Wiley Consumer Protection Download (February 27, 2024)

February 27, 2024

Regulatory Announcements
Select Enforcement Actions
Upcoming Comment Deadlines and Events
More Analysis from Wiley

Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap select enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and groundbreaking technologies. Please reach out if there are other topics you’d like to see us cover or for any additional information.

To subscribe to this newsletter, click here.

Regulatory Announcements

CFPB Issues Supervisory Designation Order to Installment Lender. On February 23, the CFPB issued a Supervisory Designation Order finding that a large installment lender meets the standard for supervision under the Consumer Financial Protection Act (CFPA). This marks the first Supervisory Designation Order issued by the agency in a case where the target entity contested the CFPB’s supervisory authority. The CFPA establishes five categories of nonbank financial companies subject to CFPB supervision. As relevant here, Section 1024(a)(1)(C) of the CFPA permits agency supervision of nonbank covered financial institutions that “pose[] risks to consumers with regard to the offering or provision of consumer financial products or services . . . .” Until 2022, the CFPB had only seldom used this authority to examine certain nonbank financial institutions.

The installment lender, which is one of the largest small-loan consumer finance companies in the United States, contested the CFPB’s initial supervisory notice issued in March 2023. The CFPB’s Supervisory Designation Order, however, concludes that the agency has reasonable cause to determine that the installment lender’s conduct poses risk to consumers under the CFPA for four reasons: (1) the installment lender does not adequately explain to customers that the insurance coverage offered by the lender is optional, which may cause consumers to be deceived or misled; (2) the installment lender “engages in excessive, harassing, and coercive collection practices”; (3) the installment lender “furnishes inaccurate information to consumer reporting agencies or fails to adequately respond to consumer disputes regarding the accuracy of information it has furnished”; and (4) the installment lender’s business model relies on “serially refinancing” its loans, which the CFPB views as a practice “that may harm consumers in a variety of ways.”

While the Supervisory Determination Order means that the CFPB has determined that the installment lender is subject to agency supervision, the Order clarifies that it does not constitute a finding that the installment lender has engaged in any wrongdoing.

FTC Finalizes Impersonation Rule and Issues SNPRM Seeking Comment on Prohibiting the Impersonation of Individuals. On February 15, the FTC issued a Final Rule prohibiting the impersonation of government and business entities and officers. The FTC elected not to adopt the portion of its proposed rule to prohibit providing the means and instrumentalities for violations against government or business impersonation, noting that it “warrants further analysis and consideration.” We discussed the proposed rule in greater detail here. The Final Rule will take effect 30 days after publication in the Federal Register.

The FTC also issued a Supplemental Notice of Proposed Rulemaking (SNPRM) that proposes to amend the newly adopted rule to prohibit the impersonation of individuals and extend the scope of liability for violations in place of its previous proposal. Specifically, and as we summarized here, the SNPRM proposes to revise the FTC’s Trade Regulation Rule on Impersonation of Government and Business to both add a prohibition on the impersonation of individuals, and extend liability for Rule violations to parties who provide goods and services with “knowledge or reason to know that those goods or services will be used in impersonations of the kind that are themselves unlawful under the Rule.” Comments on the SNPRM are due 60 days after publication in the Federal Register.

CFPB Report Alleges That Larger Banks Charge Higher Credit Card APRs on Average Than Smaller Banks and Credit Unions. On February 16, the CFPB released a report finding that the 25 largest credit card issuers charged customers Annual Percentage Rates (APR) of 8 to 10 points higher than small- and medium-sized banks and credit unions. The report found that large issuers offer higher purchase APRs across credit tiers of poor, good, or great credit. Moreover, the report found that large banks were more likely to charge an annual fee, with 27% of large issuers’ credit cards carrying an annual fee as compared to just 9.5% for small issuers.

