BNPL provider to track a consumer’s digital footprint and use a consumer’s purchase history to craft a personal browsing experience.
  • Embedded commerce.  This concept allows shopping to occur directly on the website or app of a social media feed rather than through traditional ad-based links to a merchant’s website.  It creates an opportunity for a social media provider to capture and sell transaction data without consumers’ awareness that their data is being monetized and increases the risk of an unwanted purchase by enabling a transaction to occur with very little activity from the consumer.  

According to the CFPB, the emerging risk in payments is “the potential that consumer financial data and behavioral data are used together in increasingly novel ways.”  The CFPB sees the closer integration of financial services providers and non-financial companies such as social media and e-commerce that is being driven by technology as creating more opportunities for companies to aggregate and monetize consumer financial data.  In the CFPB’s view, more data creates more opportunities for such data to be misused, and with “the prevalence of machine learning and algorithmic optimization in modern business,” companies have more capability “to leverage consumer financial data to achieve outcomes that may take significant financial advantage of consumers that may result from automated decision-making with limited transparency.”  The CFPB states that it “intends to carefully monitor and scrutinize these practices for potential fair lending risks, as well as the risks of unfair, deceptive, or abusive practices.”

The other emerging risks in payments highlighted by the CFPB is the potential impacts of “scale and market power.”  The CFPB is concerned that the “new use cases” will create “a new generation of dominant incumbents,” similar to how the Chinese market has evolved.  As an example, it suggests that big tech companies “may leverage massive installed consumer bases to quickly gain scale in new payment businesses” and thus “concerns about the market powers of these companies would then be extended into the payments space.”  Another CFPB example is that “a concentrated BNPL or embedded payments in a social medial market may be able to extract excess fees from merchants due to unique structural advantage arising from data and scale.”  In our view, whatever the merits of these concerns about potential anti-competitive effects, they would seem to be more appropriately addressed by the FTC rather than the CFPB.  (Director Chopra has previously raised concerns about competition that seem more properly in the FTC’s purview than that of the CFPB.)

The CFPB concludes the report by noting that it expects to issue a report on its findings from its BNPL monitoring orders and “will determine whether regulatory interventions are appropriate.”  It also notes that it seeks to mitigate the potential consequences of big tech firms moving into the real-time payments space.   

To help financial services companies manage the federal approvals, state licenses, and foreign “doing business” registrations they are required to maintain—and avoid penalties for non-compliance—Ballard Spahr has launched Ballard360 LicenSync.  LicenSync was created by the firm’s Client Value and Innovation Team working in partnership with the firm’s Consumer Financial Services Group.

The project management tool is customizable to financial services companies—from start-ups and digital innovators to established institutions—handling residential and commercial mortgages; student, consumer, and solar loans; retail installment contracts; cryptocurrencies; money transmission; and other matters.  It contains:

  • A Go-to-Market Checklist that provides support in applying for new licenses, reporting changes of control, surrendering licenses, developing policies, and managing examination responses.
  • A list of all federal approvals, state licenses, and foreign “doing business” registrations held—or applied for—by the company, along with information such as approval date and license/registration number.
  • An interactive calendar that tracks upcoming regulatory reporting obligations for approvals, licenses, and registrations maintained in the tool (e.g., Mortgage Call Reports, Money Services Business Call Reports, annual renewals, periodic reporting obligations, financial statement submissions, examination or application response deadlines) and sends automatic email reminders about upcoming filing obligations.
  • A document library that serves as a historical record of all filings and other important information involving approvals, licenses, and registrations maintained in LicenSync.
  • A section that tracks important information about surety bonds held by the company, including the approval, license, or registration; the amount; and the expiration date.

A standard LicenSync tool is offered free to Ballard Spahr clients.  While attorneys and licensing specialists working on specific engagements do charge legal fees, clients can choose to manage their own licensing portfolios for free, using their internal regulatory compliance teams.

