October 21, 2024
Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.
The Consumer Financial Protection Bureau recently announced that it issued a consent order against a private dispute resolution company, resolving allegations that the company engaged in deceptive and unfair acts and practices in violation of the Consumer Financial Protection Act and permanently banning the company from arbitrating disputes that concern a consumer financial product or service.
The dispute resolution company provided an online dispute resolution platform. This platform was used by a vocational training company that operated a vocational training program and provided "income share" loans to students in that program. In 2023, the vocational training company was shut down by the CFPB and certain state attorneys general for its alleged illegal lending practices in connection with the income share loans.
The current consent order alleges that the dispute resolution company had commenced arbitrations with consumers who had allegedly defaulted on income share loans from the vocational training company. Specifically, the CFPB alleges that the dispute resolution company did not have the ability to arbitrate the vocational training company's claims against consumers because none of the income share loan agreements contained an arbitration clause permitting arbitration on its platform. The CFPB also alleges that the dispute resolution company misrepresented itself as a neutral and impartial arbitrator for consumer debt arbitrations by failing to disclose that it had a financial interest in consumers settling with the vocational training company because the vocational training company promised to pay the dispute resolution company contingency fees for each claim that it settled. Finally, the CFPB alleges that the dispute resolution company required consumers to agree to its terms of service, which purported to bind consumers to the dispute resolution process, before they could view or respond to the vocational training company's claims that they defaulted on income share loans, thereby infringing on consumers' ability to "obtain information," "engage in live testimony," and "contest jurisdiction."
In addition to the permanent arbitration ban, the consent order prohibits the company from making misrepresentations to consumers related to arbitration proceedings and imposes a nominal civil penalty of $1 because of the company's inability to pay.
|
On October 15, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the Federal Reserve Board published a final rule in the Federal Register that adjusts the dollar threshold for exempting higher-priced mortgage loans from special appraisal requirements. Based on the Consumer Price Index in effect as of June 1, 2024, the exemption threshold will increase from $32,400 to $33,500, effective January 1, 2025. The Dodd-Frank Act added special appraisal requirements for higher-priced mortgage loans to the Truth in Lending Act, including that creditors obtain a written appraisal based on a physical visit to the interior of the home before making a higher-priced mortgage loan. The rules implementing these requirements contain an exemption for loans of $25,000 or less, adjusted annually to reflect changes in the CPI.
|
On October 16, the Federal Trade Commission finalized amendments to its Negative Option Rule, now titled the "Rule Concerning Recurring Subscriptions and Other Negative Option Programs." The Negative Option Rule now applies to all negative option programs in any media. The final rule provides that the following acts and practices are unfair or deceptive within the meaning of Section 5 of the FTC Act:
According to the FTC's news release, the final rule differs from the proposed rule in two significant ways. First, the proposed rule would have required sellers to provide annual reminders to consumers of the negative option feature. Second, the proposed rule would have prohibited sellers from forcing consumers to receive saves without first obtaining consumers' unambiguously affirmative consent. (A "save" was defined in the proposed rule to mean an attempt by a seller to present any additional offers, modifications to the existing agreement, reasons to retain the existing offer, or similar information when a consumer attempts to cancel a negative option feature.) The FTC is not adopting these provisions of the proposed rule at this time but plans to seek further comment on these provisions through a supplemental notice of proposed rulemaking.
Most of the final rule's provisions will go into effect 180 days after it is published in the Federal Register.
|
On October 17, the Consumer Financial Protection Bureau filed a lawsuit against a private student lender, two of its subsidiaries, and a controlling investor in connection with loans provided to students enrolled at schools that offered short-term vocational training programs. The CFPB generally alleges that the defendants made misrepresentations about the quality of the schools with which they partnered and about graduates' hiring rates and salaries. Specifically, the CFPB alleges that the defendants, among other things:
The CFPB seeks, among other things, injunctive relief to prevent future violations and monetary relief in the form of redress to consumers and the imposition of civil money penalties.
|
On October 16, the New York Department of Financial Services issued guidance to all DFS-regulated entities concerning how artificial intelligence can be a threat to cybersecurity and the strategies that may be used to mitigate AI-related threats. The guidance does not impose any new requirements beyond the obligations in the DFS's cybersecurity regulation codified at 23 NYCRR Part 500.
The guidance highlights certain AI-related threats to cybersecurity, including: the use of AI by cybercriminals to create deepfakes that allow them to target individuals via email, telephone, text, and other means to convince them to divulge sensitive information; the use of AI by cybercriminals to amplify the potency, speed, and scale of cyberattacks; the use of a product that incorporates AI typically requires the collection and processing of substantial amounts of nonpublic information, resulting in entities needing to protect substantially more data and providing an increased incentive for cybercriminals to target these entities; and vulnerabilities for entities that use AI or a product that incorporates AI due to their dependency on vendors and third-party service providers.
In addition to the discussion on AI-related risks and mitigation measures, the DFS's guidance notes that entities should also explore the substantial cybersecurity benefits that can be gained by integrating AI into cybersecurity tools, controls, and strategies.
|