Welcome to Wiley’s update on recent developments and next steps in consumer protection in the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs and webinars with more analysis in these areas. We understand that staying on top of the rapidly changing regulatory landscape is more important than ever for companies looking to deliver new and breakthrough technologies.

Regulatory announcements

President Biden appoints Alvaro Bedoya as FTC commissioner. At September 13, the Biden administration announcement the appointment of Alvaro Bedoya as commissioner of the FTC. Bedoya is appointed to replace FTC commissioner Rohit Chopra, who has been appointed CFPB director but has yet to be confirmed by the Senate. Bedoya is the founding director of the Center on Privacy & Technology at Georgetown Law, where he is a visiting professor of law. Previously, Bedoya served as the first chief advisor to the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law when the subcommittee was established in 2011. Bedoya’s appointment is subject to the confirmation from the Senate.

FTC announces agenda for September 15 open committee meeting. At September 8, the FTC announcement the agenda for its open meeting of the Commission on September 15, which will be held at 11 a.m. EST. At the meeting, the agency will consider a proposed policy statement on privacy breaches by health apps and online platforms; an FTC study on the non-Hart-Scott-Rodino law reports acquisitions by certain technology platforms; proposed revisions to agency rules regarding petitions for rule making; and a proposal to withdraw from the vertical merger guidelines issued in June 2020 by the FTC and the Department of Justice (DOJ), and the FTC commentary on the application of vertical mergers issued in December 2020. After the meeting completed, members of the public who have signed up will be able to share comments with the FTC.

The FTC approves changes to the five FCRA rules applicable to motor vehicle dealers. At September 8, the FTC announcement that it approved final revisions to the rules that implement the Fair Credit Reporting Act (FCRA) to bring them into line with the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Specifically, the FTC has approved largely technical changes in accordance with the FTC’s limited FCRA regulatory authority under the Dodd-Frank Act, clarifying that these five FCRA rules enforced by the agency s ‘apply only to motor vehicle dealers. The changes affect the FTC Address Discrepancy Rule, Affiliate Marketing Rule, Supplier Rule, Pre-Screen Take-Out Notice Rule, and Risk-Based Pricing Rule. The changes do not affect the FCRA regulations issued by the CFPB, which apply more generally. In addition, the pre-screen takedown notice rule has added the Web address where consumers can decline credit offers to model reviews that can be used by car dealerships. The FTC voted 5-0 to publish the notices in the Federal Register.

Texas District Court upholds CFPB rule on payday loans, vehicle title, and high cost installment loans. At September 7, the CFPB announcement that the United States District Court for the Western District of Texas upheld the payment provisions of the agency’s final rule regarding high-cost payday loans, vehicle title loans, and installment loans. The challenged provision would prohibit some lenders from continuing to attempt to withdraw payment from borrowers’ accounts after two failed attempts. CFPB Acting Director Dave Uejio issued a statement praising the move, noting that the agency “expects lenders to meet the requirements of the payment arrangements, in accordance with the order of the court”.

CFPB proposes a new rule on the reporting of small business data. At September 1st, the CFPB proposed a new rule in accordance with Section 1071 of the Dodd-Frank Act which would require lenders to report certain information about their small business lending practices, including the amount and category of small business credit requested and granted, demographic information on candidates and key characteristics on the details of the proposed price. The information gathering would apply to term loans, lines of credit, credit cards and cash advances to merchants. Among other things, the CFPB is seeking comments on how to define a “small business” for the purposes of data collection; how to determine if the lender is required to provide information; and the appropriate period for the implementation of the rules. Comments on the proposed rule are due 90 days after its publication in the Federal Register.

Important enforcement measures

FTC sends cease and desist letters to 10 diabetes treatment companies. At September 9, the FTC announcement that he sent 10 cease and desist letters to companies for allegedly advertising unproven diabetes treatments or cures. The letters urged companies to stop making claims within 15 days or face possible action from the agency. The letters were issued in conjunction with the Food and Drug Administration (FDA) warning letters and were sent to Ar-Rahmah Pharm, LLC; Aceva, LLC; Live well inc.; Holistic Healer and Wellness Center, Inc.; Lysulin, Inc.; Metamune Inc.; Nuturna International SARL; Pharmaganics LLC; Phytag Laboratories; and Radhanite, LLC d / b / a Curalife Ltd. The letters cautioned against potential violations of both the FTC Act and the Food and Pharmaceutical Cosmetics Act (FD&C; Act). The FD&C; law regulates products intended to cure, treat, mitigate or prevent diseases, even if the advertiser qualifies them as dietary supplements.

CFPB takes legal action against the lender for alleged violation of the Consent Order of 2016 and participation in misleading advertising. At September 8, the CFPB filed a complaint in the United States District Court for the Northern District of California, alleging that LendUp Loans, LLC (LendUp) had violated a Consent Order 2016 which required the company to pay $ 1.83 million in redress for consumers and a civil fine of $ 1.8 million for allegedly misleading consumers with false claims about the high cost of loans and the benefits serial loans. The CFPB complaint alleges that LendUp continued with the same deceptive marketing in violation of the Consumer Financial Protection Act (CFPA). According to the CFPB, LendUp would have promised consumers lower interest rates on future installment loans if the original loans were repaid. The CFPB, however, alleges that an internal investigation by the agency found that 140,000 recurring borrowers were charged the same or higher interest rates after making timely payments. The CFPB complaint seeks an injunction, damages or restitution to consumers, restitution of ill-gotten gains and the imposition of a civil fine.

CFPB is suing the student loan company for allegedly deceptive borrowers over revenue sharing agreements. At September 7, the CFPB announcement that it filed a complaint and issued a consent order against the provider of revenue sharing agreements (ISAs), Better Future Forward, Inc., for allegedly declaring that ISAs are not loans; fail to provide disclosures otherwise required by federal law; and failure to comply with the prohibition on prepayment penalties for private education loans. ISAs are a payment product used in the student loan industry that require borrowers to make payments in proportion to their income for a specified period of time or until borrowers reach their payment limit. The CFPB argues that Better Future Forward’s failure to identify ISAs as loans violated the CFPA. The proposed consent order demands Better Future Forward, among other things, to stop declaring that its ISAs are not loans or create debt for consumers and to reform its ISA contracts.

The FTC is banning the company from the surveillance industry over allegations the company shared data on the devices. At September 1st, the FTC announcement that it banned Support King, LLC (doing business as “SpyFone”) and its CEO from engaging in commercial surveillance activities, following allegations that the company secretly collected data on user movements, phone use and online activities that have been disclosed. The FTC alleged that SpyFone’s monitoring products and services harmed device users by allowing buyers to stalk users surreptitiously. The FTC voted 5-0 to issue the administrative complaint and the consent order. The proposed order will be subject to public comment for 30 days after publication in the Federal Register.

Deadlines and upcoming events for comments

The Federal Reserve Board, FDIC, and OCC are asking for comments on third-party risk management principles. Comments are due September 17 to proposal for inter-agency guidance issued by the Federal Reserve Board of Governors (the Board), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC). The proposed interagency guidance focuses on risk management practices that banking organizations should consider when developing risk management strategies for third party relationships. The Board of Directors, FDIC and OCC intend that the proposed interagency guidance will “take into account the level of risk, the complexity and size of the banking organization and the nature of the relationship with third parties.” . If adopted, the proposed guidelines would replace the existing guidelines of each branch and would apply to all banking organizations regulated by the branches.