Ad Law Access Updates on advertising law and privacy law trends, issues, and developments Tue, 02 Jul 2024 15:54:13 -0400 60 hourly 1 CFPB Issues Proposed Rule to Expand Supervisory Authority, Conduct Examinations of Digital Wallets and Mobile Payment Apps Wed, 08 Nov 2023 14:00:00 -0500 Yesterday, the Consumer Financial Protection Bureau (CFPB) released a notice of proposed rulemaking that would allow the agency to supervise and conduct examinations of certain non-bank providers of digital wallets and payment apps. The move is intended to address perceived “regulatory arbitrage by ensuring large technology firms and other nonbank payments companies are subjected to appropriate oversight,” according to CFPB Director Rohit Chopra.

While the Bureau has always had enforcement authority over digital wallets and payment apps, the proposed rule would newly authorize the Bureau to “supervise” the providers, including by conducting periodic examinations, which can include on-site or remote inspections, review of company compliance policies and procedures, testing transactions and accounts, and evaluating management and recordkeeping systems. Examinations may result in supervisory letters, compliance ratings, or, if inspectors identify perceived legal violations, enforcement actions with fines and civil penalties.

The Bureau’s proposed rule – its sixth effort to supervise nonbank providers of financial services – comes as an increasing number of financial transactions occur outside the traditional banking system. “Payment systems are critical infrastructure for our economy,” Director Chopra said in a press release announcing the new rule. “These activities used to be conducted almost exclusively by supervised banks” and the proposed rule is intended to require fintech providers to “play by the same rules as banks and credit unions.”

The rule would open up supervision and inspection for “larger participants” offering “general-use digital consumer payment applications,” including digital wallets, payment apps, funds transfer apps, person-to-person (P2P) payment apps, or similar. The proposed rule notes that subject entities would be examined for compliance with federal consumer financial laws and their prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and Regulation P, and the Electronic Fund Transfer Act and Regulation E, amongst other laws.

The rule would only apply to companies that the CFPB defines as “larger participants” and proposes a threshold of companies that process five million transactions in a year (including affiliated companies) that are not considered a “small business concern” by the Small Business Administration. The Bureau estimates that 17 providers of general-use digital consumer payment applications would currently meet the proposed threshold and that those providers handle roughly 88% of known transactions in the nonbank market for general-use digital consumer payment applications. Notably though, those numbers are just estimates – and could be based on incomplete or inaccurate data. Either way, that number is likely to grow as fintech transactions continue to grow in popularity.

A few additional highlights on scope and key definitions:

  • The proposed rule applies to larger participants providing a “covered payment functionality through a digital application for consumers’ general use in making consumer payment transactions.”
  • A “covered payment functionality” is a “funds transfer functionality,” a “wallet functionality” or both. Wallet functionality is defined broadly to include any product or service that stores account or payment credentials, and that transmits, routes, or otherwise processes such stored account or payment credentials to facilitate a consumer payment transaction.
  • “Digital applications” are defined as software programs run from a personal computing device, like a mobile phone, watch, or a tablet. The application should be available for “general use,” meaning it does not have significant limitations on its use for consumer payment transactions. According to the proposed rule, if the application can only be used to buy a specific category of products or services (i.e., transportation, lodging, food), it does not meet the definition of general use.
  • The proposed rule defines “consumer payment transactions” to include paying another person for a “personal, family, or household purpose” and to exclude international money transfers or foreign exchange transfers, or a transaction conducted by a person for the sale of goods/services at that person’s store or marketplace.

The Bureau solicits comments on all aspects of the proposed rule, as well as specific definitions and limitations, and will accept comments until January 8.

Big Brother & Biased Bots: Practical Considerations for Using AI in Employment Decision-Making Mon, 02 Oct 2023 08:00:00 -0400 The adoption of artificial intelligence (AI) in the workplace is accelerating with an increasing number of employers integrating AI-related technologies into every stage of the employment lifecycle – from recruitment to separation. While these technologies offer employers opportunities to streamline certain processes and make others more objective, they also pose certain challenges and legal risks.

In a recent webinar, Kelley Drye Partners, Kimberly Carter and Katherine White, and General Counsel & Deputy Comptroller for Legal Affairs, NYC Office of the Comptroller, Justina K. Rivera, explored the current AI legal and regulatory landscape in the U.S. and the opportunities and challenges associated with using AI-related technologies in the employment context. In this blog post, we summarize the high-level takeaways from the session.

AI Legal and Regulatory Landscape in the U.S.

Currently, no federal law specifically regulates the use of AI-related technologies. However, in recent years, federal regulators, including the Equal Employment Opportunity Commission (EEOC) and the Department of Justice (DOJ), have taken certain steps that demonstrate that they have been (and will remain) focused on the use of AI in the workplace.

More notably, in April 2023, the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the DOJ’s Civil Rights Division, and the EEOC issued a joint statement noting that existing laws apply to the use of AI-related technologies and affirming that each agency/department will use its existing statutory authority to protect against unlawful discrimination in AI systems.

Moreover, in the absence of federal legislation regulating the use of AI-related technologies, certain state and local lawmakers have enacted laws that regulate the use of such tools in the employment context.

  • Illinois: In 2019, Illinois enacted the Artificial Intelligence Video Interview Act (effective January 1, 2020), which, among other things, requires an Illinois-based employer to provide notice and obtain a job applicant’s consent prior to using AI to analyze the applicant’s video interview and consider the applicant’s fitness for a position.
  • Maryland: In 2020, Maryland enacted House Bill 1202 (effective October 1, 2020), which prohibits a Maryland employer from using certain facial recognition services during an interview without the job applicant’s consent.
  • New York City: In 2021, New York City enacted the most expansive law in the U.S. regulating the use of AI in the employment context to date. Local Law 144 (effective January 1, 2023; enforceable July 5, 2023) prohibits a covered employer/employment agency from using an automated employment decision tool in hiring or promotion decisions unless: (1) the tool has been subject to an annual bias audit; and (2) the employer/employment agency has provided a notice to each job applicant or employee at least 10 business days prior to the use of the tool.

Several other states, including California, Massachusetts, New Jersey, and Vermont, are considering legislation that would also regulate AI in the workplace.

Putting It Into Practice

As federal, state, and local lawmakers and regulators continue to respond to the proliferation of AI-related technologies, an organization that is using these tools in the employment context should take certain steps to ensure legal compliance and help avoid regulatory scrutiny, including the following:

  • Assess current uses of AI-related technologies to determine whether any existing laws and regulations are applicable.
  • Conduct bias audits of AI-related technologies, including those provided by third-party vendors, to ensure that there is no disparate impact on protected classes (e.g., race, sex, disability, etc.).
  • Prepare and distribute required notices to job applicants and/or employees regarding the use of AI-related technologies and obtain required consents.
  • Ensure that the use of AI-related technologies is explainable and consider implementing a dispute process so that job applicants and/or employees can dispute and correct inaccurate information that may have contributed to an adverse employment decision.
  • Monitor developments and consult legal counsel to ensure that the organization is aware of proposed and recently enacted laws and regulations and meeting its obligations.
State AGs and CFPB Stop Tempoe’s Rhythm Tue, 19 Sep 2023 00:00:00 -0400 A bipartisan coalition of 42 Attorneys General, led by Iowa, Nebraska, and Tennessee, and the Consumer Financial Protection Bureau (CFPB) announced a $35 million settlement with Tempoe LLC, a specialty consumer finance company. The multistate settlement resolves claims that the company’s marketing sales practices misled consumers that they signed up for an installment plan or credit sale to purchase personal goods and services, when in fact they ended up leasing the items.

As part of its business model, Tempoe leased a variety of goods to consumers like furniture and appliances, but also goods and services that one might not normally think of in a lease – such as car parts and repairs as well as toys. The company offered their lease options after a consumer applied and was rejected for conventional financing through the retailer, and as a result the states alleged consumers were misled that they were entering into installment contracts or credit sales. States also alleged Tempoe’s leasing agreements had a complicated structure. Consumers made periodic payments for an initial term of five months. If the consumer did not affirmatively tell the company they wanted to purchase or return the product, Tempoe would auto-debit the consumers for the full month-to-month term of the contract which was typically 18 to 36 months. Confused consumers ultimately ended up having to pay double or triple the typical purchase price of the product or service, State AGs claimed.