FTC Staff Sends Annual Letter to CFPB on 2023 ECOA Activities. On February 16, FTC staff provided the CFPB with its annual summary of its enforcement and related activities on the Equal Credit Opportunity Act (ECOA). ECOA prohibits discrimination on the basis of race, color, religion, national origin, sex, marital status, age, receipt of public assistance, or good faith exercise of any rights under the Consumer Credit Protection Act. ECOA also requires creditors to provide applicants with the reasons underlying any decisions to deny credit, upon request. The FTC is responsible for ECOA enforcement and business and consumer education regarding most nonbank financial service providers. The FTC’s 2023 annual summary describes a number of activities that the agency has undertaken, including several enforcement actions against auto dealership groups; a report detailing the consumer issues that affect American Indian and Alaska Native populations; and the FTC’s participation as a member of both the Interagency Task Force on Fair Lending and the Interagency Fair Lending Methodologies Working Group.

CFPB Issues Revisions to Its Supervisory Appeals Process. On February 16, the CFPB issued a procedural rule updating the process by which financial institutions appeal supervisory findings. Among other things, the procedural rule: (1) allows the Supervision Director to select an appeals committee of three CFPB managers with relevant expertise who did not work on the matter being appealed; (2) allows the appeals committee to remand a matter to Supervision staff for consideration of a modified finding; and (3) permits financial institutions to file an appeal of any compliance rating or finding – not just an adverse rating.

FTC Data Demonstrates That Consumers Reported Losing More Than $10 Billion to Fraud in 2023. On February 9, the FTC released new data showing that consumers reported losing more than $10 billion to fraud schemes in 2023, which is the first time that reported fraud losses have reached that level, and constitutes a 14% increase over losses reported in 2022. According to the new data, the FTC received fraud reports from 2.6 million consumers last year, which is nearly the same amount as 2022. Moreover, consumers reported losing $4.6 billion to investment scams – more than any other category in 2023, and representing a 21% increase over 2022. The second highest reported losses came from imposter scams, with reported losses of nearly $2.7 billion.  

Select Enforcement Actions

FTC and California DFPI Obtain Judgment Against Mortgage Relief Companies and Their Owners. On February 2, the U.S. District Court for the Central District of California entered orders granting the FTC’s and California Department of Financial Protection and Innovation’s (DFPI) motions for default judgment against six mortgage relief companies and summary judgment against the four individual defendants for violations of the FTC Act, the Mortgage Assistance Relief Services Rule, the Telemarketing Sales Rule (TSR), the COVID-19 Consumer Protection Act, and the California Consumer Financial Protection Law. In September 2022, the FTC and California DFPI sued a series of mortgage relief companies and their owners for allegedly misleading consumers by claiming a track record of success in lowering mortgage interest rates and an ability to “beat the system” while providing advice that cost consumers money and damaged their credit. The court order against the companies and individuals also grants the FTC’s and California DFPI’s proposed order for permanent injunction and monetary relief. All defendants are prohibited from engaging in telemarketing or debt relief services and are responsible to pay $15.8 million in restitution.

CFPB Settles with Mortgage Relief Attorneys for Allegedly Misrepresenting Loan Relief Services and Fees. On February 5, the CFPB entered into a settlement agreement with a legal organization and four of its attorneys, and on February 6, filed a joint dismissal agreement in the Seventh Circuit Court of Appeals. In 2014, the CFPB filed a complaint against the defendants for allegedly misrepresenting the loan relief legal services they provided and charging consumers fees before providing the loan relief services in violation of Regulation O. In July 2021, the Seventh Circuit affirmed the district court’s holding that found the defendants in violation of Regulation O but remanded the case back to the district court for further proceedings on remedies. The defendants again appealed the district court’s order awarding monetary and injunctive relief. To resolve this issue, the defendants have agreed to an eight-year ban on working in the mortgage assistance industry and to $10.9 million in redress and $1.1 million in civil penalties.

