A group of 24 Democratic state attorneys general and the D.C. attorney general have submitted a comment letter to the CFPB setting forth their opposition to the CFPB’s proposal to delay the compliance date for the ability-to-repay (ATR) provisions of its final payday/auto title/high-rate installment loan rule (Payday Rule).  They conclude their letter by threatening to “closely examine whether to take action to address any unlawful action by CFPB” should the CFPB finalize the proposed delay.  (The AGs state in the letter that they will be submitting another comment letter opposing the CFPB’s proposal to rescind the Payday Rule’s ability-to-repay (ATR) in their entirety.)

The comments made by the AGs include the following:

  • The reasons cited by the CFPB in its proposal for “contradicting” its prior UDAAP analysis and prior analysis for setting the August 19, 2019 compliance date “are woefully insufficient and therefore arbitrary and capricious in violation of the [Administrative Procedure Act].”
  • The AGs reference the CFPB’s statement that certain “potential obstacles to compliance” by the August 19 date, specifically recently-enacted changes to state laws and third-party software vendor issues, were unanticipated when the August 19 date was set.  According to the AGs, the state law changes were not unanticipated and instead were taken into account when the August 19 date was set.  With regard to third-party vendor issues, the AGs assert that the “CFPB’s description of these software and vendor implementation impediments is vague, anecdotal, and unsubstantiated; and therefore, this ‘obstacle’ is not a valid basis for delay.”
  • The proposal fails to provide a factual justification for ignoring the Payday Rule’s findings with respect to consumer benefits.
  • Although the CFPB has not proposed to delay the compliance date for the Payday Rule’s payment provisions, the AGs suggest that the CFPB might attempt to do so during the rulemaking process and assert that “no delay is appropriate to any aspect of the [Payday Rule’s] compliance date” and that the payment provisions should go into effect “as scheduled” on August 19, noting that “lenders will have had 21 months to prepare for the Payment Provisions by the time they become effective.”

To the extent the “action” threatened by the AGs is a lawsuit asserting a challenge under the Administrative Procedure Act to a final rule delaying the compliance date for the ATR provisions, it is uncertain whether the AGs would have standing to bring such a lawsuit.

On March 7, New Jersey Attorney General Gurbir S. Grewal and the Division of Consumer Affairs announced the filing of a lawsuit against two “Buy Here-Pay Here” auto dealerships and their owner for allegedly unconscionable and deceptive lending practices.

The complaint alleges that defendants sold high-mileage, used autos at grossly inflated prices with excessive down payments; financed the sales through in-house loans with high interest rates and “draconian” terms that created a high risk of default; and then repossessed and resold the vehicles over and over again to different consumers in a practice they refer to as “churning.” The defendants also allegedly engaged in deceptive advertising, failed to disclose the damage and/or required substantial repair and bodywork required for used motor vehicles, and failed to provide consumers with complete copies of signed sales documents, including financing agreements. The complaint alleges that these practices violated the New Jersey Consumer Fraud Act, the New Jersey Motor Vehicle Advertising Regulations, the Automotive Sales Regulations, and the state Used Car Lemon law and regulations.

At the crux of this complaint is the State’s belief that defendants expected that their customers would not be able to make their payments – allegedly evidenced by the fact that the dealerships required buyers to sign documents agreeing to not keep any personal possessions in their vehicles and to rekey the vehicles and provide the dealer with a copy of the keys within seven days of purchase. In one of its examples, the State highlights the fact that a used vehicle was sold to “a twenty-two year old consumer making $10 an hour” at an APR of 23.99% with a total payment of $9,848.

In addition to significant civil money penalties, the State is seeking to permanently close the two subject car dealerships and ban the owner from ever operating a car dealership again. We view the case as more evidence that states appear to be stepping up their scrutiny of high-cost financing offered to used car buyers.

On March 7, 2019, the DOJ announced the largest coordinated sweep of elder fraud cases to date. Joined by the FBI and other federal and state partners, the DOJ held a press conference detailing the results of the coordinated effort. Coordinated law enforcement actions in the past year, they said, resulted in criminal cases against more than 260 defendants who victimized more than 2 million Americans, most of them elderly. In each case, the offenders allegedly engaged in financial schemes that targeted or largely affected seniors. Losses are estimated to have exceeded more than $750 million. The DOJ released an interactive list of the elder fraud cases.