Tempoe’s leasing agreements also allegedly lacked disclosures required by Regulation M, which implements the Consumer Leasing Act. The company did not provide some consumers with a copy of their lease agreement until after the transaction. Consequently, some consumers had to rely on oral descriptions from employees. Tempoe also trained its employees to avoid calling the product a “lease.”

States also claimed the company had complex return requirements. If a consumer wanted to cancel their lease agreement after the first 30 days, but within the initial five-month term, the consumer had to return the product to Tempoe. However, the company did not accept the returns of many items, including products that were less than $300. Instead of going through the hassle of returning, consumers would exercise the “purchase option” on the lease even though they ended up paying more than the original price due to the high leasing fees.

Tempoe entered into over 1.8 million financial agreements and generated approximately $192 million in revenue from about 325,000 consumers between 2015 and 2022. In addition to the provisions below, Tempoe must pay an additional $1 million to the states participating in the settlement, and another $1 million to the CFPB.

The settlement also includes injunctive provisions that:

  • Permanently bans Tempoe from engaging in future consumer leasing activities as well as cancelling all existing leases.
  • Permits consumers to keep any leased merchandise regardless of the status of their account with Tempoe, and without having to make any further payments (an in-kind financial relief estimating $33 million nationwide).
  • Prohibits the company from providing any negative information regarding consumers to any consumer reporting agency.

Biggest Takeaways: State AGs and the CFPB continue to collaborate on multistates with restitution provisions uniquely tailored to the alleged consumer injuries. This collaboration leads to varied allegations as the CFPB can enforce different laws than states such as the Consumer Lending Law.

Additionally, it’s important to note what consumers are expecting –the more a product or service is out of the ordinary, the more disclosures are needed. In Tempoe’s case, their simple disclosures were not enough to cure the expectations of consumers who are unlikely to expect that some of the types of goods they were “purchasing” were actually only leased. We’re seeing this expectation all throughout regulator enforcements, particularly in the AI space where State AGs have emphasized the importance of businesses being clear and transparent about the complexities of how they are using AI in consumer products and services.

To learn more about enforcement priorities throughout the state attorneys general landscape, join us for our upcoming webinar with the New Hampshire Attorney General on October 19.

Texas Court Puts Hold on CFPB’s Use of Unfairness Authority to Include “Discrimination” Tue, 12 Sep 2023 00:00:00 -0400 As the Supreme Court deliberates over the Fifth Circuit’s ruling that the CFPB’s funding method is unconstitutional, another court in the Fifth Circuit dealt a blow to the CFPB’s aggressive agenda. On Friday, the District Court for the Eastern District of Texas invalidated the Bureau’s March 2022 updates to its examination manual that instructed CFPB examiners to determine whether financial institutions and service providers adequately protect against discrimination, including disparate impact. If it holds in likely appeals, the decision could have a far-reaching impact on both the CFPB’s and the FTC’s attempts to use their unfairness authority to bring enforcement to remedy perceived discriminatory practices, as well as other attempts by both agencies to broadly interpret statutory grants of authority and use them in novel and untested ways.

Examination Manual and Chamber of Commerce Challenge

In a March 2022 announcement, the Bureau announced “changes to its supervisory operations to better protect families and communities from illegal discrimination, including in situations where fair lending laws may not apply.” As explained in that press release, the Bureau updated its UDAAP examination manual, which instructs CFPB examiners how to evaluate whether covered entities are engaged in unfair, deceptive, or abusive acts and practices (UDAAP), to “require supervised companies to show their processes for assessing risks and discriminatory outcomes, including documentation of customer demographics and the impact of products and fees on different demographic groups.” The updates instruct examiners to evaluate potential discrimination in all consumer finance markets, including credit, servicing, collections, consumer reporting, payments, remittances, and deposits, and irrespective of whether specific discrimination statutes such as the Equal Credit Opportunity Act (ECOA) apply.

The Chamber of Commerce brought suit to challenge the examination manual on a number of constitutional and statutory grounds, including that the Bureau exceeded its authority by unilaterally attempting to sweep in discriminatory conduct as “unfair” without Congressional authorization.

District Court Decision and Key Takeaways

In the decision on Friday, Judge Barker first acknowledged that the Fifth Circuit already found the CFPB’s funding mechanism to be unconstitutional, but that that decision was pending Supreme Court review. The court nonetheless reached the issue of statutory authority because of a “compelling reason to reach at least one alternative ground for the same relief sought on Appropriations Clause grounds.” The court also found that the examination manual itself was final agency action warranting review under the Administrative Procedure Act because “it obligates agency personnel to act on a particular understanding of unfair act or practice in examining and supervising companies,” namely that they must also consider whether financial institutions have adequately considered potential discriminatory effects in advertising, pricing, and offering financial products and services.

On the crux of the court’s decision on statutory authority, the court applied the “major-questions canon” to hold that the Bureau could not sweep in discrimination under its unfairness authority because:

  • “whether the CFPB has authority to police the financial-services industry for discrimination against any group that the agency deems protected, or for lack of introspection about statistical disparities concerning any such group, is a question of major economic and political significance”; and
  • state and federal statutes, including the Consumer Financial Protection Act itself, at times authorize regulation of discrimination in clear and precise terms, so the lack of reference to discrimination in connection with the CFPB’s UDAAP authority suggests that it should not be impliedly included.

In so doing, the court also rejected the Bureau’s arguments that relied, in part, on the FTC’s historical and recent use of unfairness to police discriminatory practices. The CFPB had argued, among other things, that the plain language of unfairness clearly covered discrimination (“There has never been an unstated, atextual exception to the prohibition on unfairness for discrimination, just as there is not an unstated exception to unfairness for conduct that happens on Leap Day.”). While the court agreed that the unfairness language in Section 5 of the FTC Act (on which the relevant portion of the Dodd-Frank Act was based) could plausibly be construed to cover discrimination, including disparate impact, the language is not “exceedingly clear” and its history “does not refute its ambiguity.” Without that clear language, the court could not find that Congress intended for unfairness to encompass discrimination.

This decision suggests that the CFPB and FTC may face an uphill battle if they bring similar actions grounded on findings of discriminatory impact on unfairness grounds, as well as in other enforcement actions attempting to broadly construe longstanding statutory authority in new ways. As we discussed here, the FTC last year alleged that Passport Automotive violated the FTC Act by, among other things, engaging in unfair conduct that had a disparate impact on Black and Latino customers. The FTC’s settlement against Passport Automotive required the company to establish a fair lending program with written guidelines specifying the reasons for assessing or not assessing any fee or other charge and objective factors that may be considered in so doing. Nonetheless, the Bureau is likely to appeal the court’s decision and the FTC is similarly unlikely to accept the underlying rationale of the ruling on its face anytime soon. So while the decision marks a substantial setback in the CFPB’s attempts to take expansive views of its statutory authority, the battle of whether the Bureau – and the FTC – can use unfairness principles to combat practices with discriminatory effects will likely continue.

When Chatbots Go Rogue Wed, 07 Jun 2023 10:20:10 -0400 Last week, a mental-health chatbot used by the National Eating Disorder Association suddenly began giving diet advice to people seeking help for eating disorders. The rogue chatbot had apparently been developed as a closed system, but the software developer rolled out an AI component to the chatbot in 2022. NEDA claims it was not consulted about the update and did not authorize it. The organization has now taken the chatbot offline.

This incident demonstrates the potential dangers companies face when employing AI chatbots to provide customer service and address consumer needs.

Regulators and law enforcement agencies are taking note. In recent blog posts and reports, both the CFPB and FTC have cautioned companies about over-relying on chatbots and generative AI to provide customer service and resolve consumer concerns.

