On Thursday, February 22nd, from 3-4 p.m. ET, Troutman Sanders will host a webinar that will provide an overview of recent trends in the areas of lender liability, bank litigation, and arbitration. Economic recession and unrest in the credit market has provided fertile ground for borrowers, guarantors, depositors, and other third parties to test legal theories, gain leverage in workout negotiations, and monetize failed commercial relationships by suing lenders, banks, and other facilitators of financial credit. This webinar will cover principles for avoiding liability, provide an update on important case law and regulatory developments, illustrate certain real scenarios lenders and banks face daily with potentially huge exposure, and conclude with a summary of recent rulings in the area of enforceability of arbitration provisions.

One hour of CLE credit is pending.

To register, click here.


On February 6, the Conference of State Bank Supervisors (“CSBS”) announced that seven states have entered into a compact that should streamline the process of applying for state money transmitter licenses.

Moving forward, the participating states– Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas, and Washington – will accept each other’s findings regarding certain “key elements of state licensing.”  The “key elements” include IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act.

If the compact works as planned, a company that has obtained a money transmitter license from one of the compact states will be able to obtain a license from any other compact state without the delay and expense of duplicative review and approval requirements, at least as to the “key elements” outlined above.

“This MSB licensing agreement will minimize the burden of regulatory licensing, use state resources more efficiently, and allow for broader participation by other states across the country,” said John Ryan, CSBS president and chief executive officer.

The CSBS’s announcement also noted that more states are expected to join the compact, which is only the “first step among state regulators in moving towards an integrated, 50-state system of licensing and supervision for fintechs.”

A copy of the CSBS’s announcement is available here.

On January 19, a federal district court judge closed the damages phase of the CFPB’s long-running challenge to CashCall’s tribal-lending operation by ordering the company and its associates to pay a $10 million penalty.  While the $10 million penalty is substantial, the order stands as an impressive victory for CashCall, as the CFPB requested a $52 million penalty and an additional $236 million in restitution. 

In the earlier liability phase of the litigation, U.S. District Court Judge John F. Walter granted the CFPB’s motion for partial summary judgment, finding that CashCall engaged in unfair, deceptive, and abusive acts or practices when it serviced and collected on loans made by Western Sky Financial, a lending operation owned by an enrolled member of the Cheyenne River Sioux Tribe.  Invoking a contested doctrine, Judge Walter found that CashCall was the “true lender” of the loans and, therefore, had deceived consumers by creating the false impression that the loans were enforceable and that borrowers were required to repay them.  

But in the damages phase of the litigation, Judge Walter softened his earlier ruling.  He rejected the CFPB’s request for $236 million in restitution, finding that the CFPB failed to present any evidence that CashCall “set out to deliberately mislead consumers” or “otherwise intended to defraud them.”  In the same vein, he rejected the CFPB’s reliance on evidence that CashCall structured its lending operation to avoid state licensing and usury laws, noting that “companies frequently structure business operations and transactions to minimize exposure to unfavorable laws and regulations.”   He also found that CashCall “plainly and clearly disclosed the material terms of the loans to consumers,” and that “the evidence indicated quite clearly that consumers received the benefit of their bargain—i.e., the loan proceeds.”  

In addition, Judge Walter rejected the CFPB’s request for a $52 million penalty.  In seeking that award, the CFPB argued that CashCall “knowingly” engaged in unfair, deceptive, and abusive acts or practices.  But Judge Walter found that the CFPB failed to prove that CashCall knowingly engaged in any misconduct; in fact, he noted that, “at its inception, there was nothing inherently unlawful about” CashCall’s lending operation.   

Moreover, Judge Walter also rejected the idea that CashCall was reckless.  “[T]here was no evidence [CashCall] decided to create and implement an unlawful scheme to defraud consumers, which would have been relatively easy to accomplish given their sophistication and experience in the lending business,” Judge Walter wrote.  “Instead, [CashCall] sought out highly regarded regulatory counsel to assist them in structuring the Western Sky Loan Program.”

Recently, a Manhattan federal jury convicted Richard Moseley Sr., the head of an online network of payday lenders and loan servicers, on charges of wire fraud, aggravated identity theft, and violating the Racketeer Influenced and Corrupt Organizations Act and Truth in Lending Act, among other counts.

Moseley was convicted due to his leadership role over a vast and complicated system of interrelated companies that collected over $220 million from more than  600,000 borrowers and deceived regulators in the process.  Convincing state and federal regulators and even his own lawyers that his companies were based offshore and not bound by U.S. law, Moseley coordinated a network of lenders and loan servicers that routinely misled both consumers and regulators.  At the time of his indictment, then-United States Attorney Preet Bharara stated, “As alleged, Richard Moseley, Sr., extended predatory loans to over six hundred thousand of the most financially vulnerable Americans, charging illegally high interest rates to people struggling just to meet their basic living expenses.”

