Last Week, This Morning

May 5, 2025

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)¹" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

On April 28, the Federal Trade Commission announced that it reached a proposed consent order with an artificial intelligence company, resolving allegations that the company made false and unsubstantiated claims about the effectiveness of its AI Content Detector product, in violation of Section 5 of the FTC Act. According to the FTC's complaint, the AI Content Detector uses AI technology to determine whether written content, including marketing content, is AI-generated. The FTC alleged that the company advertised its AI Content Detector product as able to predict with 98% accuracy whether text is AI-generated or human-written, including content from tools like ChatGPT, GPT-4, Claude, and Bard. However, the company allegedly used an unmodified, publicly available AI model and lacked substantiation for its claims that the tool achieved the promoted accuracy, especially for non-academic text such as marketing content.

According to the complaint, the AI model behind the company's product was developed by Norwegian students for detecting academic abstracts and, therefore, was trained exclusively on academic text. The FTC alleged that the company misrepresented the training data and overstated the AI detector's capabilities. Publicly available testing showed the model performed significantly worse than claimed, achieving only around 74.5% accuracy on mixed content and correctly detecting AI-generated non-academic text just 53.2% of the time. The FTC emphasized that such inaccuracies could seriously harm consumers, such as by falsely accusing students of plagiarism or unfairly flagging writers as using AI content.

The company agreed to a non-monetary order that includes:

• prohibiting future deceptive claims about the effectiveness of any AI detection product unless substantiated by competent and reliable scientific evidence;
• preserving all underlying testing data and substantiation for AI detection claims;
• notifying all eligible customers about the FTC settlement and correcting any misimpressions about the AI Content Detector's capabilities; and
• implementing recordkeeping, compliance reporting, and customer notification procedures for a period of up to 20 years.

Amicus Brief(ly): This enforcement action is unusual in a couple respects, but it highlights: (1) the level of regulatory scrutiny we should anticipate as it relates to the claims that AI technology providers make (or omit) about the accuracy of their technology, and (2) the real-world impact of AI and accuracy issues on consumers and businesses. The 20-year recordkeeping requirement is pretty unusual, as is a settlement of deception claims without a financial penalty or fine. But the focus on misleading statements or misrepresentations is common for the FTC. We expect to see more of this from the FTC and from state attorneys general who are vigilant about deception claims.

The Consumer Financial Protection Bureau recently filed a motion to withdraw from a lawsuit it filed on January 4, 2023, against an auto finance company, which would leave the New York Attorney General's Office as the sole remaining plaintiff in the action.

The CFPB and the New York AG filed the lawsuit against the company in connection with its financing of consumers' used vehicle purchases. Specifically, the complaint alleged that the company "engaged in deceptive and abusive acts or practices in violation of the Consumer Financial Protection Act of 2010 ... by obscuring the cost of credit for auto loans and taking unreasonable advantage of consumers' lack of understanding of the risk of default and the severity of the consequences, as well as their inability to protect their interests, and for providing substantial assistance to dealers, even though [the company] knew or should have known the dealers were misrepresenting the voluntary nature of add-on products." The complaint also alleged that the company "violated New York Executive Law § 63(12) by engaging in repeated and persistent fraudulent and illegal conduct, including misstating the cost of credit, entering into unconscionable contract terms, and violating the state-law statutory disclosure regimes set out in the New York Personal Property Law. [The company] likewise violated New York General Business Law § 349 by engaging in these same deceptive business practices." Finally, the complaint alleged that because the company allegedly violated the CFPA and New York law, it also violated New York's securities fraud law.

Amicus Brief(ly): When the CFPB and the New York AG filed this suit in 2023, the finance company filed a motion to dismiss just two months later, arguing that the government's claims about hidden finance charges and the suggestion that the finance company should have performed some form of ability-to-repay test that accounted for food and childcare expenses (not just traditional debt-to-income or payment-to-income tests) went too far and were tantamount to legislation through a lawsuit. Trade groups agreed, filing an amicus brief with the court to point out the government's apparent disregard for the consumer protection laws the CFPB knows well (e.g., the Truth in Lending Act) and criticize the government's attempts to use its UDAAP authority to effectively rewrite those laws in the lawsuit. The CFPB's voluntary withdrawal from the case at this point is consistent with its retreat from the more aggressive tenor of the Rohit Chopra-led regime. It leaves the case with the New York AG to litigate its claims that the finance company set consumers up to fail by financing overpriced used vehicles.

On April 30, the Consumer Financial Protection Bureau filed a joint stipulation to dismiss its appeal of the U.S. District Court for the Eastern District of Texas's September 2023 final judgment, which concluded that the CFPB's 2022 changes to the Unfair, Deceptive, or Abusive Acts or Practices examination manual exceeded the Bureau's statutory authority. The joint stipulation was filed with the plaintiffs in the case: the U.S. Chamber of Commerce and several trade associations. The joint stipulation will prevent the changes to the UDAAP manual from taking effect.

In June 2022, the CFPB, after announcing that it considered discrimination to be a UDAAP, updated the UDAAP examination manual to direct examination of whether a supervised company regularly analyzes all of its decision-making processes and data for discrimination. According to a press release summarizing the change in the manual, examiners must "require supervised companies to show their processes for assessing risks and discriminatory outcomes, including documentation of customer demographics and the impact of products and fees on different demographic groups."