CFPB Spotlights the Use of Chatbots by Financial Institutions

On June 6, the CFPB released a new issue spotlight on the use of chatbots by banks and other financial institutions. The report notes that banks have increasingly moved from “simple, rule-based chatbots towards more sophisticated technologies such as large language models (“LLMs”) and those marketed as ‘artificial intelligence.’” While these chatbots are intended to simulate human-like responses, they can end up frustrating consumers’ attempts to obtain answers and assistance with financial products or services. Some of the CFPB’s listed concerns are:

  • Limited ability to solve complex problems, resulting in inadequate levels of customer assistance (for example, difficulty understanding requests, requiring use particular phrases to trigger resolution, difficulty knowing when to connect with live agent). The CFPB argues this is particularly concerning in the context of financial services, where consumers’ need for assistance could be “dire and urgent.”
  • The potential for inaccurate, unreliable, or insufficient information. In contexts where financial institutions are required to provide people with certain information that is legally required to be accurate, such lapses may also constitute law violations.
  • Security risks associated with bad actors’ use of fake impersonation chatbots to conduct phishing attacks at scale, as well as privacy risks both in securing customers’ inputted data or in illegally collecting and using personal data for chatbot training purposes.

The CFPB notes that is actively monitoring the market to ensure financial institutions are using chatbots in a manner consistent with customer and legal obligations.

FTC Raises Concerns Regarding Chatbots and “Dark Patterns”

The FTC addressed the intersection of chatbots and “dark patterns” in a recent blog post. (As explained in more detail here and here, “dark patterns” are sometimes defined as practices or formats that may manipulate or mislead consumers into tacking actions they would not otherwise take.) The Commission is worried that consumers may place too much trust in machines, and expect that they are getting accurate and neutral advice.

The agency cautioned companies that using chatbots to steer people into decisions that are not in their best interests, especially in areas such as finance, health, education, housing, and employment, is likely to be an unfair or deceptive act or practice under the FTC Act.

In addition, the FTC warned companies to ensure that native advertising present in chatbot responses is clearly identified, so that users are clearly aware of any commercial relationships present in listed results. The blog was very clear that “FTC staff is focusing intensely on how companies may choose to use AI technology…in ways that can have actual and substantial impact on consumers.”

Given the regulators’ avowed interest in this space, companies should take care that their use of chatbots comports with this most recent guidance.

FTC, CFPB, DOJ, and EEOC Pledge Increased Focus on Discrimination in AI Wed, 26 Apr 2023 09:39:39 -0400 Artificial intelligence and algorithmic processes continue to remain at the top of federal law enforcement agencies’ agendas. Yesterday, the FTC, CFPB, DOJ, and EEOC issued a joint statement pledging to use their respective tools to “protect the public from bias in automated systems and artificial intelligence.”

While these agencies’ general commitment to monitoring AI processes is not new (for example, see here, here, and here for recently-published guidance related to the use of AI in various contexts), the joint statement shows they are now making concerted efforts to approach AI enforcement in a methodical and coordinated manner. The statement summarizes the agencies’ existing legal authority and prior work relating to AI issues, along with three main areas of concern:

  • Bad data: Datasets used to train algorithms may be unrepresentative, imbalanced, biased, or contain other errors that could result in discriminatory outcomes. Similar outcomes could occur if automated systems end up correlating data with protected classes.
  • Lack of transparency: Many algorithmic models are “black boxes” whose internal workings may not be clear even to their developers. The lack of transparency makes it difficult to evaluate whether the systems are acting fairly.
  • Unanticipated uses: Automated systems designed with one purpose in mind may be appropriated for other uses. In such cases, the repurposed algorithm may produce improper results because the system’s design is based on flawed assumptions about its users, relevant context, or underlying practices or procedures it might replace.

In addition to discrimination harms, the joint statement also points to other possible AI-related harms, such as companies overstating AI capabilities and using improperly collected data to train AI systems.

The joint statement doesn’t necessarily break new ground, but it communicates a level of urgency, prioritization, and cross-agency collaboration that should not be overlooked. Companies using automated systems to make decisions that could affect consumers should carefully monitor outcomes for discriminatory impact and take efforts to control for biases in training datasets.

You’re Invited to a Webinar on What to Expect in 2023 FinTech and Financial Services Regulation Tue, 28 Feb 2023 17:39:36 -0500 Join members of Kelley Drye’s Advertising, Privacy, and Financial Services teams on March 8, 2023 at 12:30-1:30 ET for an overview of hot topics and issues to watch for in 2023 in fintech and financial services.

Both the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) have set an aggressive agenda for 2023 that could fundamentally alter the regulatory landscape governing fintech and financial services providers. In pushing to expand the boundaries of third-party liability, the agencies are looking beyond traditional financial services providers to retailers, social media and tech platforms, lead generators, data aggregators, and others. The efforts come amidst simultaneous challenges to the fundamental structure and authority of each agency.

Please join us for a webinar with Partners Matt Luzadder and Donnelly McDowell and two of Kelley Drye’s newest team members with significant financial services and privacy experience at the FTC, Partner Kate White and Special Counsel Ioana Gorecki.

The webinar will cover a host of hot topics in advertising and privacy, including but not limited to:

  • FTC and CFPB priorities and pending challenges to each agency’s authority and structure
  • Expanded third-party liability for service providers
  • “Junk fees” and “dark patterns”
  • Financial privacy and data access portability
  • Discriminatory lending and credit practices
  • Crypto and blockchain developments


ECOA and Beyond: Recent Updates and Developments in Discrimination Enforcement Fri, 10 Feb 2023 15:36:28 -0500 On February 9, the FTC provided the CFPB with its annual summary of activities enforcing the Equal Credit Opportunity Act (ECOA). The release of this summary provides a great opportunity for a round-up and some updates on new developments in this space over the past year.

What is ECOA?

ECOA prohibits discrimination in consumer credit transactions on the basis of a number of protected categories, including race, color, religion, national origin, sex, marital status, and age. The statute’s prohibition covers “any aspect of a credit transaction” – a phrase that has been interpreted by the CFPB to cover creditor activities before, during, and after the extension of credit. In addition, creditors who deny a credit application, provide substantially less credit than requested, or make a change in the terms of an existing credit agreement, must provide applicants with specific reasons for the “adverse action.” Regulation B implements ECOA’s requirements and sets out more detailed rules for creditors to follow.

Who implements and enforces ECOA?

The Dodd-Frank Wall Street Reform and Consumer Financial Protection Act (CFPA) granted the CFPB rulemaking authority for ECOA and also conferred the CFPB with supervisory and enforcement authority as to entities subject to CFPB jurisdiction. In addition, the FTC retains overlapping authority to enforce ECOA and Regulation B as to entities within the FTC’s jurisdiction, which include most non-bank financial services providers. This week’s summary is in furtherance of the CFPB’s and FTC’s commitment to coordinate ECOA enforcement pursuant to a memorandum of understanding initially entered into in 2012.

Recent FTC developments

Discriminatory auto dealer financing practices. In 2022, the FTC brought two cases (here and here) against auto dealership groups, alleging that they violated ECOA by discriminating with respect to discretionary markups. Markups, also known as the “dealer reserve,” are commissions that dealers assess for arranging financing for car buyers. The markups usually involve charging 1-2% extra on top of the bank’s interest rate. The FTC also alleged that the dealerships were adding junk fees and unwanted add-ons to customer contracts in a discriminatory manner. This is the third auto dealer ECOA case the FTC has brought in the last couple of years (here’s another from 2020), signaling the agency’s commitment to focusing on auto dealer practices in the future.

Discriminatory artificial intelligence technologies. In 2022, the FTC also issued a report to Congress warning about using artificial intelligence (AI) to combat online problems such as scams, deepfakes, fake reviews, child sexual exploitation, hate crimes, and glorification of violence. The report cautions that the AI tools themselves can be inaccurate, biased, and discriminatory by design, reflecting the biases of its developers, and thus leading to potentially illegal outcomes.

Recent CFPB developments

ECOA’s applicability to prospective applicants. This month, the CFPB suffered a significant defeat in its first ever redlining case against a non-bank mortgage company based on violations of ECOA and the CFPA. In an action against Townstone Financial, the U.S. District Court for the Northern District of Illinois granted a motion to dismiss the CFPB’s complaint on the grounds that ECOA does not apply to prospective applicants. Although the language of Regulation B includes prospective applicants, the court determined that the agency’s interpretation was not in line with the statute’s intent. The CFPB must now decide whether to appeal to the Seventh Circuit Court of Appeals

Discrimination as “unfairness” under the CFPA. In early 2022, the CFPB updated its Supervision and Examinations Manual to make clear that discrimination is “unfair” under the CFPA, and that the Bureau plans to scrutinize discrimination “across the board in consumer finance,” “including in situations where fair lending laws may not apply.” The CFPB further clarified that consumers can be harmed by discrimination regardless of whether it is intentional. The revisions prompted a lawsuit last fall from trade groups to set aside the CFPB’s update as violating the Administrative Procedures Act (APA), which we previously discussed here. We’ll be keeping a close eye on both these actions.

