Eight national trade groups have filed a petition with the CFPB that urges the Bureau to engage in rulemaking to define larger participants in the market for data aggregation services.  The trade groups are the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Counsel, Independent Community Bankers of America, National Association of Federally Insured Credit Unions, National Bankers Association, and Clearing House Association.  The petition has been docketed by the CFPB pursuant to the new procedure that the CFPB established in February 2022 for members of the public to submit petitions for rulemaking (including amendments to or repeals of existing rules). 

The trade groups assert that there is currently a “supervisory imbalance” among participants in the market for aggregation services, with large data holders such as banks and credit unions regularly supervised by the CFPB while non-depository entities such as data aggregators and data users are not examined by the CFPB.  They point out that “the current market largely relies on discrete and contractual relationships by data holders to maintain oversight and assess any potential risks to consumers by data aggregators and data uses, or requires data holders to implement other mitigation strategies for screen scraping activities.”  According to the trade groups, the current situation creates “an unsustainable model as the aggregation services market grows.”  They raise the potential for inconsistent enforcement of the laws applicable to data aggregators which, in turn, “raise[s] the prospect that potential consumer harm associated with the activities of data aggregators and data users will not be timely identified and remedied.”  According to the trade associations, the CFPB’s use of its risk-based supervisory authority to supervise data aggregators as companies that “pose risk” would be insufficient “to effectuate consistent and abiding supervision of all larger participants in the data aggregation market” because any entity that allegedly poses risk can challenge that order and the orders may be terminated after two years.

The CFPB is currently engaged in rulemaking to implement Section 1033 of the CFPA.  Section 1033 requires consumer financial services providers to give consumers access to certain financial information.  In October 2020, the CFPB issued an Advance Notice of Proposed Rulemaking (ANPR) in connection with the 1033 rulemaking.  In their petition, the trade groups assert that the CFPB “should ensure that data aggregators and data users that are larger participants in the aggregation services market—not just banks and credit unions—are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information.”  They also assert that the position they espouse was supported by “a broad and diverse collation of nonbank organizations (including data aggregators”) that submitted comments in response to the ANPR.  The trade groups do not suggest a standard for the CFPB to use for determining whether a data aggregator qualifies as a “larger participant.”

In addition to asking the CFPB to amend its larger participant rule to add a new section covering providers of data aggregation services, the trade groups also petition the CFPB to define “aggregation service” as a “financial product or service” for purposes of the CFPA.  They assert that the CFPB has authority to promulgate such a regulation and cite to various provisions of the CFPA as the source of such authority.

The trade associations indicate that their petition is filed pursuant to Section 553(e) of the Administrative Procedure Act (APA).  Section 553(e) provides that “[e]ach
agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule,” a denial of which must be justified by a statement of reasons pursuant to section 555(e) of the APA and can be appealed to the courts under sections 702 and 706 of the APA.  They also note that the APA requires that “[p]rompt notice … be given of the denial in whole or in part” of any petition under 5 U.S.C. § 553, and that any denial shall include a “brief statement of the grounds for denial.”

In Director Chopra’s recent interviews with several news reporting organizations, a persistent theme was the CFPB’s concerns about the entry of big tech companies into financial services, particularly in connection with payments and the companies’ ability to collect and monetize data about consumers.  Those concerns are the focus of a new CFPB report issued last week titled “The Convergence of Payments and Commerce: Implications for Consumers.”

The report explores the implications of recent innovations in the payments space that “may blur the traditional lines of banking and commerce” and focuses on “how large technology platforms and other emerging business models that operate outside of the traditional banking system use peoples’ sensitive spending and transaction data.”  The CFPB observes that many firms operating in the market for retail financial services are moving from seeing their customers’ value as generating revenue from using the firm’s financial products (i.e. interest and fee income) “to the customer as a source of behavioral and financial data to be leveraged and potentially sold to create an additional revenue stream.”  According to the CFPB, this means “in essence [that] the customer’s information could become a revenue source, a ‘lead generator’ for the financial institution, and if that organization so chooses, for other companies that can use the data for their own revenue generation activities.”