LicenSync is completely customizable.  Companies receive reminders and updates at the time of their choosing.  Bespoke legislative tracking programs can be created to alert companies to upcoming federal and state legislative or regulatory measures, along with helpful summaries.  Companies also can work directly with the firm’s Client Value and Innovation Team to create new sections to address their specific business needs.

To learn more about LicenSync, contact Lisa Lanham (  Lisa is a CFS partner and co-leader of the firm’s Fintech and Payment Solutions team who spearheaded the technology effort with the Client Value and Innovation Team.

In a blog post published on July 30 on Consumer Law and Policy Blog, Professor Jeff Sovern discusses comments from CFPB officials that the Bureau will not use the disparate effects or impact test to determine if discrimination has occurred when using its UDAAP authority.  In those comments, Director Rohit Chopra and Assistant Director Eric Halperin indicated that “unfair” for purposes of the CFPB’s UDAAP authority has its own test and that the Bureau will use that test rather than the disparate effects test when using its UDAAP authority to determine if a discriminatory practice is unfair.

For starters, it is unlikely that the CFPB does not intend to use disparate impact to determine if a practice is discriminatory.  When the CFPB announced the change to the UDAAP section of its examination manual, as an example of discrimination that it could target as unfair, it used a bank not allowing people of color to open a deposit account.  Since this would be an instance of intentional discrimination or disparate treatment, a disparate impact analysis is not necessary to determine if the bank’s practice is discriminatory. 

But how would the CFPB approach a bank policy that was race neutral on its face but resulted in a high number of people of color not being allowed to open deposit accounts?  Unless, contrary to prior statements, the CFPB only intends to target intentional discrimination as a UDAAP violation, it would presumably argue that the bank’s policy was discriminatory because of its disparate impact on people of color.  And once having made that determination, it would then decide if the policy is unfair using the UDAAP standard.  Indeed, one of the changes made to the examination manual directs examiners, when identifying  areas for potential transaction testing, to determine whether “the entity uses decision-making processes in its eligibility determinations, underwriting, pricing, servicing or collections that result in discrimination.   

Assuming this would be the CFPB’s approach, one might say the CFPB wants to have its cake and eat it too—meaning use disparate impact to establish discrimination but replace the safeguards of the next step in a disparate impact analysis with the unfairness standard.  As discussed in the white paper about the UDAAP change sent to the CFPB by four leading industry trade groups, the CFPB’s approach ignores a number of the safeguards that the U.S. Supreme Court, in its Inclusive Communities decision, said must be observed to sustain a disparate impact claim.  Those safeguards prevent disparate impact liability from attaching unless the policy or practice at issue creates “artificial, arbitrary, and unnecessary barriers,” a standard that the Supreme Court found necessary to ensure that defendants “must not be prevented from achieving legitimate objectives.”  Most significantly, when determining whether a company’s policy has a legitimate business justification, the Supreme Court recognized the importance of considering “practical business choices and profit-related decisions that sustain a vibrant and dynamic free-enterprise system.”

In contrast, under the UDAAP unfairness standard, a policy is unfair if (1) it causes or is likely to cause substantial injury to consumers, (2) the injury is not reasonably avoidable by consumers, and (3) the injury is not outweighed by countervailing benefits to consumers or to competition.  Once a policy is found to have a disparate impact, it would seem to be a foregone conclusion that the CFPB would find the first two prongs of the unfairness standards to be present.  And it seems likely the CFPB would give little or no weight to “practical business choices and profit-related decisions” in applying the third prong.

According to Professor Sovern, the outcome is likely to be the same whether the  CFPB uses the unfairness standard or a disparate impact test—namely the policy would be unlawful under either analysis.  However, without the safeguards required by the Supreme Court’s decision, it seems much more likely that a company’s policy would be deemed unlawful when the unfairness standard is used than when a  disparate impact analysis is used.  We do not see any reasoned basis for finding that a company has engaged in unlawful discrimination in connection with non-credit transactions when the same policy, if used in connection with credit transactions, would be found to be lawful under a disparate impact analysis.  Professor Sovern may be right that a policy that would fail the disparate impact test is likely to also be unfair.   But instead of wondering how often conduct will fail the disparate impact test but not be unfair, we think Professor Sovern should be wondering how often conduct might PASS the disparate impact test but nevertheless be deemed unfair. 