It’s worth mentioning that the CFPB isn’t the only agency advancing these views. In one of the auto dealer cases described above, the FTC also alleged that the companies’ discriminatory financing activities constituted “unfair practices” under the FTC Act, prompting a spirited dissenting statement from former Commissioner Noah Phillips. State Attorneys General are taking similar positions. For example, California Attorney General Bonta sent letters under its Unfair Competition Law to hospital CEOs requesting information on how healthcare providers are addressing racial and ethnic disparities in commercial decision-making tools.

Digital marketing providers can be subject to discrimination allegations under the CFPA. Last fall, the CFPB issued a new interpretive rule announcing its position that digital marketing providers helping financial service companies identify and target consumers with online ads constitute “service providers” under the CFPA that can be held liable for any unfair, deceptive, or abusive uses of those marketing techniques. The CFPB specifically called out companies that gather and aggregate consumer-level data, engage in sophisticated analytic techniques to predict consumer behavior, and identify the most receptive consumer to receiving targeted ads. The CFPB also referenced its exam manual update that includes discrimination as a CFPA violation, reminding digital marketing providers that they could be subject to an investigation or enforcement for allegedly discriminatory uses of marketing and targeting services.

Clearly, there’s a lot going on in this space as both the FTC and CFPB make good on promises to think creatively about enforcement mechanisms to combat potentially discriminatory practices. We will be paying close attention to this space and will continue to update you on new developments.

Regulators Continue to Focus on “Dark Patterns” in Negative Option Marketing Thu, 19 Jan 2023 15:28:53 -0500 These days, consumers can obtain everything from newspapers to meal kits to credit monitoring services through subscriptions. The prevalence of these services, and the ease with which consumers can sign up, have gotten the attention of regulators who are concerned that some negative option marketing might confuse or trick consumers. The CFPB, FTC, and state AGs have been particularly vocal about practices they deem “dark patterns,” and continue to focus on the area.

Today, the CFPB put out guidance warning covered companies and service providers that “dark patterns” surrounding negative option marketing violate the Consumer Financial Protection Act’s prohibition on unfair, deceptive, or abusive acts or practices. As the circular makes clear, the CFPB has already brought enforcement actions alleging deceptive practices around negative options (see this case against a consumer reporting agency, and this case against a company that provided registration and payment services to organizers of events and races). The announcement also notes that the CFPB’s approach to negative option “dark patterns” is generally harmonized with that of the Federal Trade Commission (the FTC put out its own Enforcement Policy Statement Regarding Negative Option Marketing in October 2021). The guidance highlights the need for companies using negative option marketing to ensure that consumers: 1) understand the material terms of the negative option; 2) provide informed consent before being charged; and 3) are able to easily cancel recurring charges.

Negative option marketing encompasses a variety of products, such as automatic renewals, continuity plans, and free-to-pay conversions. Per the CFPB, it’s vital that consumers understand the material terms of these products before signing up. Material terms that must be disclosed include:

  • The fact that a consumer is being enrolled in, and will be charged for, a product or service;
  • The amount the consumer will be charged;
  • The fact that the charge will be recurring, unless the consumer takes affirmative steps to cancel; and
  • For free or reduced cost trial periods, that charges will start or increase at the end of the trial period, unless the consumer takes affirmative steps.

In addition to clearly disclosing material terms, companies must also obtain informed consent from consumers before they can be charged for the product and service. Companies will not be deemed to have obtained consent if they are found to have mischaracterized any feature of the negative option, or provided any contradictory or misleading information.

Finally, companies need to be sure that they do not misrepresent their cancelation policies, make it unreasonably difficult to cancel, or fail to honor cancelation requests made using the company’s stated procedures. The ease of cancelation has been a priority not just for federal regulators, but for the state AGs and self-regulatory bodies as well (see our coverage of the NAD’s Blue Apron decision here). Many of these cases have stressed that companies should ensure that the means of cancelation is as easy as the method to sign up for the negative option.

While the CFPB’s interest in this area isn’t new, today’s guidance serves as a reminder to companies to review their practices surrounding negative options, as they will continue to face heightened scrutiny from regulators.

CFPB Tackles Fine Print in Consumer Financial Contracts Thu, 12 Jan 2023 11:20:26 -0500 Downloading an app, buying a product or service, or otherwise interacting with a company frequently requires consumers to consent to multi-page contracts. In a new proposed rule, the CFPB would require nonbank financial companies subject to the CFPB’s supervisory jurisdiction to register any use of such form contracts if they contain terms that seek to waive or limit consumer rights and legal protections. Here are more details:

Registration requirements would apply to companies using form contracts (contracts drafted prior to the transaction for use in multiple transactions between the company and consumers). In addition, the form contracts must contain certain “covered terms and conditions,” as described below. This information would be made publicly available on the CFPB’s website.

The terms and conditions targeted by the CFPB proposed rule are:

  • limits on consumer ability to bring a legal action by dictating the time frame, forum, or venue for a consumer to bring a legal action;
  • inclusion of arbitration agreements;
  • limits on ability to bring or participate in class action lawsuits;
  • limits on the company’s liability to consumers including by capping the amount of recovery or type of remedy;
  • waivers of claims consumers can bring in a legal action;
  • limits on the ability of consumers to complain or post reviews; and
  • waivers of other identified legal protections afforded under Constitutional law, a statute or regulation, or common law.

Some of these limitations are already prohibited under other statutes. For example, any contract term limiting consumers’ ability to complain or post reviews is already prohibited under the Consumer Review Fairness Act, discussed in more detail here.

But many other proposed terms and conditions are ubiquitous in financial company form contracts. For example, many companies include arbitration agreements in their terms and conditions and place limits on consumers’ ability to bring a legal action by specifying the time frame, forum, or venue for such legal action. Such contractual terms would trigger the need for CFPB registration under the new proposed rule, which could in turn trigger subsequent scrutiny under the Bureau’s UDAAP authority. Similarly, many form contracts limit the company’s liability to a consumer in one way or another, which is another “covered” term requiring registration. Indeed, as currently drafted, the CFPB’s proposed rule may result in the majority (if not all) of nonbank financial institutions needing to register contracts in the CFPB’s registry for public disclosure.

In promulgating this proposed rule, the CFPB relies on its CFPA mandate to monitor for risks to consumers in consumer financial products and services, and to conduct a risk-based supervision program for nonbanks (see CFPA §§ 1022(c) and 1024(b)). The information gathered in the registry would be used to aid in such monitoring and supervision efforts, as well as to inform the agency’s enforcement, consumer education, and rulemaking functions. Finally, the registry is intended to aid in enforcement actions by other regulators and raise public awareness about the use of covered terms.

Given the widespread use of form agreements, now is a good time to determine whether any of your company’s contract terms are covered under the proposed CFPB rule, and, if so, whether changes are in order. The specific terms and conditions included in the CFPB proposed rule signal regulators’ particular interest and likely increased scrutiny of these types of provisions in financial contracts.

Comments on the proposed rule are due by March 13, 2023.

Statements to the State AGs: CFPB and FTC Priorities for 2023 Fri, 09 Dec 2022 13:32:02 -0500 At this week’s National Association of Attorneys General Capital Forum, FTC Chair Lina Khan and CFPB Director Rohit Chopra addressed state AGs and their staff on a number of pressing issues, including antitrust, enforcement authority, privacy and other priorities. And most importantly to the state AG observers, both agency heads expressed the value of state enforcement authority and partnerships.


Chair Khan noted the FTC is in the process of revising its merger guidelines and ensuring antitrust enforcement is in line with day to day realities. She discussed efforts in hearing from communities through monthly open meetings and, particular to the merger guidelines, listening sessions. Chair Khan also noted both in terms of antitrust issues and echoed throughout her remarks that the FTC is evaluating its toolkit and statutory authority provided by Congress. Here, this included Section 5 in regard to unfair competition in addition to the Sherman and Clayton Acts. She also expressed appreciation for reinvigoration of antitrust enforcement generally, partially stemming from the states, and looking forward to working as “equal partners.”