FTC Obtains Judgment Against Operator of Small Business Financing Company for Alleged Unlawful Debt Collection Practices. On February 6, the U.S. District Court for the Southern District of New York issued a final judgment against an individual who controlled a small-business funding company, for $20.3 million in restitution and civil penalties. The court had previously issued a permanent injunction against the defendant in October 2023 finding that the defendant and his company had violated the FTC Act and Gramm-Leach-Bliley Act (GLBA). The FTC first brought the case against the defendant in 2020, alleging that the defendant had misled consumers by misrepresenting the terms of cash advances and using unfair collection practices.

FTC Settles with Debt Relief Service Providers for Allegedly Deceptive Marketing Practices. On February 6, the FTC filed stipulated orders in the U.S. District Court for the Central District of California against two companies that offered debt relief services and two of their officers. The FTC filed a complaint against the defendants in August 2023 alleging that the companies falsely purported to be affiliated with the U.S. Department of Education and misrepresented the debt relief services that the company provided, in violation of the FTC Act, Telemarketing Sales Rule (TSR) and Gramm-Leach-Bliley Act (GLBA). The defendants agreed to injunctive relief and a monetary judgment of $7.4 million.

FTC Obtains Summary Judgment Against Health Plan Company and Its CEO for Allegedly Deceptive Marketing. On February 7, the U.S. District Court for the Southern District of Florida granted the FTC’s motion for summary judgment against a health plan company and its CEO for violations of the FTC Act and TSR. The FTC filed a complaint against the defendants in 2018 alleging that the company misrepresented the health care coverage provided to consumers. The court issued a permanent injunction against the defendants in addition to a $195 million monetary judgment.

FTC Settles with Software Company for Allegedly Misleading Data Privacy Practices: On February 22, the FTC issued a complaint and order against a software company and its subsidiaries for alleged violations of the FTC Act. The FTC alleges that the company shared consumer browsing data with third parties without properly disclosing these practices to consumers or sufficiently anonymizing the data. The FTC also alleges that the company’s advertisements about its software’s privacy protections were misleading. The company agreed to a $16.5 million monetary penalty in addition to a ban on selling and disclosing browser data and deletion of its browsing data and derivative algorithms and models.

Upcoming Comment Deadlines and Events

FTC to Hold PrivacyCon 2024. The FTC will hold PrivacyCon 2024 on March 6, 2024. The event will be particularly focused on automated systems and AI, health-related “surveillance,” children’s and teens’ privacy, deepfakes and voice clones, worker “surveillance,” and advertising practices. The agenda for PrivacyCon 2024 will be posted here prior to the event. Members of the public wishing to attend the event may visit the FTC’s website at to access the live webcast.

FTC Seeks Comment on Its Proposed Revisions to the COPPA Rule. Comments are due March 11, 2024 on the agency’s COPPA Rule NPRM. The COPPA Rule “imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.” If adopted, the NPRM’s proposals would place new restrictions on covered operators’ use and disclosure of the personal information of children, and further limit the ability of covered operators to condition access to services on sharing data with third parties including for advertising purposes. Specifically, the NPRM’s proposals would, among other things, require separate parental consent for sharing children’s data in addition to obtaining consent for collection; allow text messages as a means to obtain parental consent; expand the definition of “personal information” to include biometric information; require covered operators to develop written information security programs as well as retention policies, and follow data minimization practices; and codify schools’ ability to authorize collection of children’s data for limited educational purposes.

CFPB Seeks Comment on Proposed Rule to Prohibit NSF Fees for Instantaneously Declined Transactions. Comments are due March 25, 2024 on the CFPB’s Proposed Rule to prohibit “covered financial institutions,” as the term is defined in Regulation E, from charging nonsufficient funds (NSF) fees on transactions that are declined instantaneously or near-instantaneously for insufficient funds. According to the Proposed Rule, a declination occurs instantaneously or near-instantaneously “when the transaction is processed in real time and there is no significant perceptible delay to the consumer when attempting the transaction.” The proposed prohibition would cover transactions involving debit cards, ATMs, and person-to-person (P2P) payment applications. If adopted, the Proposed Rule would make charging such NSF fees an abusive practice under the Consumer Financial Protection Act.