Putting aside the disparate impact issue, I continue to take issue with the underlying premise of Professor Sovern’s blog post – namely, that the CFPB can use the “unfairness “ prong of UDAAP to target  discrimination in connection with credit and non-credit consumer financial products and services.  Moreover, even if the CFPB’s interpretation of “unfairness “is correct, hopefully, Professor Sovern would agree with me that this is the type of major pronouncement that should be accomplished through a notice-and-comment UDAAP rulemaking rather than by unilaterally amending the CFPB’s examination manual (which technically only applies to certain mega-banks and non-banks).  All stakeholders (consumers and industry alike) should have been given the opportunity to comment on such an important change in the law.  

Three Republican House members sent a letter last week to CFPB Director Chopra raising questions about the Bureau’s relationship with state attorneys general and its interpretive rule issued in May 2022 regarding the authority of state attorneys general and state regulators (State Officials) to enforce the Consumer Financial Protection Act (CFPA).

In the interpretive rule, the CFPB described the authority of State Officials under CFPA Section 1042(a) as follows:

  • Because CFPA Section 1036(a)(1)(B) makes it unlawful for a “covered person” or “service provider” to “engage in any unfair, deceptive, or abusive act or practice,” State Officials can use Section 1042(a) to bring an enforcement action against a covered person or service provider that engages in unfair, deceptive, or abusive acts or practices.
  • Because CFPA Section 1036(a)(1)(A) makes it unlawful for a “covered person” or “service provider” to “offer or provide to any consumer any financial product or service not in conformity with Federal consumer financial law,” State Officials can use Section 1042(a) to bring an enforcement action against a covered person or service provider for a violation of any Federal consumer financial law even if they cannot enforce such laws directly.  In addition to the CFPA, “Federal consumer financial laws” include the 18 “enumerated consumer laws” listed in the CFPA and their implementing regulations, such as the Truth in Lending Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, the Electronic Fund Transfer Act, and the Real Estate Settlement Procedures Act. 
  • Although the CFPA (in Sections 1027 and 1029) limits the CFPB’s enforcement authority as to certain categories of covered persons (e.g. motor vehicle dealers, attorneys, persons regulated by a state insurance regulator, persons regulated by the SEC or a state securities commission), those limitations generally do not apply to State Officials exercising their enforcement authority under Section 1042.
  • State Officials can bring (or continue) actions under Section 1042 even if the CFPB is pursuing a concurrent action against the same entity.

In their letter, the lawmakers stated that it has come to their attention that the CFPB “may be colluding with states contrary to the [CFPA].”  They asserted that while “state attorneys general may enforce the CFPA in cases where the CFPB has not,” the CFPA “does not allow for a state attorney general to become a party to an existing CFPB enforcement action.”  According to the lawmakers,”[i]t is therefore inappropriate for the CFPB to recruit a state attorney general that is not otherwise investigating a company, to pursue enforcement as a means of intimidation.”

The lawmakers asserted that the effect of the interpretive rule is “different from solely enforcing the law” and instead “is more akin to deputizing state attorneys general to enforce the CFPA on behalf of the CFPB—something Congress did not authorize.”  They also asserted that the interpretative rule allows the CFPB to “forum shop across the country to find friendly attorneys general willing to bring cases on behalf of the Bureau, rather than the process that Congress intended, whereby attorneys general bring a case to the CFPB when appropriate.”  The lawmakers’ letter includes a series of questions to which they request responses by August 12.