Director Chopra added that his office should reflect on merger settlements of the past and learn from agencies’ potential mistakes. Both he and Chair Khan noted that the agencies need to look closely when businesses are proposing something that is problematic or unlawful and instead of working for months to try to fix it, find a different approach.

Enforcement Authority

Director Chopra began his remarks by expressing his feeling that the CFPB “do[es] not have a monopoly on consumer protection” and that the Bureau should be partners in protecting consumers. He especially emphasized concerns regarding recidivism, with fines acting as merely a cost of doing business for some players in the marketplace. He believes if states and federal agencies work together and use each other’s authority, they can achieve more. He specifically noted that states have authority concurrent with the CFPB’s, and the ability to achieve a good result is strengthened when they work together earlier in an investigation. Director Chopra also said states can access the CFPB’s victim relief fund in certain cases, another incentive for states to work with the Bureau. Finally, he pointed out the typical benefits of collaborative efforts among states and agencies, namely that they can combine expertise and resources to tackle difficult issues.

Chair Khan discussed the FTC’s renewed approach to looking into its toolkit, as noted above. One of these tools is looking upstream and aiming at the source of issues and facilitators, rather than solely playing “whack-a-mole.” She also stated that the FTC has begun to focus on codifying rules and using rulemaking to obtain civil penalties and deter companies from unfair and deceptive practices, as well as applying notices of penalty offense authority. In addition, Chair Khan noted her desire to future-proof the FTC’s work, noting that with digital marketplaces in the past, the agency took a more hands-off approach to allow for innovation, while in her view innovation may actually require more nimble and intense scrutiny. She also stated that the FTC has been internally increasing its capacity for understanding complicated issues such as automated decision-making to help with their enforcement efforts. Chair Khan noted states are one of the important parts of the toolkit that the FTC is cultivating, and while there was already incentive to work together, the AMG decision underscored how state partnerships help maximize relief for Americans subject to unlawful behavior.

Both agency heads noted that they are increasingly naming individuals and executives as an additional deterrence against recidivism. Chair Khan emphasized codifying new rules in the areas of earnings claims, imposter scams, and reviews will give additional penalty authority for the agency and remediation for consumers. Similarly, Director Chopra shared concerns about “cracking down” on fake review fraud and limiting what he termed abuse of Section 230 by large review platforms claiming protection from enforcement.


Both Chair Khan and Director Chopra expressed concerns about collection and use of data, including in automated decision-making.

Director Chopra noted concerns that the US could follow China in terms of payment systems being dominated by social media platforms, and that data use by the financial system is increasingly important as firms seek to obtain and use transactional data. He further warned that states should watch out for preemption, including in the role of data protection, and pointed out that the CFPB recently released an analysis showing the states are not preempted under the Truth in Lending Act.

Chair Khan, repeating the recidivism concerns, argued that firms are paying data breach fines as a cost of doing business and looks to promote data security practices and map out the whole ecosystem of harms. She expressed concern that behavioral advertising is “vacuuming up” consumer data and that data practices are harder to police, and is looking at the incentives leading to such practices. Chair Khan discussed that the FTC is taking a closer look at COPPA, currently revisiting an existing provision that prevents companies from blocking children’s access to services without providing certain data, if the data is not reasonably necessary. She looks forward to the future beyond notice and consent in privacy enforcement, and is interested in the strong proposals and statutes from a variety of states.

Other Priorities

Director Chopra noted a desire for technology to give consumers more rights to change their banking service and refinance loans, given rising costs and interest rates, including auto loans. He was concerned that “junk” fees are an issue where customers are not able to appreciate their full costs until they may be too late in a given transaction.

A Look Ahead

While many of the priorities are themes that Chair Khan and Director Chopra have expressed throughout 2022, their strong overall message that states should not only adopt those same priorities and work closely with these federal agencies was noteworthy. While there was certainly collaboration throughout the past year, state AGs have historically partnered with those agencies in certain areas and undoubtedly will continue to do so. However, states are more likely to use their state law-based tools (such as unfair and deceptive trade practice or privacy-specific laws) in areas such as privacy enforcement. We will continue to monitor enforcement trends to see if the federal agencies’ push for more collaboration (as well as the passage of the FTC Collaboration Act of 2021) will result in an uptick in joint state/federal enforcement.

Update on Discrimination and Unfairness – The FTC’s Case Against Passport Automotive Group Fri, 21 Oct 2022 10:18:48 -0400 In late September, we blogged about a lawsuit that the Chamber of Commerce and other business groups filed against the CFPB, challenging the CFPB’s update to its Supervision and Examinations Manual. As updated, the manual now states that discrimination is an “unfair” practice under the Dodd-Frank Act, and that the agency plans to scrutinize it “across the board in consumer finance,” “including in situations where fair lending laws may not apply.” We noted in our blogpost that the FTC and the State AGs were also sending signals that they planned to challenge discrimination using their unfairness authority.

Well, the FTC just did. On October 18, it announced a settlement with Passport Automotive Group resolving allegations (among other charges) that Passport engaged in an unfair practice when it imposed higher costs on Black and Latino customers than on similarly situated non-Latino White customers. The vote was 4-1, with Commissioner Phillips dissenting and Commissioner Wilson concurring in part and dissenting in part.

Complaint and Order

The FTC’s complaint alleges that the defendants (nine dealerships and two individuals) advertised cars at specific prices but then added fees (per the press release, “junk fees”) to the purchase price, falsely claiming that the fees were required. It also alleges that, for years, Passport discriminated against Black and Latino consumers, in violation of the Equal Credit Opportunity Act and Section 5, by charging them hundreds of dollars in extra costs and fees.

According to the complaint, Passport was alerted to the problem by a finance company, but failed to take action. Passport also had policies in place that could have detected the issue, but didn’t follow them. Finally, the complaint alleges that the individual defendants (Passport’s president and vice president) both knew about these practices but failed to stop them.

Under the order, the company must establish a fair lending program requiring, among other things, that each dealership either charge no financing markup or charge the same markup to all consumers. The order also prohibits misrepresentations about costs and fees, and requires defendants to obtain consumers’ express consent before adding any charges to the price of their cars. Additionally, defendants must pay $3.38 million in refunds to affected consumers.

The allegations here are compelling on their face, and include (besides unfairness) misrepresentations about prices and charges; evidence of a significant price difference based on race; and violations of the ECOA, under which the FTC has clearly authority to challenge racial discrimination. The defendants also chose to settle the case, rather than fight the allegations in court, where the FTC’s legal theories might have been tested. Given these circumstances, the FTC majority likely viewed this case as an ideal opportunity to allege, as it had promised to do, that the racial discrimination here (the conduct that violated the ECOA) was also unfair under Section 5.

Commissioners’ Statements

Commissioner Phillips, in a dissent released on his last day at the FTC, says that he would have voted for a complaint if it were limited to the deception and ECOA allegations. However, he argues vigorously against the unfairness allegation, stating that it is “gratuitous” (i.e., adds nothing beyond what is already addressed by the ECOA); exceeds the authority of the FTC (especially given the existence of numerous anti-discrimination laws); vague as to context or protected class; and a “gap filler” that usurps the role of Congress in determining public policy.

Using his characteristic flair, he concludes that “[o]ne obvious takeaway from all of this is that Section 5 is not an antidiscrimination statute. No beak, no feathers, no walk, no quack – Section 5 is a terrific consumer protection tool, but it is no duck.” (He also explains why he believes that the FTC’s disparate impact theory is an “odd duck.”) Phillips also agrees with Commissioner Wilson that the individuals should not have been named.

In her statement, Commissioner Wilson agrees with Phillips on the merits but frames her vote as a partial concurrence/partial dissent. Most of Wilson’s statement focuses on individual liability, arguing that there is insufficient evidence to support it.

Chair Khan and Commissioners Slaughter and Bedoya, in a joint statement, explain why they believe the unfairness count and individual liability are justified. They also stress the need for the FTC to use all available tools to protect consumers. Of note, they state that the unfairness allegation is a “straightforward application” of Section 5 (which might seem a bit flippant to some, given the complexities and nuances surrounding both the unfairness test and existing anti-discrimination laws and policies).