The sweep was primarily focused on the threat posed by technical-support fraud, an increasingly common form of elder fraud in which criminals trick victims into giving remote access to their computers under the guise of providing technical support. The DOJ partnered with the FBI, U.S. Postal Inspection Service, the Department of Homeland Security, state Attorneys General and the U.K.’s City of London Police to investigate and prosecute perpetrators of technical-support fraud.

Since many of those prosecuted as a part of the elder fraud sweep cases – including technical-support fraud and mass mailing elder fraud cases – allegedly involved transnational criminal organizations, the DOJ and Postal Inspection Service worked with numerous countries to secure evidence and extradite defendants. The sweep also took comprehensive action against the money mule network that facilitates foreign-based elder fraud. The DOJ defines a money mule as “someone who transfers money acquired illegally in person, through the mails, or electronically, on behalf of others.” With assistance from the Secret Service and Homeland Security, the FBI and Postal Inspection Service took action against over 600 alleged money mules. Additionally, the sweep benefited from assistance from foreign law enforcement partners.

The sweep also had a public education campaign focused on technical-support fraud. The DOJ coordinated with the FTC and State Attorneys General in designing and disseminating messaging material intended to warn consumers and businesses. Public education outreach is being conducted by various state and federal agencies, to educate seniors and prevent further victimization.

The coordinated effort reflects the increasing focus of federal and state regulators on elder financial abuse. In February, the CFPB’s Office of Financial Protection for Older Americans issued a report providing guidance to financial institutions on combating elder abuse. As we have previously observed, elder financial abuse prevention can be viewed as falling within a financial institution’s general obligation to limit unauthorized use of customer accounts as well as its general privacy and data security responsibilities. Thus, a financial institution that fails to proactively implement an elder financial abuse prevention program risks regulatory investigation. Additionally, a depository institution subject to CFPB supervision should expect CFPB examiners to look at its program for preventing elder financial abuse. Further, many states have laws that address elder financial abuse, in some instances requiring mandatory reporting, without providing protection to the bank, while in others including providing immunity for banks who implement transaction holds when staff members observe financial exploitation.

The CFPB and New York Attorney General have filed their opening briefs in their appeals to the Second Circuit in RD Legal Funding.  The CFPB filed an appeal from Judge Preska’s June 21, 2018 decision, as amended by her September 12 order, in which she ruled that the CFPB’s single-director-removable-only-for-cause structure is unconstitutional, struck the CFPA (Title X of Dodd-Frank) in its entirety, and dismissed the CFPB from the case.  The NYAG filed an appeal from Judge Preska’s dismissal on September 12, 2018 of all of the NYAG’s federal and state law claims, and her subsequent September 18 order amending the September 12 order to provide that the NYAG’s claims under Dodd-Frank Section 1042 were dismissed “with prejudice.”  (Section 1042 authorizes state attorneys general to initiate lawsuits based on UDAAP violations.)

Both the CFPB and NYAG argue that the CFPB’s structure is constitutional under controlling U.S. Supreme Court precedent and that if the Second Circuit determines that the Dodd-Frank Act’s for-cause removal provision that limits the President’s authority to remove the CFPB Director is unconstitutional, it should sever the provision rather than strike all of Title X as Judge Preska did.

The NYAG makes the following two additional arguments:

  • Even if the Second Circuit concludes that the for-cause removal provision cannot be severed from Title X, it should not invalidate Dodd-Frank Sections 1041 or 1042.  As noted above, Section 1042 authorizes state AGs to enforce the CFPA’s UDAAP prohibition.  Section 1041 preserves state consumer protection laws to the extent they are not inconsistent with the  provisions of Title X.  The NYAG argues that these provisions are “wholly unrelated” to the for-cause removal provision.
  • Even if the Second Circuit concludes that the CFPB’s structure is unconstitutional and strikes Title X in its entirety, the Second Circuit must nevertheless reverse the district court’s dismissal of the NYAG’s state law claims for lack of subject matter jurisdiction.  According to the NYAG, the district court has jurisdiction because such claims involve an embedded federal issue, namely whether the federal Anti-Assignment Act (AAA) voids only the assignment of a substantive claim against the United States, or whether it also voids the assignment of the proceeds of such a claim in a private contract.  (RD Legal Funding purchased at a discount, for immediate cash payments, benefits to which consumers were ultimately entitled under the September 11th Victim Compensation Fund of 2001 (VCF).  The district court concluded that the assignments of VCF benefits were void under the AAA.)