The indictment alleges that Moseley-related lenders went so far as to autodebit accounts in ways unanticipated by borrowers and lend money to borrowers who did not request it after their personal information was sent to various Moseley companies.  Moreover, important terms were hidden in small print, interest rates were charged that violated the laws of the states in which the businesses were operating, and lenders and loan servicers made “deceptive and misleading” fee disclosures to borrowers.  The case was originally referred to prosecutors by the Consumer Financial Protection Bureau.

Although Mosely claimed to incorporate his companies in the Caribbean and New Zealand beginning in 2006, the indictment states that Moseley’s companies operated out of Kansas City, Missouri instead.  Based on these incorporation claims, Moseley’s attorneys told state regulators that loans from Moseley’s network of lenders and loan servicers originated exclusively from overseas offices.  In reliance on this materially false and misleading correspondence, many state attorneys general and regulators closed their investigations on the mistaken belief that they lacked jurisdiction over Moseley’s companies as they supposedly had no presence or operations in the United States.

Moseley, 73, is not scheduled to be sentenced until April 2018, and his RICO and wire fraud convictions carry 20-year maximum sentences.  Following news of the jury’s conviction, Acting United States Attorney Joon H. Kim stated, “Moseley can no longer take advantage of those already on the brink, and he now faces significant time in prison for his predatory ways.”

On Thursday, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued its first no-action letter to Upstart Network, Inc., an online lender. The no-action letter green-lights the lender’s use of alternative data in marketing and pricing decisions. In exchange, Upstart will report lending and compliance information to the CFPB.


California-based Upstart provides an online lending platform that enables people with limited credit or work history to obtain credit. Upstart touts its ability to identify differences in risk between “thin file” applicants by using signals beyond traditional credit scores. Primarily, Upstart compliments traditional underwriting signals with a borrower’s work history and education. Upstart may take into account the school attended, degree obtained, and current employment to analyze the borrower’s financial capacity and propensity to pay. Upstart claims in the no-action letter application that including this information provides borrowers who otherwise may not qualify for credit the opportunity to borrow on more favorable terms.

Since launching its lending platform in 2014, Upstart has originated over 80,000 loans totaling more than $1 billion. The loans range from $1,000 to $50,000 with an average loan of $12,000. The repayment term is either 36 months or 60 months. The typical borrower is 28 years old and uses the loan to pay down credit card debt. Others consolidate payday or other unsecured debt, reduce student loan debts, or pay for graduate school tuition. Interest rates range from 4% to 25.9%.


The CFPB’s letter marks the first of its kind since the Bureau announced the no-action letter policy in early 2016. Under the program, companies implementing a new product or service can apply for a statement from the Bureau that would reduce regulatory uncertainty. Applicants must submit responses to a series of questions, including detailed descriptions of the product or service and the benefits and risks to consumers. The Bureau implemented the policy to incentivize companies to develop safe and innovative products and approaches. Anticipating that it will issue no-action letters in only exceptional circumstances, the CFPB will publish a no-action letter that it grants, but will not publish the denial of a request for a no-action letter.


The no-action letter to Upstart indicates that the Bureau has no present intent to recommend initiation of supervisory or enforcement action against Upstart with respect to the Equal Credit Opportunity Act. According to the terms of the letter, Upstart has agreed to provide the Bureau with certain information regarding loan applications, the criteria used to decide which loans to approve, how it will mitigate risk to consumers, and how its model expands access to credit for underserved populations. The Bureau will use this information as part of the inquiry into alternative data that it launched earlier this year.

The scope of the no-action letter is limited to Upstart’s automated model for underwriting applicants for unsecured non-revolving credit. The Bureau went to great lengths to limit the effect of the letter, claiming that the letter could not be viewed as an interpretation, waiver, safe harbor, or something similar.


Although the no-action letter reveals that the CFPB remains committed to completing its inquiry into the use of alternative data to expand credit, it offers little guidance outside of the contours of Upstart’s platform and Upstart may still have to deal with fair lending issues with the CFPB down the road. With respect to this first no-action letter, initial reactions from the industry reveal disappointment in light of the fact that the letter offers little industry guidance.