FTC Extends Deadline to Consider COPPA Parental Consent Mechanism That Uses Machine Learning Technology. The FTC announced that it extended by 60 days the January 29, 2024 deadline to consider whether to approve a June 2, 2023 Application to use “Privacy-Protective Facial Age Estimation” technology to obtain parental consent under the Children’s Online Privacy Protection Act (COPPA) Rule. Public comments on the Application were due August 21. The COPPA Rule permits parties to file written requests for FTC “approval of parental consent methods” not listed in the COPPA Rule. The new deadline for the FTC to consider the Application is March 29, 2024.

CFPB Proposes Rule to Target Certain Overdraft Fees Charged by Large Financial Institutions. Comments are due April 1, 2024 on the CFPB’s Proposed Rule to amend Regulation E, implemented under the Electronic Fund Transfer Act, and Regulation Z, implemented under the Truth in Lending Act, to update regulatory exceptions for overdraft credit provided by financial institutions with assets of $10 billion or more. Among other things, the Proposed Rule would, if adopted, preserve courtesy overdraft loan services provided by these financial institutions, but would limit the fees charged on such loans to only the financial institutions costs and losses. Specifically, the Proposed Rule would permit financial institutions to calculate their own costs using either a “breakeven standard” or rely on a “benchmark fee” set by the CFPB. Under the “breakeven standard,” the Proposed Rule would allow financial institutions to charge fees to recover both losses the financial institutions incur when they write off overdrawn account balances not returned to positive, and any direct costs that are traceable to the provision of overdraft services. Under the “benchmark fee” approach, financial institutions would be permitted to charge a fixed fee set by the CFPB.

More Analysis from Wiley

FCC Extends Regulatory Reach Over AI: Announces TCPA Restrictions Cover AI-Generated Voices in Outbound Calls

California Appeals Court Allows Immediate Enforcement of CPRA Regulations

DOJ Signals Tough Stance on Crimes Involving Misuse of Artificial Intelligence

SEC Chairman Critiques AI: Compares Faulty AI to "Hallucinogenic Mushrooms" and Predicts Regulation and Oversight

Wiley Promotes Megan Brown and Duane Pozza to Co-Chairs of Privacy, Cyber & Data Governance Practice

Podcast: AI in 2024: What Comes Next?

CES 2024: FTC Commissioner Slaughter Discusses New Rules, Competition, and AI

State Privacy Update: New Jersey Becomes 13th State to Pass a Consumer Privacy Bill

Heading into 2024, Federal AI Activity Ramps Up After AI Executive Order

AI Around the Globe: What to Know in 2024

Cybersecurity in 2024: Ten Top Issues to Consider

New AI Executive Order Outlines Sweeping Approach to AI

California Previews Draft Regulations for Automated Decision-Making Technology, Promising More to Come in 2024

Annual Updates to Privacy Policies Reminder and Looking Ahead to 2024

Congress Ramps Up Its Focus on Artificial Intelligence

FCC and FTC Launch Inquiries on AI and Voice Cloning

FCC Expands Privacy and Data Protection Work with States to Increase Investigations

AI Use is Promising Yet Risky for Government Subpoenas and CIDs

DOJ Must Help in Fighting Illegal Robocalls, Lawyers Say

CFPB Poised to Significantly Expand the Reach of the Fair Credit Reporting Act

FTC and HHS Caution Hospitals and Telehealth Providers on Tracking Tech

Podcast: The “Wild West” of AI Use in Campaigns

SEC Cyber Reporting Mandates: How to Request a National Security or Public Safety Delay

Podcast: What could AI regulation in the U.S. look like?

Podcast: AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework

Generative AI Policies: Five Key Considerations for Companies to Weigh Before Using Generative AI Tools

U.S. State Privacy Law Guide

Legal 500 US Recognizes Wiley’s Telecom, Media & Technology Practice as Tier 1. Read more here.

Read Time: 15 min
Jump to top of page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.