The CFPB’s defense of its constitutionality is at odds with the position of the Department of Justice.  In opposing the petition for certiorari filed by State National Bank of Big Spring (which the Supreme Court denied), the DOJ argued that while it agreed with the bank that the CFPB’s structure is unconstitutional and the proper remedy would be to sever the Dodd-Frank for-cause removal provision, the case was a poor vehicle for deciding the constitutionality issue.  If the CFPB’s structure is found to be unconstitutional, and severing the for-cause removal provision is determined to be the appropriate remedy, a Democratic President might have the ability to remove Ms. Kraninger without cause before the end of her five-year term.

The Bureau’s constitutionality is also currently before two other circuits, the Ninth and Fifth Circuits.  On January 9, 2019, the Ninth Circuit heard oral argument in Seila Law.  On March 12, 2019, the Fifth Circuit heard oral argument in All American Check Cashing’s interlocutory appeal.



The FTC has issued its 2018 Consumer Sentinel Network Data Book. The report summarizes consumer complaints stored in the Consumer Sentinel Network, a secure online database.

For 2018, imposter scams top the list of reported complaint categories, accounting for 18% of the almost 3 million consumer reports summarized in the Data Book. Debt collection—which had crowned the list in 2017—falls to second, with 16% of all reports. Identity theft is third, with 15%.

The Data Book also provides several observations related to the general complaint categories, including the following:

  • There were more than 535,000 imposter scams reported, with almost 20% of the reported incidents resulting in a monetary loss. Nearly half of these reported scams involved government imposters that falsely claimed to be from the IRS, Social Security Administration, other government agency to get victims to turn over money and/or personal information.
  • Debt collection reports (including reports regarding, e.g., repeated calls, false representations of amount or status of a debt, failure to send written notice of a debt, false threats of suit, use of profanity, failure to identify as a debt collector, etc.) declined by 24% from 2017.
  • Credit card fraud was the most common type of identity theft report. The FTC received over 167,000 reports from people who claimed that their information was either misused on an existing account or used to open a new credit card account.The Data Book also separately analyzes reports made by military consumers, including active duty service members, military dependents, inactive reserve members, and veterans. Of 122,519 total reports by military consumers, imposter scams top the list at 29% of the reports, followed by identity theft at 23%. In contrast to the general population, however, debt collection reports account for only about 5% of the total reports by military consumers.
  • Additionally, the Data Book provides state-by-state breakdowns and comparisons. Florida, Georgia, Nevada, Delaware, and Tennessee had the highest fraud reports per capita. Georgia, Nevada, California, Florida, and Texas had the highest identity theft reports per capita.  Notably, the Data Book’s summary excludes reports related to the National Do Not Call Registry and reports about unsolicited commercial email.

While the FTC releases its annual Data Book to the public, only law enforcement organizations—including the CFPB and state attorney generals—can access the Consumer Sentinel Network database itself. This database houses reports from numerous sources, including consumer complaints made through sources including, among others: the FTC’s call center or websites, such as IdentityTheft.gov, a resource for identity theft victims, and Econsumer.gov, a site designed to promote cross-border information sharing regarding internet fraud; Better Business Bureaus for 100 different regions; PrivacyStar, a service that identifies who is calling and why; the CFPB; Publishers Clearing House; Microsoft Corporation Cyber Crime Center; and state law enforcement agencies.

The Data Book acknowledges that it is based on “the unverified reports filed by consumers.” Nevertheless, its summaries and the Consumer Sentinel Network are intended to assist law enforcement “to spot trends, identify questionable business practices and targets, and enforce the law.” Thus, as we have previously observed, minimizing the number of consumer complaints made to the FTC, CFPB, BBB, and other consumer watchdogs is an essential first step to avoid ending up on a regulator’s radar.

On March 6, 2019, a California subprime auto lender, California Auto Finance, agreed to enter into a consent order with the Justice Department related to allegations that it repossessed vehicles in violation of the Servicemembers Civil Relief Act (SCRA). Under the terms of the consent order, which is still subject to court approval, California Auto Finance must pay $50,000 in civil penalties to the government and $30,000 in compensation to one individual servicemember – the highest amount the Department has ever recovered for one servicemember. The lender also agreed to implement procedures to ensure SCRA compliance in the future.