The report looks closely at three new product categories or “new use cases”  (“super apps,” buy-now-pay later (BNPL), and “embedded commerce”) and makes the following observations:

  • Super apps. These apps originated in China with WeChat and Alibaba and provide “a comprehensive ecosystem where users can find almost anything they need so users can stay engaged within a single app.”  The financial services offered by these apps include bill payment, person-to-person payments, insurance, and investments.   These apps “are essentially the ‘internet in an app.’”  In the U.S., instead of the “internet in an app” approach, the more targeted “bank in an app” approach is gaining traction.  Beyond mobile banking apps, this approach combines additional services related to financial services and payments to add value and retain users.  (The PayPal wallet is cited as an example of the U.S. super app.)  While super apps can be a valuable tool for consumers, “they can potentially be exploited to take advantage of consumers who aren’t fully aware of what it is that they have, and what it is that they have agreed to.”
  • BNPL.  This product was initially offered by BNPL providers partnering with individual merchants.  Consumers interacted with BNPL on the merchant partners’ website checkout pages and providers earned revenues from merchant discount fees.  Recently, BNPL providers have moved to a “lead generation” model by selling advertising space on their own apps to merchants who pay referral or affiliate fees to acquire customers, with the referral fees potentially exceeding ten percent of the transaction amount (which is several times higher than the average merchant discount fees charged in the initial BNPL model).  The newer model allows BNPL providers to use virtual debit and credit cards to make any merchant a BNPL merchant because consumers can use one-time virtual cards issued within a BNPL app at almost any merchant that accepts standard card payment methods.  The app allows a BNPL provider to track a consumer’s digital footprint and use a consumer’s purchase history to craft a personal browsing experience.
  • Embedded commerce.  This concept allows shopping to occur directly on the website or app of a social media feed rather than through traditional ad-based links to a merchant’s website.  It creates an opportunity for a social media provider to capture and sell transaction data without consumers’ awareness that their data is being monetized and increases the risk of an unwanted purchase by enabling a transaction to occur with very little activity from the consumer.  

According to the CFPB, the emerging risk in payments is “the potential that consumer financial data and behavioral data are used together in increasingly novel ways.”  The CFPB sees the closer integration of financial services providers and non-financial companies such as social media and e-commerce that is being driven by technology as creating more opportunities for companies to aggregate and monetize consumer financial data.  In the CFPB’s view, more data creates more opportunities for such data to be misused, and with “the prevalence of machine learning and algorithmic optimization in modern business,” companies have more capability “to leverage consumer financial data to achieve outcomes that may take significant financial advantage of consumers that may result from automated decision-making with limited transparency.”  The CFPB states that it “intends to carefully monitor and scrutinize these practices for potential fair lending risks, as well as the risks of unfair, deceptive, or abusive practices.”

The other emerging risks in payments highlighted by the CFPB is the potential impacts of “scale and market power.”  The CFPB is concerned that the “new use cases” will create “a new generation of dominant incumbents,” similar to how the Chinese market has evolved.  As an example, it suggests that big tech companies “may leverage massive installed consumer bases to quickly gain scale in new payment businesses” and thus “concerns about the market powers of these companies would then be extended into the payments space.”  Another CFPB example is that “a concentrated BNPL or embedded payments in a social medial market may be able to extract excess fees from merchants due to unique structural advantage arising from data and scale.”  In our view, whatever the merits of these concerns about potential anti-competitive effects, they would seem to be more appropriately addressed by the FTC rather than the CFPB.  (Director Chopra has previously raised concerns about competition that seem more properly in the FTC’s purview than that of the CFPB.)

The CFPB concludes the report by noting that it expects to issue a report on its findings from its BNPL monitoring orders and “will determine whether regulatory interventions are appropriate.”  It also notes that it seeks to mitigate the potential consequences of big tech firms moving into the real-time payments space.   

To help financial services companies manage the federal approvals, state licenses, and foreign “doing business” registrations they are required to maintain—and avoid penalties for non-compliance—Ballard Spahr has launched Ballard360 LicenSync.  LicenSync was created by the firm’s Client Value and Innovation Team working in partnership with the firm’s Consumer Financial Services Group.