Lessons for Companies

The FTC, the CFPB, and some States have made clear that they plan to use one of their broadest legal tools – the prohibition against “unfair practices” – to tackle discrimination across multiple industries, not just in areas already covered by existing fair lending and civil rights laws. Regardless of how one views this legal theory, the agencies are moving forward – and, certainly, discrimination is a harmful practice to be avoided, regardless of the law.

Therefore, if you don’t already have a program in place (i.e., policies and procedures) to help prevent and detect discrimination in your business, you should seriously consider implementing one now. As the FTC’s case makes clear, the program shouldn’t just consist of written policies that you put in a drawer, but should include steps to ensure that the policies are followed – for example, employee training, ongoing monitoring and oversight, consequences for non-compliance, and regular reviews of business records and practices to ensure that discrimination isn’t occurring. While reasonable questions remain as to the scope of “unfair discrimination” (as we’ll call it), companies can certainly take action now to avoid obvious problems, like charging different prices or providing a different level of service based on race, color, religion, or sex. Companies can also look to existing anti-discrimination and civil rights laws for guidance as to the types of practices that may be viewed as discriminatory in analogous contexts.

* * *

We will continue to monitor federal and state developments regarding unfairness and discrimination and provide updates here. In related news, the FTC recently launched a rulemaking to regulate “junk fees” of the sort challenged here, which will be the topic of a later blogpost.

“An Arrow Has Found its Target”: Federal Appeals Court Deems CFPB Funding Method Unconstitutional, Invalidating Payday Lending Rule Thu, 20 Oct 2022 13:36:03 -0400 In a decision with potentially far-reaching implications for the CFPB, a three-judge panel of the U.S. Circuit Court of Appeals for the Fifth Circuit yesterday ruled that the Bureau’s funding structure is unconstitutional. The case involved a longstanding challenge to the Bureau’s 2017 Payday Lending Rule and marks another significant obstacle for the Bureau two years after the Supreme Court’s decision in Seila Law that its leadership structure violated separation of powers principles.

Here, the Fifth Circuit panel unanimously held that, although the Bureau did not exceed its statutory authority in promulgating the Rule, it “lacked the wherewithal to exercise that power via constitutionally appropriated funds.” The panel held that Congress’s decision to cede its power of the purse to the Bureau violates the Appropriations Clause of the Constitution and the clause’s underpinning, the constitutional separation of powers. As such, the court reasoned that while most of “Plaintiffs’ claims miss their mark, . . . one arrow has found its target” and the Payday Lending Rule could not stand given the Bureau’s unconstitutional funding mechanism “deprived [it] of the lawful money necessary to fulfill those responsibilities.”

The CFPB’s funding method was established in the 2010 Dodd-Frank Act. Rather than receiving funding through annual congressional appropriations, the Bureau receives funding directly from the Federal Reserve—eliminating the periodic assessments that accompany congressional appropriations analyses. The Federal Reserve, which itself exists outside the appropriations process, must grant the CFPB’s self-directed funding requests up to a certain cap. Although other federal financial regulators also receive funding from independent sources, the panel held that its structure “goes a significant step further than that enjoyed by other agencies”—pointing to the Bureau’s double-insulation from Congress’s purse strings coupled with its singular director and expansive enforcement authority.

In the near term, the Bureau will continue to be unable to enforce the Payday Lending Rule, but its immediate practical impact on other CFPB efforts is likely to be limited. The agency is likely to seek a stay and petition the full Fifth Circuit for an en banc review, but the decision could lead to an increase in litigation challenging other Bureau actions, whether rulemaking or enforcement, that are supported of course by the same funding mechanism found to be unconstitutional.

The Fifth Circuit’s holding differs from certain other courts that have heard the issue, so the split may ultimately find its way before the Supreme Court. Regardless of ultimate impact and outcome, Wednesday’s decision is another example of recent judicial scrutiny of regulatory authority, which has impacted regulatory and enforcement activities at a number of agencies including the CFPB, FTC, and EPA.

Is Discrimination “Unfair” Under the UDAP Laws? New Lawsuit Challenges CFPB’s Anti-Discrimination Guidelines Fri, 30 Sep 2022 12:00:30 -0400 Most people would generally agree that discriminating on the basis of race, color, religion, disability, or similar factors is a bad thing to do – indeed, that it’s “unfair” within the common meaning of the word. It’s also illegal in various circumstances – e.g., the Equal Credit Opportunity Act prohibits certain forms of discrimination in lending, the Fair Housing Act bans discrimination in housing, and Title VII of the Civil Rights Act prohibits various types of employment discrimination.

But is discrimination “unfair” within the meaning of the federal UDAP laws – i.e., the laws prohibiting “unfair or deceptive” (and sometimes “abusive”) practices? The Consumer Financial Protection Bureau says it is. In March, the CFPB updated its Supervision and Examinations Manual to make clear that discrimination is “unfair” under Dodd Frank, and that the agency plans to scrutinize discrimination “across the board in consumer finance,” “including in situations where fair lending laws may not apply.”

Meanwhile, the FTC is advancing similar views. Over the past year, three of its Commissioners have said in speeches and policy statements that discrimination is “unfair” under the FTC Act. (See here and here.) And in August, the FTC launched an ambitious rulemaking proceeding that would potentially ban “algorithmic discrimination” as an unfair practice.

And not to be forgotten, State Attorneys General are taking a similar position. Recently, for example, California AG Bonta sent letters under its Unfair Competition Law to hospital CEOs requesting information on how healthcare providers are addressing racial and ethnic disparity in commercial decision-making tools.

A new lawsuit from the Chamber of Commerce and other business groups takes aim at the assertion that discrimination is “unfair” (legally, that is). While the lawsuit specifically challenges the process and legal basis for the CFPB’s change to its Manual, it will likely have implications for the FTC and potentially the States too, which follow the same or similar tests for “unfairness.” Here’s more information about the case:

The Parties

Plaintiffs are the Chamber of Commerce, American Bankers Association, Consumer Bankers Association, and four business groups based in Texas (where the complaint was filed). Defendants are the CFPB and Director Rohit Chopra in his official capacity. Plaintiffs say that they “fully support fair enforcement of [the] nondiscrimination laws” passed by Congress, but “cannot stand by while a federal agency exceeds its statutory authority, creates regulatory uncertainty, and imposes costly burdens on the business community.”

The Allegations

The lawsuit presents three legal theories regarding the Manual change, and then adds a challenge to the CFPB’s entire funding structure at the end.

First, the complaint alleges that the CFPB’s change to its Manual exceeds the agency’s statutory authority under Dodd Frank, which authorizes the agency to examine, investigate, and take action against “unfair, deceptive, or abusive” acts or practices. According to the complaint, Congress declined to give the CFPB regulatory authority over discrimination except in specific circumstances (under the fair lending laws), and Dodd Frank consistently treats unfairness and discrimination as distinct concepts. For good measure, the complaint throws in a reference to the Supreme Court’s recent ruling in West Virginia v. EPA, which states that Courts should be skeptical regarding agency efforts to regulate “major questions” (like discrimination) in the absence of clear Congressional intent.

Second, the complaint alleges that the CFPB’s manual change is arbitrary and capricious because it: (1) purports to be based on FTC precedent but doesn’t adhere to FTC statutory constraints (i.e., limits on using unfairness to pursue “public policy goals”); (2) regulates discriminatory “outcomes” (i.e., “disparate impact”) without a clear directive from Congress; and (3) abruptly changes longstanding CFPB policy and processes without considering the impact and burdens on companies – including the burdens created by the examination process itself, by follow-on enforcement actions (with penalties and other remedies), and by the CFPB’s failure to even explain the full scope of the discrimination it will examine. (As to the latter point, the Manual refers repeatedly to “discrimination” and provides examples, but doesn’t flesh out the full scope of the discrimination covered.)

Third, the complaint alleges that the Manual change violates the Administrative Procedures Act because it amounts to a regulatory change without a notice-and-comment process.

Finally (echoing a longstanding talking point in some circles), the complaint states that the CFPB’s entire financial structure violates the Appropriations Clause because the CFPB draws funding from the Federal Reserve without a Congressional appropriation or other checks and balances.