The Justice Department initiated the investigation after receiving a complaint in November 2016 from United States Army Private Andrea Starks alleging that California Auto Finance repossessed her vehicle without a court order from her grandmother’s home on the first day of her military training. As a result of the investigation, the Justice Department determined that California Auto Finance did not have SCRA compliance policies in place and had also improperly repossessed the vehicle of another servicemember, U.S. Army Specialist Omar Martinez, during his first month of military training. Because of the repossession’s impact on Specialist Martinez’ credit, he was unable to purchase a new car and had to rely on rideshares and taxis for over a year. According to a Justice Department press release, California Auto Finance reached a private settlement with Private Starks. As part of the consent order, it agreed to pay Specialist Martinez $30,000.

The Consent Order signals the Justice Department’s continued interest in enforcing the SCRA and safeguarding the rights of military members under the Trump Administration. Since 2011, the Justice Department has obtained over $469 million in monetary relief for over 119,000 servicemembers through its enforcement of the SCRA. Attorney General Eric Dreiband for the Department of Justice’s Civil Rights Division stated: “We will continue to vigorously pursue lenders who fail to take the simple steps necessary to determine, before repossessing a car, whether it belongs to a servicemember. Servicemembers who are going through basic training or another kind of military service should not have to worry that their cars will be repossessed with no court supervision during their time of service to our country.

New proposed legislation in California, backed by state Attorney General (“AG”) Xavier Becerra, would amend the new California Consumer Privacy Act (“CCPA”) to make it easier for private plaintiffs and public officials to sue for violations while further increasing regulatory uncertainty and compliance costs for businesses. Specifically, SB 561 would expand the CCPA’s private right of action, remove the Act’s public enforcement “cure” provision, and eliminate the ability of affected companies to seek compliance guidance from the AG.

The CCPA is a sweeping new privacy law which goes into effect in January 2020. It gives California residents substantial control over personal data held by certain California businesses, requiring disclosure of what personal information the business collects, how that information is used or sold, and allowing consumers to control or delete that information upon request. It currently allows private plaintiffs to seek statutory damages of up to $750 per violation for certain violations, and it allows the AG to seek civil penalties of up to $2,500 for most violations, and up to $7,500 for violations found to be intentional.

SB 561 would make three key changes to the Act:

  • Expanding the private right of action—As written, the Act appears to provide a private right of action only when a consumer’s personal information was subject to an avoidable data breach. However, some speculated that allegedly ambiguous language in the statute could support a private right of action for any violation. SB 561 would resolve this ambiguity by expressly providing a broad private right of action to any consumer “whose rights under this title are violated.”
  • Removal of the public enforcement cure period—Currently, the Act provides that the AG may only bring an action after a business fails to cure an alleged violation within thirty days after being notified of alleged noncompliance. SB 561 removes this notification requirement, allowing the AG to bring enforcement actions immediately.
  • Elimination of AG compliance opinions—As of now, the Act provides a mechanism to seek a legal opinion from the Attorney General about compliance with the Act. SB 561 does away with this right, and instead provides that the AG may publish materials giving businesses and others general guidance on how to comply with the Act.

In announcing his support of SB 561, Attorney General Becerra said that the amendments are needed to eliminate the requirement that his office provide compliance advice to businesses “at taxpayers’ expense,” and to nullify a “free pass” for businesses to cure violations before enforcement could occur. This statement suggests that the AG is likely to be active in enforcing the CCPA once it goes into effect next year.

Businesses should continue to monitor legislative activity and rulemaking concerning the CCPA, as further amendments and the final implementing regulations are likely forthcoming soon. Given the approaching effective date and the possibility that it will not be extended by further amendments or the implementing regulations, there may not be a great deal of time in which to comply with revised requirements.

On March 20, 2019, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar, “The California Consumer Privacy Act: What Comes Next?” The webinar registration form is available here.

A bill (AB 1428) has been introduced in the California Assembly that would apply to a “business” that uses prepaid cards to make refunds to customers located in California.  The bill would require such a business to allow the customer to choose whether to get the refund by prepaid card, check, or a refund back to the original form of payment.