The project management tool is customizable to financial services companies—from start-ups and digital innovators to established institutions—handling residential and commercial mortgages; student, consumer, and solar loans; retail installment contracts; cryptocurrencies; money transmission; and other matters.  It contains:

  • A Go-to-Market Checklist that provides support in applying for new licenses, reporting changes of control, surrendering licenses, developing policies, and managing examination responses.
  • A list of all federal approvals, state licenses, and foreign “doing business” registrations held—or applied for—by the company, along with information such as approval date and license/registration number.
  • An interactive calendar that tracks upcoming regulatory reporting obligations for approvals, licenses, and registrations maintained in the tool (e.g., Mortgage Call Reports, Money Services Business Call Reports, annual renewals, periodic reporting obligations, financial statement submissions, examination or application response deadlines) and sends automatic email reminders about upcoming filing obligations.
  • A document library that serves as a historical record of all filings and other important information involving approvals, licenses, and registrations maintained in LicenSync.
  • A section that tracks important information about surety bonds held by the company, including the approval, license, or registration; the amount; and the expiration date.

A standard LicenSync tool is offered free to Ballard Spahr clients.  While attorneys and licensing specialists working on specific engagements do charge legal fees, clients can choose to manage their own licensing portfolios for free, using their internal regulatory compliance teams.

LicenSync is completely customizable.  Companies receive reminders and updates at the time of their choosing.  Bespoke legislative tracking programs can be created to alert companies to upcoming federal and state legislative or regulatory measures, along with helpful summaries.  Companies also can work directly with the firm’s Client Value and Innovation Team to create new sections to address their specific business needs.

To learn more about LicenSync, contact Lisa Lanham (lanhaml@ballardspahr.com).  Lisa is a CFS partner and co-leader of the firm’s Fintech and Payment Solutions team who spearheaded the technology effort with the Client Value and Innovation Team.

In a blog post published on July 30 on Consumer Law and Policy Blog, Professor Jeff Sovern discusses comments from CFPB officials that the Bureau will not use the disparate effects or impact test to determine if discrimination has occurred when using its UDAAP authority.  In those comments, Director Rohit Chopra and Assistant Director Eric Halperin indicated that “unfair” for purposes of the CFPB’s UDAAP authority has its own test and that the Bureau will use that test rather than the disparate effects test when using its UDAAP authority to determine if a discriminatory practice is unfair.

For starters, it is unlikely that the CFPB does not intend to use disparate impact to determine if a practice is discriminatory.  When the CFPB announced the change to the UDAAP section of its examination manual, as an example of discrimination that it could target as unfair, it used a bank not allowing people of color to open a deposit account.  Since this would be an instance of intentional discrimination or disparate treatment, a disparate impact analysis is not necessary to determine if the bank’s practice is discriminatory. 

But how would the CFPB approach a bank policy that was race neutral on its face but resulted in a high number of people of color not being allowed to open deposit accounts?  Unless, contrary to prior statements, the CFPB only intends to target intentional discrimination as a UDAAP violation, it would presumably argue that the bank’s policy was discriminatory because of its disparate impact on people of color.  And once having made that determination, it would then decide if the policy is unfair using the UDAAP standard.  Indeed, one of the changes made to the examination manual directs examiners, when identifying  areas for potential transaction testing, to determine whether “the entity uses decision-making processes in its eligibility determinations, underwriting, pricing, servicing or collections that result in discrimination.   

Assuming this would be the CFPB’s approach, one might say the CFPB wants to have its cake and eat it too—meaning use disparate impact to establish discrimination but replace the safeguards of the next step in a disparate impact analysis with the unfairness standard.  As discussed in the white paper about the UDAAP change sent to the CFPB by four leading industry trade groups, the CFPB’s approach ignores a number of the safeguards that the U.S. Supreme Court, in its Inclusive Communities decision, said must be observed to sustain a disparate impact claim.  Those safeguards prevent disparate impact liability from attaching unless the policy or practice at issue creates “artificial, arbitrary, and unnecessary barriers,” a standard that the Supreme Court found necessary to ensure that defendants “must not be prevented from achieving legitimate objectives.”  Most significantly, when determining whether a company’s policy has a legitimate business justification, the Supreme Court recognized the importance of considering “practical business choices and profit-related decisions that sustain a vibrant and dynamic free-enterprise system.”

