On November 21, a Washington-based bank confirmed through a public filing that it entered into a consent order with the FDIC alleging that the bank engaged in unsafe or unsound banking practices, primarily related to products offered through a fintech partner. In particular, the FDIC determined that in connection with the bank’s relationship with the fintech, the bank engaged in, among other things, deceptive and unfair acts and practices in or affecting commerce by making implied claims that credit products with non-optional debt cancellation features were unemployment insurance, approving consumers who did not qualify for the debt cancellation feature, and misrepresenting the fees and benefits for those products.Continue Reading FDIC Issues Order Against Bank Over Fintech Partnership

On November 21, the FTC voted 3-0 to approve the omnibus resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that use or claim to be produced using artificial intelligence (AI) or claim to detect its use. The resolution will make it easier for FTC staff to issue civil investigative demands (CIDs), which are a form of compulsory process similar to a subpoena, in investigations relating to AI, while retaining the Commission’s authority to determine when CIDs are issued. This resolution will be in effect for 10 years. Continue Reading FTC Approves Compulsory Process for AI-related Products and Services

On November 20, the CFPB, along with 11 state attorneys general and state regulators, entered into a stipulated final judgement and order with a Delaware-based company and two affiliated companies (“defendants”) in the education financing sector to settle allegations in violation of the CFPA, TILA/Regulation Z, and the FDCPA in connection with the defendants’ unlawful practices in originating, servicing, collecting, and enforcing income sharing agreements (“ISA”) (we have discussed ISAs in prior blog posts here and here). Continue Reading CFPB Settles Claims Against Operator of Training Program for Activities Arising out of Income Share Agreements

On November 15, the CFPB issued an order requiring an Illinois-based fintech lender to pay $15 million in fines. The order additionally prohibits the company from operating in certain lines of business and requires revision of its executive compensation policies.Continue Reading CFPB Files Action Against Fintech for Allegedly Violating Previous Order, Deceiving Customers, Withdrawing Funds Without Consent

On November 2, the FTC entered into a settlement agreement with a Manhattan-based fintech company for $18 million over alleged deceptively marketed cash advances to consumers and impeding customers’ ability to cancel memberships. The FTC alleged that the fintech company violated the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA).Continue Reading FTC Settles with Fintech for $18M over Deceptive Cash Transfers and Difficult-to-Cancel Memberships

On November 7, the FTC and the State of Florida settled with a chargeback mitigation company and its owners for $150,000. The chargeback company was allegedly using deceptive practices, including referencing disclaimers that were not actually shown to the customers during the checkout process, to prevent consumers from disputing credit card charges through the chargeback process.Continue Reading FTC, Florida Settle with Chargeback Mitigation Company for $150K

On October 25, the CFPB released its sixth biennial report to Congress as required under the Credit Card Accountability Responsibility and Disclosure Act (CARD Act). The report found that in 2022 credit card companies charged consumers over $105 billion in interest and more than $25 billion in fees. The report also showed several trends in consumer credit card activity and identified potential areas of concern. Key highlights from the report include:Continue Reading CFPB Report: Credit Card Companies Charged Consumers $130B in Interest and Fees

On November 1, the OCC issued Bulletin 2023-34 addressing the topic of “venture lending,” referred to as “commercial loans to early-, expansion-, and late-stage companies.” According to the Bulletin, venture lending is often used to fund new business growth and development but comes with its own set of risks and challenges, and financial institutions must take care to meet the agency’s expectations for risk management and risk-rating of venture loans. Key takeaways from the OCC’s Bulletin including the following:Continue Reading OCC Issues Bulletin on Risks Related to Venture Lending

On October 30, the Superior Court of California County of Los Angeles denied the DFPI’s motion for a preliminary injunction to force a Chicago-based fintech company to stop facilitating loans to California borrowers from its bank partner at interest rates above California’s interest rate cap (generally 36% for loans less than $10,000) (we previously discussed this case here and here).Continue Reading California Court Denies DFPI’s Motion for Preliminary Injunction Against Fintech

On November 2, the CFPB issued a new report on state Community Reinvestment Act laws. The report found that many states adopted Community Reinvestment Acts (CRAs) similar to the federal Community Reinvestment Act of 1977. The report showed that state CRAs differ from the federal CRA to account for unique reinvestment priorities of individual states. The report also showed that nonbank mortgage companies’ increasing market share has influenced how states have developed their CRAs.Continue Reading CFPB Publishes New Report on State Community Reinvestment Laws

On October 27, the FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC will need to include certain information about the event, including:Continue Reading FTC Amends Safeguards Rule, Requires Non-Banks to Report Data Security Breaches