To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week:
- On November 15, the Federal Trade Commission (FTC) announced action against Seek Capital and its founder and CEO, Roy Ferman, for allegedly operating a deceptive business finance scheme that cost small business owners more than $37 million. According to the FTC’s complaint filed in the U.S. District Court for the Central District of California, Seek Capital misled new and aspiring small business owners by advertising business loans and lines of credit, but instead charged them thousands of dollars to open personal credit cards in their names. The complaint alleges that Seek Capital’s telemarketers used high-pressure sales tactics and that business owners were often unaware of the credit card applications until they saw a drop in their credit scores or received unexpected invoices. Additionally, Seek Capital allegedly imposed early termination fees and manipulated online reviews to maintain a positive image. For more information, click here.
- On November 14, the Consumer Financial Protection Bureau (CFPB) filed a consent order against Global Tel Link Corporation (GTL), a company that provides communication and financial services to correctional facilities. GTL has a “no-refund” policy for money transfers, with limited exceptions, making it difficult for friends and family to resolve errors such as duplicate transactions or funds sent to the wrong account. These consumers may file chargebacks with their own financial institutions to try to recover the funds. According to the CFPB, in many cases GTL blocks the account of the incarcerated person from receiving additional transfers via credit card or debit card until someone repays the amount of the chargeback and, in some cases, an additional fee. Additionally, between 2019 and 2023, the CFPB found that GTL and Telmate emptied funds from 575,000 accounts after a period of inactivity without sufficiently notifying the consumers. The companies also allegedly failed to disclose complete fee schedules for money transfers. The consent order requires GTL, Telmate, and TouchPay to return at least $2 million to harmed consumers; pay a $1 million penalty; and stop block accounts and seizing funds. For more information, click here.
- On November 13, Representative Gary J. Palmer (R-AL) introduced House Joint Resolution 220, which seeks congressional disapproval of an advisory opinion published by the CFPB relating to medical debt collection practices. The advisory opinion outlined what the CFPB considers to be the obligations of debt collectors under the Fair Debt Collection Practices Act (FDCPA) and Regulation F when collecting medical debts. For more information, click here.
- On November 13, the CFPB released a pilot study titled “Matched-Pair Testing in Small Business Lending Markets” highlighting what the CFPB believes were two statistically significant disparities in the treatment of Black and white small business owners seeking loans. First, the secret shopping study indicated that Black entrepreneurs were less encouraged by small business lenders to apply for loans. Specifically, such lenders expressed interest in obtaining loan applications from 40% of white participants, but only 23% of Black participants. Second, the study found that Black participants were more frequently steered toward alternative financing products — such as business credit cards or real estate-secured loans — compared to their white counterparts with similar or weaker business credit profiles. Specifically, nonrequested or alternative credit products were discussed with 59% of Black participants, compared to 39% of white participants. For more information, click here.
- On November 12, the CFPB released a report highlighting the limitations of federal and state-level privacy protections for consumers’ financial data. The report reveals that while federal regulations like the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA) offer some privacy safeguards, many state data privacy laws exempt financial institutions and data already covered by these federal laws. According to the CFPB, this creates a gap in consumer protections. Despite recent state efforts to enhance data privacy, these exemptions mean that consumers often lack fundamental rights, such as correcting or deleting their financial information. The CFPB urges state policymakers to address these gaps to ensure comprehensive protection for consumers’ financial data. For more information, click here.
- On November 12, the U.S. Court of Appeals for the Fifth Circuit denied a request from Community Financial Services Association of America and the Consumer Services Alliance of Texas to reopen their legal challenge against the CFPB’s payday loan rule. This decision effectively clears the path for the rule to be implemented. For more information, click here.
- Between November 8 and 14, the Department of Justice (DOJ) issued four press releases about enforcement actions in the cryptocurrency industry. The first announced the sentencing of Ilya Lichtenstein to five years in prison for his role in a money laundering conspiracy linked to the 2016 theft of approximately 120,000 bitcoins from a global cryptocurrency exchange. The second reported that the operator of Bitcoin Fog, a darknet bitcoin money laundering service, received a 12-year and six-month prison sentence for processing more than 1.2 million bitcoin transactions valued at around $400 million between 2011 and 2021. The third announced the conviction of an individual for money laundering and running an unlicensed money transmitting business that converted more than $1 million in cash to bitcoin, often for criminals. This defendant misrepresented his business as a vending machine operation to evade detection. The fourth announced that another defendant pleaded guilty to laundering millions of dollars from cryptocurrency investment scams by converting victim funds to USDT and distributing them to controlled cryptocurrency wallets. For more information, click here, here, here, and here.