In contrast, under the UDAAP unfairness standard, a policy is unfair if (1) it causes or is likely to cause substantial injury to consumers, (2) the injury is not reasonably avoidable by consumers, and (3) the injury is not outweighed by countervailing benefits to consumers or to competition.  Once a policy is found to have a disparate impact, it would seem to be a foregone conclusion that the CFPB would find the first two prongs of the unfairness standards to be present.  And it seems likely the CFPB would give little or no weight to “practical business choices and profit-related decisions” in applying the third prong.

According to Professor Sovern, the outcome is likely to be the same whether the  CFPB uses the unfairness standard or a disparate impact test—namely the policy would be unlawful under either analysis.  However, without the safeguards required by the Supreme Court’s decision, it seems much more likely that a company’s policy would be deemed unlawful when the unfairness standard is used than when a  disparate impact analysis is used.  We do not see any reasoned basis for finding that a company has engaged in unlawful discrimination in connection with non-credit transactions when the same policy, if used in connection with credit transactions, would be found to be lawful under a disparate impact analysis.  Professor Sovern may be right that a policy that would fail the disparate impact test is likely to also be unfair.   But instead of wondering how often conduct will fail the disparate impact test but not be unfair, we think Professor Sovern should be wondering how often conduct might PASS the disparate impact test but nevertheless be deemed unfair. 

Putting aside the disparate impact issue, I continue to take issue with the underlying premise of Professor Sovern’s blog post – namely, that the CFPB can use the “unfairness “ prong of UDAAP to target  discrimination in connection with credit and non-credit consumer financial products and services.  Moreover, even if the CFPB’s interpretation of “unfairness “is correct, hopefully, Professor Sovern would agree with me that this is the type of major pronouncement that should be accomplished through a notice-and-comment UDAAP rulemaking rather than by unilaterally amending the CFPB’s examination manual (which technically only applies to certain mega-banks and non-banks).  All stakeholders (consumers and industry alike) should have been given the opportunity to comment on such an important change in the law.  

Three Republican House members sent a letter last week to CFPB Director Chopra raising questions about the Bureau’s relationship with state attorneys general and its interpretive rule issued in May 2022 regarding the authority of state attorneys general and state regulators (State Officials) to enforce the Consumer Financial Protection Act (CFPA).

In the interpretive rule, the CFPB described the authority of State Officials under CFPA Section 1042(a) as follows:

  • Because CFPA Section 1036(a)(1)(B) makes it unlawful for a “covered person” or “service provider” to “engage in any unfair, deceptive, or abusive act or practice,” State Officials can use Section 1042(a) to bring an enforcement action against a covered person or service provider that engages in unfair, deceptive, or abusive acts or practices.
  • Because CFPA Section 1036(a)(1)(A) makes it unlawful for a “covered person” or “service provider” to “offer or provide to any consumer any financial product or service not in conformity with Federal consumer financial law,” State Officials can use Section 1042(a) to bring an enforcement action against a covered person or service provider for a violation of any Federal consumer financial law even if they cannot enforce such laws directly.  In addition to the CFPA, “Federal consumer financial laws” include the 18 “enumerated consumer laws” listed in the CFPA and their implementing regulations, such as the Truth in Lending Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, the Electronic Fund Transfer Act, and the Real Estate Settlement Procedures Act. 
  • Although the CFPA (in Sections 1027 and 1029) limits the CFPB’s enforcement authority as to certain categories of covered persons (e.g. motor vehicle dealers, attorneys, persons regulated by a state insurance regulator, persons regulated by the SEC or a state securities commission), those limitations generally do not apply to State Officials exercising their enforcement authority under Section 1042.
  • State Officials can bring (or continue) actions under Section 1042 even if the CFPB is pursuing a concurrent action against the same entity.

In their letter, the lawmakers stated that it has come to their attention that the CFPB “may be colluding with states contrary to the [CFPA].”  They asserted that while “state attorneys general may enforce the CFPA in cases where the CFPB has not,” the CFPA “does not allow for a state attorney general to become a party to an existing CFPB enforcement action.”  According to the lawmakers,”[i]t is therefore inappropriate for the CFPB to recruit a state attorney general that is not otherwise investigating a company, to pursue enforcement as a means of intimidation.”