As to relief, the complaint requests (1) a declaration that the Manual change is invalid; (2) injunctive relief stopping all CFPB action related to it; and (3) that the CFPB cease accepting funding in violation of the Appropriations Clause.


Some of the complaint’s arguments seem more compelling than others. For example, as harmful as discrimination is to individuals and society, it seems reasonable for affected companies to question whether it falls within UDAP, when Congress went to the trouble of passing specific anti-discrimination laws with carefully crafted definitions, exceptions, and grants of enforcement authority. It also seems reasonable to ask the CFPB to define the types of discrimination that it plans to examine.

On the other hand, plaintiffs’ theory that any changes to the Manual must follow APA rulemaking is so broadly framed that, if adopted, it would compel the CFPB (and other agencies) to conduct rulemakings before issuing or revising even the most informal types of guidance materials. Further, plaintiffs’ challenge to the CFPB’s funding structure is untethered to the other allegations in the case and lacks the facts and background needed for a legal challenge of this breadth.

Still, this lawsuit shows that the business community is increasingly willing to push back on its regulators, especially as Republican lawmakers are doing the same and as we approach the midterm elections. It’s likely that we will see more challenges of this type in the near future.

In addition, if the lawsuit succeeds even in part, it could limit not only the CFPB’s efforts to police discrimination but also the FTC’s and potentially the States’, which are based on the same or similar legal underpinnings. We will watch this case closely as it proceeds in court.

CFPB Issues Report on the Convergence of Payments and Commerce and its Implication for Consumers Tue, 09 Aug 2022 14:21:52 -0400 On August 4, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued a report entitled, “The Convergence of Payments and Commerce: Implications for Consumers,” in which it examines the challenges and risks to consumers inherent in the rapidly evolving payment ecosystem and emergence of product offerings that blur the traditional lines of banking and commerce.

The report

In the report, the CFPB identifies three new product categories that have the potential to increase consumers’ choices and streamline their experiences by integrating commerce and financial services:

  • Super apps. Apps that provide access to a variety of products and services within a single app, thereby minimizing or eliminating the friction created by having to work with several different providers. The CFPB notes that in the U.S., the super app concept is following the “bank in the app” approach and identifies the PayPal wallet as an example of a U.S. super app “bank in an app.”
  • Buy Now, Pay Later (“BNPL”). An instant loan available at the moment of purchase that allows consumers to split purchases into four equal interest-free installments, with the first installment due at checkout. The CFPB notes that BNPL has emerged as a popular alternative to credit cards, as the application process for the non-interest loans is short and seamless with high approval rates.
  • Embedded commerce. The report describes embedded commerce as the incorporation of a payment capability within any area of a social media feed that enables consumers to shop directly on a social media website or app instead of being directed to a retailer’s website. The CFPB notes that the “frictionless” transactions that embedded commerce promotes is prevalent on e-commerce websites (e.g., Amazon) and in social media feeds.

While these new capabilities have introduced innovation in the financial services and payment space and can be regarded as “value-added conveniences” that benefit the consumers who use them, the CFPB is concerned that these new technologies may introduce new risks to consumers. The two risks highlighted in the report are:

  • Monetization of consumer financial data. The CFPB is concerned that as technology drives closer integration between financial service providers and non-financial companies (e.g., social media and e-commerce companies), companies will have more opportunities to aggregate, monetize, and misuse consumers’ financial data. The CFPB is also concerned that the data handling practices of companies and service providers may be opaque to consumers and their data may be used and shared for purposes they did not intend or understand, which can lead to “feelings of powerlessness” and “digital resignation.”
  • Scale and market power. The CFPB suggests that as the payment ecosystem continues to evolve, it is possible that the emerging business models described in the report (or others) will allow certain companies to quickly gain scale through the engagement of merchants and consumers and aggregate vast amounts of consumer data, which will result in the creation of “a new generation of dominant incumbents.”

The CFPB concludes the report by describing the steps it intends to take as part of a “multifaceted effort to promote fair, transparent, and competitive markets for consumer financial services.” Specifically, the CFPB plans to:

  • Propose rules pursuant to section 1033 of the Dodd-Frank Act in an effort to provide consumers with greater control over their financial data, including their payments and transaction data.
  • Assess new models of lending integrated with payments and e-commerce, such as BNPL.
  • Seek to mitigate the potential consequences of large tech firms moving into the real-time payments space in the U.S. by considering the experiences of other jurisdictions where the shift toward real-time payments has occurred and evaluating ways to protect consumers and reduce fraud losses incurred by consumers and market participants.

Putting the report in context

The report continues the work the CFPB began last year when it issued market monitoring orders pursuant to its statutory authority under the Dodd-Frank Act to six Big Tech companies (ordering them to turn over information about their payments products, plans, and practices) and five of the largest BNPL providers (ordering them to turn over information on the risks and benefits of fast-growing BNPL loans).

Read together with these orders, the report suggests that the changes occurring across the payment ecosystem have drawn the CFPB’s attention. They also signal that under its new director, former FTC Commissioner Rohit Chopra, the CFPB will continue to expand oversight of tech companies as they move into the traditional financial sector and intervene as needed to protect consumers and support its mandate.


Companies operating in the digital commerce ecosystem (and those considering moving into the space) should take steps to ensure that, among other things, their use, aggregation, and monetization of consumers’ financial data is fair and transparent and their products and services create value for consumers, merchants, and the financial system.

* * * *

Find all of our blogs, podcasts, apps, resource centers, and newsletters on our Linktree.

Chopra Confirmed as Next CFPB Director; Departure Leaves FTC Evenly Divided Fri, 01 Oct 2021 08:30:18 -0400 The Senate yesterday confirmed current FTC Commissioner Rohit Chopra as the new Director of the Consumer Financial Protection Bureau (CFPB). The 50-48 vote to confirm was along party lines and followed Vice President Harris’s breaking of a 50-50 tie to invoke cloture and end debate on Chopra’s nomination.

With Chopra’s departure from the FTC to head the CFPB, the Commission will for now have two Democratic and two Republican Commissioners, deadlocking on key contested enforcement and regulatory initiatives. As we have discussed at length in a series of posts, Chair Khan has previewed a number of regulatory and enforcement initiatives – with Republican Commissioners Christine Wilson and Noah Phillips raising questions and often issuing dissents. Commission decisions on Chair Khan’s initiatives could be stalled until President Biden’s nominee for the fifth Commissioner slot, privacy expert Alvaro Bedoya, is confirmed.

During his tenure as a Commissioner at the FTC, Chopra pushed for aggressive enforcement and greater penalties against companies and individuals. He also vocally advocated for creatively using FTC authority to fill a perceived gap caused by the Supreme Court’s decision in AMG Capital Management that the FTC lacked authority under Section 13(b) to obtain equitable monetary relief. Chopra is expected to bring this same enforcement-minded approach to the CFPB. When Chopra testified before the Senate Banking Committee back in March 2021, he outlined his priorities and concerns about a range of different industries. From big tech to fintech, student loans to auto loans, and interest rate regulations to the housing market, Chopra signaled that more aggressive enforcement is likely coming from the CFPB.

Chopra is anticipated to hit the ground running—exploring all the tools at the CFPB’s disposal to closely monitor financial institutions, credit bureaus, debt collectors, and tech companies. Particularly with his history as the CFPB’s student loan ombudsman, and his focus on for-profit colleges, Chopra will also likely take a close look at loan servicers and others in the education industry subject to CFPB enforcement.

Ad Law News and Views

FTC Continues Push for Civil Penalties with Important Implications for Financial Institutions and MLMs Tue, 15 Jun 2021 13:22:21 -0400 The FTC yesterday took two actions that on their face seemed part of the regular course, but that could signal notable changes for financial institutions and multi-level marketing companies. First, the FTC filed an amended complaint against RCG Advances, a merchant cash advance provider, alleging that the company violated the Gramm-Leach-Bliley Act and seeking civil penalties under a novel theory of its statutory authority. Second, the FTC announced that it plans to review the Business Opportunity Rule this year and Commissioner Chopra issued a statement signaling that he will push to expand coverage of the Rule to include MLMs and other direct sellers not currently covered.