In September 2022, the U.S. Chamber of Commerce and several trade associations sued the CFPB, objecting to the new mandate requiring examiners to scrutinize companies for discrimination. The plaintiffs contended that the examination directive should be vacated because the agency's funding structure violated the Appropriations Clause of the U.S. Constitution, because it exceeded the agency's statutory authority, and because it violated the Administrative Procedure Act substantively and procedurally. The federal district court granted the plaintiffs' motion for summary judgment in the case.

Amicus Brief(ly): Another one down. As regular readers of these pages know, the past few months have seen the CFPB abandon many of its adversarial matters and enforcement initiatives. The CFPB's new direction takes a far less aggressive or assertive approach to exercising its authority, with its officially stated focus on consumer protection and its less official (but well-publicized) internal memo from a couple of weeks ago describing an adjustment to both its enforcement and rulemaking initiatives to focus on a narrower view of its consumer protection mission. The industry welcomes this dismissal, given the consensus view that the 2022 updates to the examination manual went too far.

On April 30, the Consumer Financial Protection Bureau announced that it will not prioritize enforcement or supervision of the Small Business Lending Rule with respect to entities that are currently outside the scope of the stay imposed by the Fifth Circuit in Texas Bankers Association v. CFPB. The Small Business Lending Rule, which implements Section 1071 of the Dodd-Frank Act, requires covered financial institutions to collect data on certain credit applications from small businesses and report that data to the CFPB. On February 7, 2025, the Fifth Circuit granted the plaintiffs' motion for a stay pending appeal in the Texas Bankers Association case, which challenged the validity of the CFPB's Small Business Lending Rule. The Fifth Circuit tolled the deadlines for compliance with the rule but only for the plaintiffs and intervenors in the case.

According to the CFPB's April 30^th announcement, "[t]he [CFPB] will ... keep its enforcement and supervision resources focused on pressing threats to consumers, particularly servicemen and veterans. The [CFPB] takes this step in the interest of focusing resources on supporting hard-working American taxpayers, servicemen, veterans, and small businesses. Even absent resource constraints, the [CFPB] would deprioritize enforcement of this rule because of the unfairness of enforcing it against entities not protected by the court's stay but similarly situated to parties that are protected by the stay. The [CFPB] looks forward to resolving the status of this regulation and ensuring fair, consistent treatment for all entities impacted by the regulation."

Amicus Brief(ly): In with a bang, out with a whimper. The CFPB's Section 1071 rule was a lightning rod for criticism and faced industry resistance through the rulemaking and into the period leading up to the Fifth Circuit's stay of the rule. For the unfamiliar, the CFPB put a lot of effort into the rule and associated published resources to help small businesses comply. Unlike some other cases where the CFPB pretty clearly exceeded its statutory authority (see the discussion above related to the CFPB's UDAAP examination manual), Section 1071 of the Dodd-Frank Act actually did authorize the Bureau to write rules to implement the small business data collection effort for fair lending purposes. There has been some effort in Congress to try and repeal Section 1071, but Congress is not moving any faster on that than the CFPB did in writing the rule. Either way, we're left with a rule that the CFPB had to write but that the CFPB, under current leadership, will not prioritize.

On April 30, the Federal Trade Commission obtained a proposed consent order with a debt collector and its owner to resolve allegations that they illegally threatened consumers and attempted to collect debts that consumers did not owe. Specifically, the FTC alleged that the defendants:

• contacted consumers under a number of fictitious company names;
• called consumers and threatened them with arrest, wage garnishment, and lawsuits if they did not pay the purported debt;
• attempted to collect debts that either did not exist or were not debts the defendants could legally collect;
• failed to identify themselves as debt collectors as required by the Fair Debt Collection Practices Act; and
• unlawfully obtained consumers' financial information in violation of the Gramm-Leach-Bliley Act.

Under the proposed order, the defendants will be:

• permanently banned from debt collection and debt brokering activities;
• prohibited from misrepresenting any material fact related to the sale, promotion, or marketing of any good or service; and
• prohibited from misrepresenting their affiliation or connection to any person or business and from violating the FTC's Impersonation Rule and the GLBA.

The FTC imposed a monetary judgment of $9,684,338, which will be suspended after the defendants turn over their remaining assets.

Amicus Brief(ly): Contrast this proposed consent order with the FTC's AI-related settlement described earlier in this missive. This settlement better reflects the FTC's approach to enforcement where there has (allegedly) been some purposeful deception with a direct impact on consumers. Federal and state regulators have no patience with phantom debt collection, which is alleged in this case. Industry does not care for it either because, while the violations of law are fairly obvious, the kinds of bad acts alleged in this action can lead to onerous rulemaking or law changes that have a dramatic impact on compliant businesses. The proposed consent order is important because it reflects how seriously the government takes these types of claims, but there are very few productive compliance takeaways for careful companies looking for such in consent orders because the claims are pretty low-hanging fruit for regulators and do not (despite what we might read from time to time in the news) reflect conduct undertaken by responsible debt collectors focused on regulatory compliance.

---

¹ For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.