The lawmakers asserted that the effect of the interpretive rule is “different from solely enforcing the law” and instead “is more akin to deputizing state attorneys general to enforce the CFPA on behalf of the CFPB—something Congress did not authorize.”  They also asserted that the interpretative rule allows the CFPB to “forum shop across the country to find friendly attorneys general willing to bring cases on behalf of the Bureau, rather than the process that Congress intended, whereby attorneys general bring a case to the CFPB when appropriate.”  The lawmakers’ letter includes a series of questions to which they request responses by August 12.

In our view, the interpretive rule has the practical effects of allowing the CFPB to expand its enforcement staff and increasing the burden on an investigation target, both in terms of document production and the production of witnesses, who may be required to testify in more than one proceeding.  (Both the states and the CFPB routinely ask for copies of deposition transcripts in other enforcement matters, which creates the potential for a witness to be impeached with prior testimony on the same subject matter.)  Beyond allowing the CFPB to add State Officials to its enforcement staff, the interpretive rule can further expand the CFPB’s resources to include organizations that have a close relationship with State Officials.  For example, the Consumer Protection Division of the Massachusetts Attorney General’s Office has a close relationship with the Harvard Legal Aid Bureau. Finally, the interpretive rule allows states to inquire into areas where the CFPB has no enforcement authority, thereby attempting to ensure that even where the CFPA has limited the CFPB, enforcement activity nevertheless will occur.

On the other hand, the interpretive rule may lead to some unintended consequences.  By encouraging State Officials to conduct parallel investigations, and to the extent those investigations lead to litigation, the CFPB is inviting litigation by different agencies that may pursue different litigation priorities and achieve different and inconsistent results in court.  Further, parallel investigations may make global resolution—including any state conducting an investigation—an imperative, to avoid the overpayment that would occur by settling sequentially with the CFPB and then the states.

Given that collaboration between the CFPB and State Officials can be expected to increase, it is imperative that companies facing potential enforcement activity consult counsel with the experience needed to navigate both the CFPB and the offices of State Officials.  

The Federal Trade Commission (“FTC”) is seeking public comment on proposed changes to its guides concerning the use of endorsements and testimonials in advertising.  FTC guides are advisory in nature and intended to assist businesses in complying with laws administered by the FTC. 

Endorsements and advertisements are defined broadly to mean any advertising message that a consumer is likely to believe reflects the opinions, beliefs, findings, or experiences of a third-party.  16 CFR § 255.0.  Currently, FTC guides provide that endorsements must reflect the honest opinions, findings, beliefs, or experiences of the endorser.  16 CFR § 255.1.  Endorsements may not contain any representations that would be deceptive or that could not be substantiated.  Id.  If the endorser’s experience is not generally representative, the advertisement should clearly and conspicuously disclose what the generally expected performance should be.  16 CFR 255.2.  And when there is a connection between the endorser and the advertiser, that connection must be fully disclosed.  16 CFR 255.5.

Many of the proposed changes are simply clarifications or changes to illustrative examples.  Other changes establish principles not previously present in the guidelines.  The FTC has proposed the following noteworthy changes to its guides:

  • revise the definition of endorsement to include marketing and promotional messages. Tags on social media may also be considered endorsements under the proposed guidelines;
  • change the definition of “product” to include “brand;”
  • clarify that a “clear and conspicuous” disclosure means a disclosure that “is difficult to miss (i.e., easily noticeable) and easily understandable by ordinary consumers;”
  • add that endorsements in advertisements addressed to children may be of special concern because of the character of the audience.  Practices that would not ordinarily be questioned in advertisements to adults might be questioned in advertisements directed at children;
  • note that when a claim in an advertisement is visual, required disclosures should be at least visual. When the claim is audible, the disclosures should be at least audible;
  • explain that endorsers and not just advertisers may be liable for their statements such as when they make representations they know or should know to be deceptive;
  • provide that using the likeness of a person that is not the actual endorser is deceptive if it misrepresents a material attribute; and
  • clarify that disclosures of the connection between advertisers and endorsers must be “clear and conspicuous;”

Comments regarding the proposed amendments must be received on or before September 26, 2022. Comments captioned “Endorsement Guides P204500” may be submitted at https://www.regulations.gov.