On April 27, the Consumer Financial Protection Bureau filed a lawsuit in an Illinois federal court against four online installment loan companies operated by a California Native American tribe.  Although the tribe operates the installment loan companies, the CFPB’s complaint alleges that the defendants are not arms of the tribe” and therefore should not be able to share the tribe’s sovereignty.  The Bureau made these allegations in support of its belief that the defendants violated the Consumer Financial Protection Act (“CFPA”) by entering into loan agreements that violated state usury and lender licensing laws.  The Bureau alleged that the loans are void and cannot be collected under the CFPA because the loans are usurious under state laws.  The complaint also alleges that the defendants violated the Truth in Lending Act (“TILA”) by failing to disclose the cost of obtaining the loans. 

All four defendants extend small-dollar installment loans through their websites.  The Bureau’s complaint alleges that the defendants’ customers were required to pay a “service fee” (often $30 for every $100 of principal outstanding) and five percent of the original principal for each installment payment.  As a result, the effective annual percentage rates of the loans ranged from approximately 440% to 950%.  The complaint also alleges that each of the defendants’ websites advertises the cost of installment loans and includes a rate of finance charge but does not disclose the annual percentage rates.  The defendants made the loans at issue in Arizona, Arkansas, Colorado, Connecticut, Illinois, Indiana, Kentucky, Massachusetts, Minnesota, Montana, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, and South Dakota.   

During an investigation before the lawsuit was filed, the defendants claimed that they were entitled to tribal sovereign immunity because they acted as an “arm of the tribe.”  The CFPB’s complaint  disputes that defendants are entitled to tribal sovereign immunity because they allegedly do not truly operate on tribal land, that most of their operations are conducted out of Kansas (although the tribal members were in California), and that they received funding from other companies that were not initially owned or incorporated by the tribe.  

The relief requested by the CFPB includes a permanent injunction against the defendants from committing future violations of the CFPA, TILA, or any other provision of “federal consumer financial law,” as well as damages to redress injury to consumers, including restitution and refunds of monies paid and disgorgement of ill-gotten profits. 

Lenders affiliated with Native American tribes have been subject to both regulatory and private lawsuits for violations of consumer protection laws, as we previously reported here and here.  Recently, in January 2017, the Ninth Circuit Court of Appeals rejected the sovereign immunity arguments that tribal lenders made and affirmed a lower court’s decision that three tribal lending companies were required to comply with the Bureau’s civil investigative demands for documents.  The Ninth Circuit stated that generally applicable federal laws, like the Consumer Financial Protection Act, apply to Native American tribes unless Congress expressly provides otherwise and Congress did not expressly exclude the three tribal lending companies from the Bureau’s enforcement authority.

On January 31, Virginia Attorney General Mark Herring announced a settlement with CashCall, Inc. over allegations that the company illegally deceived borrowers and collected interest in excess of legal rates.   

According to the press release, the A.G.’s Office alleged that CashCall violated Virginia’s usury, lending, and licensure laws by entering into an arrangement in which a company affiliated with a Native American TribeWestern Sky Financial, LLC would loan money to Virginians at annual rates as high as 230%.   

As part of the settlement, CashCall will pay $9.435 million in restitution to approximately 10,000 Virginia consumers, $5.9 million in debt relief to consumers, and $100,000 in civil penalties and fees to the Commonwealth.  Under the terms of the settlement, CashCall is also permanently barred from violating the Virginia Consumer Protection Act and from charging more than 12% annual interest on its loans without qualifying for a usury law exception. 

As noted here, here, here and here, CashCall and Western Sky have been under intense scrutiny from state attorneys general and the Consumer Financial Protection Bureau for their alleged attempts to circumvent state usury laws.  As previously noted, these cases are particularly important to payment processors, as states have filed lawsuits or executed settlement agreements with lenders and processors arising out of allegations that the lenders violated a state’s usury laws. 

The Virginia A.G.’s Predatory Lending Unit, the first of its kind, has been active in bringing enforcement actions against companies in the payday loan, title loans, consumer finance loan, mortgage loan, and mortgage servicing space.  Those in the consumer financial service industry should closely monitor this and future actions by the Virginia Attorney General. 

The settlement was filed in the United States District Court for the Eastern District of Virginia, Richmond Division, in conjunction with a pending Virginia class action settlement in the same court.


On September 27, LendUp, an online payday lending company based in San Francisco, entered into a Consent Order with the Consumer Financial Protection Bureau and the California Department of Business Oversight over allegations that LendUp violated the Consumer Financial Protection Act and Regulation Z of the Truth In Lending Act by  misleading consumers about the prospects of improving their credit through the company’s lending program.   