Civil Penalties for GLBA Violations

The FTC first sued RCG Advances in June 2020, alleging that the company deceived small businesses by misrepresenting terms of cash advances and then using unfair collection practices to compel them to pay. The initial complaint also alleged that the companies made unauthorized withdrawals from consumers’ accounts and sought a permanent injunction and consumer redress under Section 13(b) of the FTC Act. As we’ve covered extensively in our 13(b) blog, the Supreme Court’s unanimous decision in AMG Capital Management foreclosed the capacity to seek consumer redress, and thus the amended complaint removes that reference while otherwise mirroring the substantive allegations of the initial complaint.

The new complaint also adds a count alleging violations of GLBA for use of fraudulent statements to customers in an attempt to obtain consumer information. GLBA is generally intended to protect consumer financial privacy by limiting when financial institutions can disclose consumers’ nonpublic personal information. In the amended complaint, the FTC cites a seldom cited provision of GLBA that prohibits any person from “obtain[ing] or attempt[ing] to obtain . . . customer information of a financial institution relating to another person . . . by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution.”

The FTC then advances a novel theory to assert that it has the authority to obtain civil penalties under GLBA because it empowers the FTC to enforce it “in the same manner and with the same power and authority as the [FTC] has under the Fair Debt Collection Practices Act [FDCPA].” The Dodd-Frank Act amended the FDCPA in 2010 to provide that violations may be enforced “in the same manner as if the violation had been a violation of a Federal Trade Commission trade regulation rule.” Notably, the GAO as recently as February 2019 issued a report noting that the “FTC does not have civil penalty authority for violations of requirements under the Gramm-Leach-Bliley Act (GLBA).”

The limits of this theory are likely to be tested in litigation, but it’s clear that the FTC continues to make good on its promise to push for creative monetary solutions in the wake of the AMG decision. Yesterday's action follows last week’s new use of the Restore Online Shoppers’ Confidence Act (ROSCA) to obtain civil penalties for alleged misrepresentations unrelated to negative option offers themselves, as we covered here.

Expanding Coverage of the Business Opportunity Rule

Within an hour of announcing the amended complaint against RCG seeking civil penalties, the FTC also signaled that it would seek to expand another civil penalty authority by altering the coverage of the Business Opportunity Rule. Published in 2011, the Business Opportunity Rule requires sellers of “business opportunities” to provide certain earnings disclosure documents in writing and prohibits specified misrepresentations related to earnings potential.

In the rulemaking record, the FTC considered and deliberately excluded MLMs from coverage on the grounds that “the varied and complex structure of MLMs makes it exceedingly difficult to make an accurate earnings disclosure and likely would require different disclosures for different levels of participation in the company.” In yesterday’s announcement, Commissioner Chopra issued a statement signaling that he supports reversing that decision and revising the Rule to cover MLMs and potentially others in what he refers to as the "gig economy," which would in turn open up the FTC's civil penalty authority for income misrepresentations by those entities.

With Chopra likely to depart the Commission soon to head the CFPB, the question is whether other commissioners, including now confirmed Commissioner Lina Khan, will take up the cause.

FTC Nominee Lina Khan Sails through Committee with Bipartisan Support While Chopra Awaits Senate Vote for CFPB Director Wed, 12 May 2021 15:36:04 -0400 The Senate Commerce Committee today voted overwhelmingly to move forward with Lina Khan’s nomination as FTC Commissioner, signaling that Khan is likely to ultimately be confirmed as the youngest Commissioner ever at 32. As we previously discussed here, Khan is primarily known as an antitrust scholar advocating for more exacting scrutiny of big tech companies.

Although Khan is likely to also advocate for more aggressive enforcement in consumer protection matters, a position that sometimes diminishes support amongst Republicans, eight of 12 GOP members of the Senate Commerce Committee voted to move forward with the nomination. With unanimous support amongst Democratic committee members, the broad bipartisan support for Khan could signal that both parties are embracing a tough enforcement stance against big tech.

Meanwhile, current FTC Commissioner and nominee to serve as CFPB Director, Rohit Chopra, awaits his full Senate confirmation vote. Chopra’s nomination as CFPB Director (discussed previously here) was advanced to the full senate by a 12-12 committee vote all the way back in March, along with President Biden’s nominee to serve as SEC Chair, Gary Gensler. Gensler was confirmed on April 14 as SEC Chair by a 53-45 vote.

Senate Democratic leaders may be holding the Chopra vote until Khan is also ready to be confirmed, which would allow Khan to simultaneously step into Chopra’s vacated seat and avoid a scenario where Acting Chair Slaughter serves temporarily as the only Democratic FTC Commissioner (with current Republican Commissioners Christine Wilson and Noah Phillips). Having Khan fill Chopra’s seat would also offer Khan a longer tenure at the Commission because Chopra is a holdover from a term that officially expired in September 2019.

It also remains to be seen whether President Biden will nominate Acting Chair Slaughter to the permanent position, or nominate someone else to the post.

Senators Circling Antitrust Targets, But Not Yet Closing In Fri, 12 Mar 2021 12:19:14 -0500 ["At a hearing<\/a> of the Antitrust Subcommittee of the Senate Judiciary Committee today, Chair Amy Klobuchar (D-MN) emphasized the need for broad antitrust reform. While she rallied bipartisan support to supplement antitrust budgets and encountered little opposition for helping news outlets bargain with social media, prospects for her sweeping

CFPB Rescinds “Abusive” Policy Statement, Signaling Broader and More Aggressive View of “Abusive” Authority Thu, 11 Mar 2021 17:15:22 -0500 In a significant but unsurprising move, the CFPB announced today that it was rescinding a policy statement issued in January 2020 that sought to tether the Bureau’s “abusive” authority to certain limiting principles. The move signals that the Bureau is likely to interpret its authority to prevent “abusive acts and practices” under the Dodd-Frank Act more broadly and use that authority to initiate new enforcement against industry.

As we previously discussed here, the Bureau’s January 2020 policy statement announced three new principles that it planned to apply relative to its abusive authority: (1) consideration of consumer harm and countervailing benefits, principles that parallel the second prong of the “unfairness” standard; (2) avoiding add-on abusive allegations when the facts are similar to unfairness or deception allegations; and (3) avoiding civil penalties or disgorgement when making abusive allegations if the covered entity made a good faith effort to comply with the law.

In announcing the rescission of the policy statement today, the Bureau asserted that the “2020 Policy Statement was inconsistent with the Bureau’s duty to enforce Congress’s standard” and noted that “the CFPB intends to exercise its supervisory and enforcement authority consistent with the full scope of its statutory authority under the Dodd-Frank Act as established by Congress.” As a refresher, in passing the Dodd-Frank Act creating the CFPB, Congress newly conferred the Bureau with authority to prohibit “abusive acts and practices,” a new authority that other consumer protection regulators like the FTC had not held. Under Dodd-Frank, an act or practice is abusive if it:

  • Materially interferes with someone’s ability to understand a product or service;
  • Takes unreasonable advantage of someone’s lack of understanding;
  • Takes unreasonable advantage of someone who cannot protect themselves; or
  • Takes unreasonable advantage of someone who reasonably relies on a company to act in their interests.
The 2020 policy statement responded to criticism from industry that this statutory standard failed to provide sufficient notice to consumers of what is likely to be considered abusive. In its statement today, the Bureau noted that it “intends to consider good faith, company size, and all other factors it typically considers as it uses its prosecutorial discretion,” but that it could not be held to a policy statement that, from the perspective of current leadership, declines to enforce the law as Congress intended.

The Bureau has generally used its abusive authority sparingly. In those few cases where it has specifically alleged abusiveness, it wasn’t clear that the Bureau couldn’t have brought the allegations under either an unfairness or deception theory.

Of course, it remains to be seen how the Bureau will use its abusive authority when nominee Rohit Chopra is confirmed as director, as expected. Chopra’s nomination was sent to the Senate this week after the Senate Banking Committee vote resulted in a 12-12 tie. As we discussed here and here, Chopra is expected to be an enforcement minded director with an eye toward novel and creative interpretations of Bureau authority. The announcement today may foreshadow one of Chopra’s initiatives and usher in a new focus on the Bureau’s “abusive” authority under his leadership.

* * *

Ad Law News and Views Newsletter -

Subscribe to our Ad Law News and Views newsletter to get our most recent advertising and privacy law news and analysis all in one place.