For more information on recent FTC activity impacting advertising and endorsements, please consider listening to our May 5, 2022 podcast with Guest Malini Mithal, Associate Director of the FTC Division of Financial Practices.

We first review the views expressed by Director Chopra and CFPB actions taken under his leadership that led the Chamber to launch its campaign.  We then discuss the campaign’s specific components, which consist of digital ads, Freedom of Information Act requests, and letters to Director Chopra.  Our discussion includes an in-depth look at the basis for the Chamber’s view that the CFPB has acted unlawfully in connection with changes to its UDAAP examination procedures, revisions to its rules for administrative proceedings, rule change to make public a decision establishing risk-based supervision of a company, and its interpretive rule on enforcement of federal consumer financial protection laws by state attorney generals.  We also discuss the litigation challenging the constitutionality of the CFPB’s funding.

Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation.

To listen to the episode, click here.

The FDIC has issued an “Advisory to FDIC-insured institutions Regarding Deposit Insurance and Dealings with Crypto Companies” to address the agency’s concerns regarding misrepresentations about FDIC deposit insurance by certain crypto companies.  Of particular concern to the FDIC is the risk that consumer confusion or harm can arise from crypto assets offered by, through, or in connection with an insured bank particularly when a non-bank offers crypto assets to its customers while also offering an insured bank’s deposit products.

The FDIC’s concern arises out of recent market turmoil that has resulted in the suspension of withdrawals or a halt in operations by some crypto companies.  According to the FDIC, “these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.”

The first portion of the advisory addresses risks and concerns.  The FDIC identifies two issues that can create customer confusion.  The first issue is when FDIC deposit insurance applies.  The FDIC indicates that FDIC deposit insurance does not protect a non-bank’s customers against the default, insolvency, or bankruptcy of any non-bank, including crypto custodians, exchanges, brokers, wallet providers, or other entities that appear to mimic banks but are not, called “neobanks.”  The second issue is what products are FDIC insured.  The FDIC indicates that FDIC deposit insurance covers deposit products offered by insured banks but does not apply to non-deposit products, such as stocks, bonds, money market mutual funds, securities, commodities, or crypto assets.

The FDIC observes that in addition to potential consumer harm, customer confusion can lead to legal risks for banks if a crypto company, or other third-party partner of an insured bank, makes misrepresentations about the nature and scope of deposit insurance.  It also identifies liquidity risk to banks, which can potentially result in earnings and capital risk, if misrepresentations and customer confusion causes concerned consumers to move funds from insured banks.

The second portion of the advisory addresses risk management and governance considerations.   These considerations consist of the following:

  • Insured banks must assess, manage, and control risks arising from all third-party relationships, including those with crypto companies.
  • Insured banks should confirm and monitor the crypto companies they deal with to ensure such companies do not misrepresent the availability of deposit insurance, and should take appropriate action to address any misrepresentations.
  • Communications related to deposit insurance must be clear and conspicuous.  Non-banks, such as crypto companies, that advertise or offer FDIC-insured products in relationships with insured banks could reduce consumer confusion by clearly and conspicuously: (a) stating that they are not an insured bank; (b) identifying the insured bank(s) where any customer funds may be held on deposit; and (c) communicating that crypto assets are not FDIC-insured products and may lose value.
  • Insured banks that are involved in relationships with non-banks that offer deposit products as well as non-deposit products, such as crypto assets, can help minimize customer confusion and harm by carefully reviewing and regularly monitoring the non-bank’s marketing material and related disclosures to ensure accuracy and clarity.  (While not expressly stated by the FDIC, the FDIC would likely expect such review and monitoring to include whether a non-bank partner has taken the steps suggested by the FDIC to reduce consumer confusion.)
  • Insured banks should have appropriate risk management policies and processes to ensure that any services provided by, or deposits received from any third-party, including a crypto company, comply with all laws and regulations.
  • Because the FDIC’s regulation on misrepresentation of insured status can apply to non-banks, such as crypto companies, insured banks should determine if their third-party risk management policies and procedures effectively manage crypto-asset-related risks, including compliance risks related to the regulation.