In our view, the interpretive rule has the practical effects of allowing the CFPB to expand its enforcement staff and increasing the burden on an investigation target, both in terms of document production and the production of witnesses, who may be required to testify in more than one proceeding.  (Both the states and the CFPB routinely ask for copies of deposition transcripts in other enforcement matters, which creates the potential for a witness to be impeached with prior testimony on the same subject matter.)  Beyond allowing the CFPB to add State Officials to its enforcement staff, the interpretive rule can further expand the CFPB’s resources to include organizations that have a close relationship with State Officials.  For example, the Consumer Protection Division of the Massachusetts Attorney General’s Office has a close relationship with the Harvard Legal Aid Bureau. Finally, the interpretive rule allows states to inquire into areas where the CFPB has no enforcement authority, thereby attempting to ensure that even where the CFPA has limited the CFPB, enforcement activity nevertheless will occur.

On the other hand, the interpretive rule may lead to some unintended consequences.  By encouraging State Officials to conduct parallel investigations, and to the extent those investigations lead to litigation, the CFPB is inviting litigation by different agencies that may pursue different litigation priorities and achieve different and inconsistent results in court.  Further, parallel investigations may make global resolution—including any state conducting an investigation—an imperative, to avoid the overpayment that would occur by settling sequentially with the CFPB and then the states.

Given that collaboration between the CFPB and State Officials can be expected to increase, it is imperative that companies facing potential enforcement activity consult counsel with the experience needed to navigate both the CFPB and the offices of State Officials.  

The Federal Trade Commission (“FTC”) is seeking public comment on proposed changes to its guides concerning the use of endorsements and testimonials in advertising.  FTC guides are advisory in nature and intended to assist businesses in complying with laws administered by the FTC. 

Endorsements and advertisements are defined broadly to mean any advertising message that a consumer is likely to believe reflects the opinions, beliefs, findings, or experiences of a third-party.  16 CFR § 255.0.  Currently, FTC guides provide that endorsements must reflect the honest opinions, findings, beliefs, or experiences of the endorser.  16 CFR § 255.1.  Endorsements may not contain any representations that would be deceptive or that could not be substantiated.  Id.  If the endorser’s experience is not generally representative, the advertisement should clearly and conspicuously disclose what the generally expected performance should be.  16 CFR 255.2.  And when there is a connection between the endorser and the advertiser, that connection must be fully disclosed.  16 CFR 255.5.

Many of the proposed changes are simply clarifications or changes to illustrative examples.  Other changes establish principles not previously present in the guidelines.  The FTC has proposed the following noteworthy changes to its guides:

  • revise the definition of endorsement to include marketing and promotional messages. Tags on social media may also be considered endorsements under the proposed guidelines;
  • change the definition of “product” to include “brand;”
  • clarify that a “clear and conspicuous” disclosure means a disclosure that “is difficult to miss (i.e., easily noticeable) and easily understandable by ordinary consumers;”
  • add that endorsements in advertisements addressed to children may be of special concern because of the character of the audience.  Practices that would not ordinarily be questioned in advertisements to adults might be questioned in advertisements directed at children;
  • note that when a claim in an advertisement is visual, required disclosures should be at least visual. When the claim is audible, the disclosures should be at least audible;
  • explain that endorsers and not just advertisers may be liable for their statements such as when they make representations they know or should know to be deceptive;
  • provide that using the likeness of a person that is not the actual endorser is deceptive if it misrepresents a material attribute; and
  • clarify that disclosures of the connection between advertisers and endorsers must be “clear and conspicuous;”

Comments regarding the proposed amendments must be received on or before September 26, 2022. Comments captioned “Endorsement Guides P204500” may be submitted at

For more information on recent FTC activity impacting advertising and endorsements, please consider listening to our May 5, 2022 podcast with Guest Malini Mithal, Associate Director of the FTC Division of Financial Practices.