For purposes of this requirement, a “business” is defined as “a proprietorship, partnership, corporation, or other form of commercial enterprise” but does not include “a retail establishment or restaurant.”  The term “customer” is not defined.  As a result, the bill could be read to apply to refunds to business entities.



A bill introduced last week in the California State Assembly could change the consumer lending landscape in California considerably. The bill, AB 539, would change several aspects of the California Financing Law (CFL), including setting new interest rate caps, imposing new rules governing loan duration, and prohibiting prepayment penalties. Additionally, AB 539 would change the CFL to make clear that a loan’s rate cannot be used as the sole factor in determining whether a loan is unconscionable. According to the bill’s authors, these changes are necessary because of the “looming threat of a potential ballot initiative,” and due to the uncertainty caused by the California Supreme Court’s recent De La Torre decision which opened the door for borrowers to claim that high-rate consumer loans are unconscionable.

AB 539 would make these changes to the CFL:

  • At present, the CFL does not set a maximum interest rate on loans of $2,500 or more. AB 539 would cap the interest rate at 36% plus the federal funds rate (2.4% as of today) on loans of $2,500 or more but less than $10,000.
  • The CFL provides certain factors to determine whether a loan is of a “bona fide principal amount” or if there has been some artifice to evade regulation under the CFL. AB 539 would apply these factors to loans of $2,500 or more but less than $10,000.
  • At present, the CFL prohibits loans of at least $3,000 but less than $5,000 from having a term greater than 60 months and 15 days. AB 539 would increase this upper limit from $5,000 to $10,000.
  • At least for loans in excess of $2,500 up to $10,000, AB 539 would prohibit CFL licensees from issuing a loan with a term of less than 12 months.
  • AB 539 would add a section to the CFL providing that no licensee may impose a prepayment penalty for any loan not secured by real property.

California’s unconscionability doctrine is incorporated into the CFL. Although it was once widely thought that loans with no interest rate cap under the CFL could not be unconscionable, in De La Torre the California Supreme Court held that consumers could use California’s Unfair Competition Law to claim that high-rate loans were unconscionable and therefore violated the CFL. AB 539 expressly provides that a CFL-regulated loan cannot be found unconscionable based on the interest rate alone. In our view, this provision is theoretically unnecessary. In De La Torre, the California Supreme Court held that courts must consider all the circumstances of the loan before declaring that a loan’s rate is unconscionable. Specifically, courts must consider “the bargaining process and prevailing market conditions,” which is “highly dependent on context” and “flexible” according to the Court. In other words, courts properly following De La Torre could not solely consider a loan’s rate to determine unconscionability in any event. That said, the bill would be helpful in that it would foreclose unconscionability arguments based on the rate alone.

Earlier this week, the U.S. Supreme Court ruled in Timbs v. Indiana that the prohibition on excessive fines in the Eighth Amendment of the U.S. Constitution is incorporated against the States by the Fourteenth Amendment.  Although it involved a civil asset forfeiture of a vehicle arising from the petitioner’s criminal conviction, the decision could provide a new weapon for consumer financial services providers facing fines and penalties sought by State attorneys general and regulators.

The Eighth Amendment provides: “Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.”  In its decision, the Supreme Court cited  language from its 1998 decision which held that in rem forfeitures are fines for purposes of the Eighth Amendment.  In that decision, the Court wrote that the phrase “nor excessive fines imposed” in the Eighth Amendment prohibition “limits the government’s power to extract payments, whether in cash or in kind, ‘as punishment for some offense.’”

Since the Supreme Court did not reach the question of whether the forfeiture resulted in an excessive fine that violated the Eighth Amendment, the decision does not discuss the standards for determining whether a particular fine is unconstitutionally excessive.  It should be noted, as the Supreme Court did in its opinion, that “all 50 states have a constitutional provision prohibiting the imposition of excessive fines either directly or by requiring proportionality.”  While such state provisions would be available to a consumer financial services provider, they might not be interpreted in a manner that is as protective as the Eighth Amendment prohibition.  (Perhaps that is the reason that the petitioner in Timbs did not challenge the forfeiture under the Indiana Constitution.)  Accordingly, the Supreme Court’s decision now gives providers a potential second line of attack when facing fines and penalties sought by State attorneys general and regulators.