On July 29, the Federal Trade Commission (“FTC”) announced a settlement with First American Payment Systems LP, a Texas-based nationwide payment processor, and two of its sales agent affiliates, Think Point Financial LLC and Eliot Management Group LLC (collectively, “First American”), in an action alleging hidden terms, “surprise” exit fees, and charges made to merchants without their consent.  Under the proposed stipulated order, First American has agreed to repay $4.9 million in redress to merchants.           

According to the FTC, First American made false claims regarding fees and costs to induce merchants, many of whom are small businesses – including sole proprietorships and individuals who did not speak English –  to enroll in its payment processing services.  First American and its sales agents purportedly made representations to merchants that their total monthly fees would be low and provided projections of monthly savings that failed to account for annual or semi-annual rate pricing increases.  Once enrolled, First American allegedly withdrew funds from the merchants’ accounts without their consent and made it difficult and costly to cancel their service. 

The FTC’s complaint states claims for violations of Section 5 of the FTC Act for misrepresentations made to merchants regarding monthly fees and the ability to cancel contracts, deceptive claims that customers would save a significant amount of money using their services, and unfair debiting practices, specifically withdrawing money from customers’ bank accounts after they had revoked authorization to do so.  The action also includes claims for violations of the Restore Online Shoppers’ Confidence Act (“ROSCA”), a law which, among other things, prohibits charging consumers for goods and services sold in online transactions with a “negative option”–where consumer silence or failure to affirmatively reject goods or services or cancel the contract is interpreted as acceptance–without clear and conspicuous disclosures, express informed consent, and a mechanism to stop recurring charges. 

Because ROSCA is a consumer protection statute, the FTC’s allegations of ROSCA violations in a case involving customers that are small businesses is noteworthy.  ROSCA does not define “consumer” but it incorporates the FTC’s enforcement authority under the FTC Act.  First American’s alleged failure to comply with ROSCA also constitutes an unfair or deceptive practice under Section 5 of the FTC Act, according to the FTC.  Last October, the FTC issued a policy statement regarding negative option marketing intended “to put companies on notice that they will face legal action if their sign-up process fails to provide clear, up-front information, obtain consumers’ informed consent, and make cancellation easy.”

Also noteworthy are the allegations related to First American’s online enrollment system and presentment of the contractual terms.  According to the FTC, First American’s enrollment system for new customers hid the fact that merchants were agreeing to a three year term that would automatically renew and that they would be charged a $495 cancellation fee.  The enrollment screen in which the merchants agreed to the terms and conditions of the contract did not include the full agreement or any mention of the contract term, early-termination fee, auto-renewal provision, or cancellation requirements.  Rather, it included hyperlinks to additional documents with those material terms.  Merchants could click to accept the contract without having to first click on the hyperlinks to review those terms.  In situations where merchants did cancel their contracts, the FTC alleges First American failed to provide a “simple mechanism” to stop recurring charges, including failing to disclose cancellation or ACH revocation requirements.  As a result, in addition to the cancellation charge, many merchants continued to have their accounts auto-debited after cancellation.

Under the terms of the proposed stipulated order, filed in a Texas federal district court, First American does not admit or deny the allegations in the complaint.  Law360 reported that First American issued a statement in which it “flatly denies” the allegations, claiming the FTC’s allegations are “one-sided and based on a flawed understanding of our business and industry,” but indicates that it agreed to settle with the FTC in order to avoid a protracted legal battle. 

Under the stipulated order, First American is enjoined from engaging in the practices alleged and must disclose specific terms and cancellation procedure, and obtain express informed consent to all terms and express authorizations to debit accounts as explicitly detailed in the settlement.  They must also establish and maintain a compliance program.  First American is enjoined from collecting early termination fees from merchants who enrolled before April 6, 2020 and must pay a monetary judgment of $4.9 million to the FTC to provide redress to impacted merchants.    

This matter is the most recent example of the FTC’s focus on small businesses and increasing use of Section 5 of the FTC Act, and now ROSCA, to protect small businesses.  It is also part of a growing body of legislative, regulatory, and enforcement activity on the federal and state levels directed at protecting small businesses from practices that are targeted by consumer protection laws.

On July 29, 2022, the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) issued a notification letter (the “joint letter”) to “remind” auto lenders and leasing companies of the protections provided to servicemembers and their dependents under the Servicemembers Civil Relief Act (SCRA).  The joint letter provides a very basic overview and reminder of the vehicle repossession protections, early vehicle lease termination rights, and interest rate cap available to eligible servicemembers under the SCRA.