LendUp offers single-payment loans and installment loans in 24 states.  According to the CFPB’s Consent Order, Lendup marketed its loan program with claims that it would build consumers’ credit, build consumers’ credit scores, furnish information regularly to consumer reporting agencies, and offer consumers access to “more money at better rates for longer periods of time” than other options available to consumers.  LendUp advertised its “LendUp Ladder” program whereby consumers could obtain financial stability by taking out its payday loans, repaying them on time, and completing financial education courses, which would allow them to take out additional payday or installment loans with more favorable terms.  

The CFPB alleged that LendUp and its parent company, Flurish Inc., made false promises that consumers would be able to climb up the “LendUp ladder” and rebuild their credit by paying back loans they took out, which would qualify them for loans on better terms that would be reported to credit bureaus and consequently improve their credit scores.   

Additionally, the CFPB alleged that LendUp failed to provide consumers with clear information about the annual percentage rates on loans and did not begin reporting borrowers’ information to consumer credit bureaus until at least February 2014.  LendUp also failed to have written policies and procedures governing the accuracy of those reports until April 2015, according to the CFPB. 

LendUp agreed to pay $3.63 million in the CFPB settlement, including $1.83 million in refunds and a $1.8 million civil money penalty, and $2.68 million to California, including $1.62 million in refunds. 

As we wrote here, the CFPB and FTC have indicated that fintech companies should expect increased regulatory scrutiny and oversight and comply with federal consumer financial protection laws. As CFPB head Richard Cordray noted in the CFPB’s press release in the LendUp action, “[S]tart-ups are just like established companies in that they must treat consumers fairly and comply with the law.” 

On September 15, the Federal Trade Commission published a staff paper providing its perspective on the lead generation business.  Although the FTC recognized some of the advantages of lead generation, the paper was a clear warning to “unscrupulous actors in the lead generation industry” of potential consequences.  The staff paper signals that the FTC is focusing on the industry, and in particular on the quality of disclosures to consumers and use of information collected by lead generators from consumers.

Lead generation is the process of identifying and cultivating individual consumers who are potentially interested in purchasing a product or service.   As consumers increasingly research and shop for products online, lead generation has become more sophisticated, rapid, and data-intensive, said the FTC.  While this can benefit interested consumers by connecting them with merchants quickly and efficiently and can have positive benefits on price and competition, the FTC noted several potential areas of concern for consumers:

(1)    Complexity and Lack of Transparency – The FTC paper notes that consumers who fill out forms online may not be aware that the forms are operated by lead generators who may sell and re-sell the consumers’ information multiple times.  The FTC recommends that “[c]ompanies should disclose this information to consumers clearly and conspicuously to add transparency to the lead generation process.”

(2)    Aggressive or Potentially Deceptive Marketing – Participants in an FTC workshop noted that some lead generators may use aggressive or deceptive marketing tactics to entice consumers to fill out web forms.  One company, for example, allegedly misrepresented to consumers that they were applying for job openings when in fact the company was selling the consumers’ personal information to schools and career training programs.

(3)    Potential Misuse of Sensitive Consumer Information in Payday Lending Lead Generation – The FTC noted that online lead generators for payday lenders typically collect sensitive financial information, including Social Security numbers and bank account information, from consumers.  Lead aggregators should take care to ensure that the companies that buy their leads do not use this information for unauthorized or other unlawful purposes, recommended the FTC.

The FTC concluded its staff paper by noting its “ongoing law enforcement work” in connection with lead generators.  In light of the FTC’s focus on the lead generation business, all companies within that realm should take heed of the FTC’s guidance.



On August 18, the Minnesota Attorney General announced that it had settled a lawsuit against online money lender CashCall, Inc.  The State of Minnesota alleged that CashCall violated Minnesota’s usury, lending, and licensure laws by entering into an arrangement in which a company affiliated with a Native American tribe would loan money to Minnesota citizens at interest rates as high as 342 percent and then transfer those loans to CashCall for servicing and collection.  The 342 percent rate exceeded the Minnesota interest rate limits. 

Under the terms of the settlement, all outstanding loans to Minnesota residents have been forgiven.  If CashCall sold a loan to a third party, the settlement requires CashCall to send a letter to the third party, directing the third party to forgive the loan.  In addition, CashCall must send a letter to the consumer reporting agencies to which it reported, directing the consumer reporting agencies to remove any reporting about the loan from consumers’ credit report.  CashCall also made a $4.5 million restitution payment to Minnesota.               

Minnesota’s settlement with CashCall is a part of a growing trend of states executing settlement agreements with lenders arising out of the lenders’ alleged violations of state licensing and usury laws.  In fact, CashCall recently executed similar settlements with the States of Arkansas and Michigan.  These cases are particularly important to payment processors, as states have filed lawsuits or executed settlement agreements with lenders and processors arising out of allegations that the lenders violated a state’s usury laws.