We first review the views expressed by Director Chopra and CFPB actions taken under his leadership that led the Chamber to launch its campaign.  We then discuss the campaign’s specific components, which consist of digital ads, Freedom of Information Act requests, and letters to Director Chopra.  Our discussion includes an in-depth look at the basis for the Chamber’s view that the CFPB has acted unlawfully in connection with changes to its UDAAP examination procedures, revisions to its rules for administrative proceedings, rule change to make public a decision establishing risk-based supervision of a company, and its interpretive rule on enforcement of federal consumer financial protection laws by state attorney generals.  We also discuss the litigation challenging the constitutionality of the CFPB’s funding.

Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation.

To listen to the episode, click here.

The FDIC has issued an “Advisory to FDIC-insured institutions Regarding Deposit Insurance and Dealings with Crypto Companies” to address the agency’s concerns regarding misrepresentations about FDIC deposit insurance by certain crypto companies.  Of particular concern to the FDIC is the risk that consumer confusion or harm can arise from crypto assets offered by, through, or in connection with an insured bank particularly when a non-bank offers crypto assets to its customers while also offering an insured bank’s deposit products.

The FDIC’s concern arises out of recent market turmoil that has resulted in the suspension of withdrawals or a halt in operations by some crypto companies.  According to the FDIC, “these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.”

The first portion of the advisory addresses risks and concerns.  The FDIC identifies two issues that can create customer confusion.  The first issue is when FDIC deposit insurance applies.  The FDIC indicates that FDIC deposit insurance does not protect a non-bank’s customers against the default, insolvency, or bankruptcy of any non-bank, including crypto custodians, exchanges, brokers, wallet providers, or other entities that appear to mimic banks but are not, called “neobanks.”  The second issue is what products are FDIC insured.  The FDIC indicates that FDIC deposit insurance covers deposit products offered by insured banks but does not apply to non-deposit products, such as stocks, bonds, money market mutual funds, securities, commodities, or crypto assets.

The FDIC observes that in addition to potential consumer harm, customer confusion can lead to legal risks for banks if a crypto company, or other third-party partner of an insured bank, makes misrepresentations about the nature and scope of deposit insurance.  It also identifies liquidity risk to banks, which can potentially result in earnings and capital risk, if misrepresentations and customer confusion causes concerned consumers to move funds from insured banks.

The second portion of the advisory addresses risk management and governance considerations.   These considerations consist of the following:

  • Insured banks must assess, manage, and control risks arising from all third-party relationships, including those with crypto companies.
  • Insured banks should confirm and monitor the crypto companies they deal with to ensure such companies do not misrepresent the availability of deposit insurance, and should take appropriate action to address any misrepresentations.
  • Communications related to deposit insurance must be clear and conspicuous.  Non-banks, such as crypto companies, that advertise or offer FDIC-insured products in relationships with insured banks could reduce consumer confusion by clearly and conspicuously: (a) stating that they are not an insured bank; (b) identifying the insured bank(s) where any customer funds may be held on deposit; and (c) communicating that crypto assets are not FDIC-insured products and may lose value.
  • Insured banks that are involved in relationships with non-banks that offer deposit products as well as non-deposit products, such as crypto assets, can help minimize customer confusion and harm by carefully reviewing and regularly monitoring the non-bank’s marketing material and related disclosures to ensure accuracy and clarity.  (While not expressly stated by the FDIC, the FDIC would likely expect such review and monitoring to include whether a non-bank partner has taken the steps suggested by the FDIC to reduce consumer confusion.)
  • Insured banks should have appropriate risk management policies and processes to ensure that any services provided by, or deposits received from any third-party, including a crypto company, comply with all laws and regulations.
  • Because the FDIC’s regulation on misrepresentation of insured status can apply to non-banks, such as crypto companies, insured banks should determine if their third-party risk management policies and procedures effectively manage crypto-asset-related risks, including compliance risks related to the regulation.

On July 29, the Federal Trade Commission (“FTC”) announced a settlement with First American Payment Systems LP, a Texas-based nationwide payment processor, and two of its sales agent affiliates, Think Point Financial LLC and Eliot Management Group LLC (collectively, “First American”), in an action alleging hidden terms, “surprise” exit fees, and charges made to merchants without their consent.  Under the proposed stipulated order, First American has agreed to repay $4.9 million in redress to merchants.           