July was Military Consumer Month, which likely explains the timing of the joint letter.  The CFPB press release announcing the joint letter cites to a 2020 CFPB report that was recently discussed in a July 2022 CFPB blog post titled “Protecting servicemembers from costly auto loans and wrongful repossessions.”  According to that report, titled “Financially Fit? Comparing the Credit Records of Young Servicemembers and Civilians,” approximately 20 percent of young servicemembers have at least $20,000 in auto debt by the age of 24.  This is a significantly higher percentage of civilian borrowers in that age cohort.  According to the CFPB, young servicemembers also generally have higher delinquency and repossession rates than civilians of the same age, although those rates level off after five years of active duty service.  The press release announcing the joint letter also cites to the CFPB’s Spring 2022 Supervisory Highlights, which states that CFPB examiners have continued to identify wrongful repossessions and unfair acts and practices by auto servicers, albeit not in the context of military borrowers protected by the SCRA.

The three SCRA provisions identified in the joint letter impacting auto finance companies are:

  • Vehicle Repossession Protection:  Under 50 U.S.C. §3952, installment contracts for purchase or lease of real or personal property (including motor vehicles), or the lease or bailment of such property, may not be rescinded or terminated for breach of contract during a person’s military service, and the property may not be repossessed without a court order.  The onus is on the auto finance company to identify customers who are servicemembers entitled to this protection.  The Department of Defense Manpower Data Center (DMDC) database is the primary tool used to identify customers who are on active duty and entitled to the protection. 
  • Early Vehicle Lease Termination:  Under 50 U.S.C. § 3955, a person who leases a motor vehicle and thereafter enters into military service during the term of the lease (or is in the military when they enter the lease and then receives orders for a permanent change of station or deployment for 180 days or more) may terminate their lease early, without penalty.  This provision also requires the refund of all lease amounts paid in advance.
  • The 6% Interest Rate Cap:  Under 50 U.S.C. § 3957, the interest rate of an obligation or liability incurred by a servicemember before they enter active duty military service is capped at 6% for their period of active duty.  This benefit must be requested in writing by the servicemember and be accompanied by their orders or other appropriate indicator of military service.  This request may be made up to 180 days after leaving military service.  Any interest above the cap must be forgiven (not deferred) back to the first day of SCRA eligibility, which may obligate the creditor to provide a refund of the excess interest to the servicemember.  In addition, the creditor may not accelerate the payment of principal when implementing the rate change, so a careful reamortization of the obligation is required.  Issues with the application of the SCRA’s interest rate cap are not uncommon during regulatory exams, so we encourage loan servicers to consult with counsel to ensure their methodology for implementing the SCRA’s interest rate cap is compliant.

In addition to the SCRA provisions above that were discussed in the joint letter, DOJ has recently brought two enforcement actions involving motor vehicles that alleged violations of 50 U.S.C. § 3958, the SCRA’s prohibition against foreclosing or enforcing a lien on the property or effects of a servicemember during a period of military service (or 90 days thereafter) without first obtaining a court order.  As with the SCRA’s protections against repossession (§ 3952), mortgage foreclosure (§ 3953), and default judgments (§ 3931), the burden is on the party enforcing their contractual right to proactively determine if the borrower is a servicemember.  DOJ, which has enforcement authority over SCRA, has brought seven actions under the SCRA since 2021, four of which involve motor vehicles.  A list of all DOJ SCRA cases, sortable by year, can be found here.

In December 2021, DOJ and the CFPB issued a similar joint notification letter to landlords and mortgage servicers.  Those letters discussed the SCRA’s protections against foreclosure and evictions, as well as forbearance options under the CARES Act. 

We expect renewed regulatory focus on the SCRA’s interest rate cap as the rate environment changes and interest rates continue to rise.  It is clear that motor vehicles and auto finance have been a focus of DOJ in their enforcement actions and the CFPB in its use of the bully pulpit.  Additionally, the SCRA’s protections against foreclosures and evictions will become more of an issue as default rates rise.  Loan servicers of all products should ensure they have controls in place to comply with the SCRA’s varied provisions.