- On November 7, the Federal Housing Finance Agency (FHFA) announced new partnerships involving Fannie Mae, Freddie Mac, and Federal Home Loan Banks (FHLBanks) to enhance housing access for tribal communities. The FHLBank of Des Moines will promote Freddie Mac’s HeritageOne mortgage product, which aims to improve credit access for federally recognized Native American tribes. Concurrently, Fannie Mae will purchase loans originated through the FHLBank Mortgage Partnership Finance program, administered by the FHLBank of Chicago, to increase mortgage liquidity for tribal communities. The partnerships align with recommendations from FHFA’s 2023 report, “Federal Home Loan Bank System at 100: Focusing on the Future,” to support housing and community development in underserved areas. For more information, click here.
- On November 3, U.S. Senators Elizabeth Warren (D-MA), Richard Blumenthal (D-CT), Chris Van Hollen (D-MD), and Tammy Duckworth (D-IL), sent a letter expressing concerns to Scott Giles, executive director and CEO of the Higher Education Loan Authority of the State of Missouri (MOHELA), regarding the terms of use on MOHELA’s website. The senators criticized MOHELA for attempting to purportedly limit borrowers’ legal rights and absolve itself of liability for potential misbehavior without borrowers’ full knowledge and consent. According to the senators, the terms of use disclaim MOHELA’s responsibility to provide accurate loan information, force borrowers to waive their rights to hold MOHELA accountable for errors, and restrict borrowers from sharing information about their loans. The senators requested detailed information from MOHELA by November 17, to address these issues and ensure borrowers’ rights are protected. For more information, click here.
- On October 31, the Office of the Inspector General for the Federal Reserve Board and the CFPB released its 2024 audit of the CFPB’s information security program, finding it continues to operate effectively at a level-4 (managed and measurable) maturity. The audit highlighted several improvements since the 2023 review, including enhanced security training incorporating near-real-time threat intelligence. However, the report identified areas for further enhancement, such as maturing data loss prevention processes, timely remediation of high-risk vulnerabilities, periodic reinvestigation of system users, improving ransomware incident response, testing continuity of operations plans, and ensuring accurate cybersecurity governance data. Of the seven open recommendations from previous audits, four have been sufficiently addressed. The report includes eight new recommendations, all of which the CFPB has agreed to implement. For more information, click here.
- On November 8, the California Privacy Protection Agency (CPPA) board voted to adopt new regulations for data broker registration and advanced a comprehensive rulemaking package addressing insurance, cybersecurity audits, risk assessments, and automated decision-making technology. The data broker regulations, which clarify registration requirements and define key terms, will be submitted to the Office of Administrative Law for approval, potentially becoming effective by January 1, 2025. The broader rulemaking package, which includes updates to existing regulations and new requirements for businesses, will enter a 45-day public comment period as part of the formal rulemaking process. For more information, click here.
- On November 7, the New York City Department of Consumer and Worker Protection’s (NYC DCWP) held a Q&A session to address industry questions and clarify the newly amended debt collection rules. A significant clarification from this session is that the NYC DCWP intends for the new amendments to apply to creditors collecting their own debts, despite the amended definition of “debt collector.” The plain language of the amended statute defines a “debt collector” as any person or organization engaged in the business of collecting debts “owed or due to another person.” This wording led many creditors to believe that the amended NYC debt collection rules would no longer be applicable to them. However, during the Q&A, the NYC DCWP acknowledged the “confusion” surrounding the revised definition and stated that they are proposing a narrow amendment to ensure clarity. The amendment issued days later specifically states that the term “debt collector” includes creditors collecting their own debts. This clarification is crucial as it confirms that the scope of the debt collection rules remains unchanged and that all amended rules will apply to creditors collecting their own debts. For more information, click here and here.
- On November 7, the California Department of Financial Protection and Innovation (DFPI) announced the revocation of BlockFi Lending LLC’s California Financing Law (CFL) license. This decision follows a previous license suspension in November 2022 and stems from DFPI’s findings that BlockFi violated the CFL by failing to consider borrowers’ ability to repay loans, charging interest before disbursing loan proceeds, not providing credit counseling, failing to report payment performance to credit bureaus, and inaccurately disclosing annual percentage rates (APRs). BlockFi, which filed for bankruptcy in 2022 after the collapse of FTX Trading Co., has agreed to the license revocation and to cease unsafe practices. The DFPI also imposed a $175,000 fine for these violations, but waived the payment to prioritize consumer recovery. For more information, click here.