According to the FTC, First American made false claims regarding fees and costs to induce merchants, many of whom are small businesses – including sole proprietorships and individuals who did not speak English –  to enroll in its payment processing services.  First American and its sales agents purportedly made representations to merchants that their total monthly fees would be low and provided projections of monthly savings that failed to account for annual or semi-annual rate pricing increases.  Once enrolled, First American allegedly withdrew funds from the merchants’ accounts without their consent and made it difficult and costly to cancel their service. 

The FTC’s complaint states claims for violations of Section 5 of the FTC Act for misrepresentations made to merchants regarding monthly fees and the ability to cancel contracts, deceptive claims that customers would save a significant amount of money using their services, and unfair debiting practices, specifically withdrawing money from customers’ bank accounts after they had revoked authorization to do so.  The action also includes claims for violations of the Restore Online Shoppers’ Confidence Act (“ROSCA”), a law which, among other things, prohibits charging consumers for goods and services sold in online transactions with a “negative option”–where consumer silence or failure to affirmatively reject goods or services or cancel the contract is interpreted as acceptance–without clear and conspicuous disclosures, express informed consent, and a mechanism to stop recurring charges. 

Because ROSCA is a consumer protection statute, the FTC’s allegations of ROSCA violations in a case involving customers that are small businesses is noteworthy.  ROSCA does not define “consumer” but it incorporates the FTC’s enforcement authority under the FTC Act.  First American’s alleged failure to comply with ROSCA also constitutes an unfair or deceptive practice under Section 5 of the FTC Act, according to the FTC.  Last October, the FTC issued a policy statement regarding negative option marketing intended “to put companies on notice that they will face legal action if their sign-up process fails to provide clear, up-front information, obtain consumers’ informed consent, and make cancellation easy.”

Also noteworthy are the allegations related to First American’s online enrollment system and presentment of the contractual terms.  According to the FTC, First American’s enrollment system for new customers hid the fact that merchants were agreeing to a three year term that would automatically renew and that they would be charged a $495 cancellation fee.  The enrollment screen in which the merchants agreed to the terms and conditions of the contract did not include the full agreement or any mention of the contract term, early-termination fee, auto-renewal provision, or cancellation requirements.  Rather, it included hyperlinks to additional documents with those material terms.  Merchants could click to accept the contract without having to first click on the hyperlinks to review those terms.  In situations where merchants did cancel their contracts, the FTC alleges First American failed to provide a “simple mechanism” to stop recurring charges, including failing to disclose cancellation or ACH revocation requirements.  As a result, in addition to the cancellation charge, many merchants continued to have their accounts auto-debited after cancellation.

Under the terms of the proposed stipulated order, filed in a Texas federal district court, First American does not admit or deny the allegations in the complaint.  Law360 reported that First American issued a statement in which it “flatly denies” the allegations, claiming the FTC’s allegations are “one-sided and based on a flawed understanding of our business and industry,” but indicates that it agreed to settle with the FTC in order to avoid a protracted legal battle. 

Under the stipulated order, First American is enjoined from engaging in the practices alleged and must disclose specific terms and cancellation procedure, and obtain express informed consent to all terms and express authorizations to debit accounts as explicitly detailed in the settlement.  They must also establish and maintain a compliance program.  First American is enjoined from collecting early termination fees from merchants who enrolled before April 6, 2020 and must pay a monetary judgment of $4.9 million to the FTC to provide redress to impacted merchants.    

This matter is the most recent example of the FTC’s focus on small businesses and increasing use of Section 5 of the FTC Act, and now ROSCA, to protect small businesses.  It is also part of a growing body of legislative, regulatory, and enforcement activity on the federal and state levels directed at protecting small businesses from practices that are targeted by consumer protection laws.