Alston & Bird Consumer Finance Blog

Federal Trade Commission (FTC)

FTC Releases Staff Perspective on Trends in Small Business Financing

By

A&B ABstract

On February 26, 2020, the Federal Trade Commission (“FTC”) Bureau of Consumer Protection released a staff perspective (“Perspective”) on consumer protection issues related to small business financing.  Based on information presented at the FTC’s “Strictly Business” Forum (“Forum”) held in May 2019, the Perspective discusses trends in small business lending, including the emergence of new online options available to businesses, and potential benefits and consumer protection concerns.

Discussion

According to the Perspective, small businesses often face significant challenges to obtain financing, which is typically for relatively small amounts (often $250,000 or less).  The Perspective notes that while many small enterprises can and do obtain loans from traditional lenders, other businesses may not qualify for such loans.  As a result, small businesses have increasingly turned to relatively new online providers offering loans, lines of credit, and other products.

Rise in Online Lending and New Players

Small businesses are increasingly turning to online lenders.  The Perspective cites a survey by several Federal Reserve Banks that found that in 2018, 32% of small businesses reported applying for online financing — up from 24% in 2017 and 19% in 2016.  According to the Perspective,  online financing products have a broad range of features that vary from product to product. While some online lenders offer loans or credit agreements that resemble traditional bank loans or lines of credit that accrue interest and require monthly payments over a set term length, others charge consumers flat fees and may require weekly or daily repayments.  Also, some alternative products do not offer the advantage of early payoff.

The Perspective also notes that many online lenders are new to the market and often base their underwriting on non-traditional sources including financial technologies and alternative data.  Among these new entrants are payment processors and technology platforms, which often leverage the information they already collect from small businesses ( including credit card receipts or sales information) to offer financing products. Additional new entrants include nonprofit “microlenders” that rely on fintech, such as crowd funding, to attempt to offer affordable loans to underserved borrowers.

According to the Perspective, many online providers cater to higher-risk businesses or owners with low credit scores and typically offer them higher-cost products.  One such product,  “merchant cash advances” (“MCA”),  seems especially concerning to the FTC. With an MCA, the provider buys a fixed portion of a business’ future credit card or debit card sales receivables.  In exchange, the business must repay, often on a daily basis, the advanced amount plus a factor of that amount — often between 20% and 50% of the advance.

Potential Benefits and Risks of Online Financing

 The Perspective identified potential benefits and risks of online financing that were discussed at the Forum.  Among the potential benefits are: speed and convenience, broadening access to credit, and flexible financing amounts, terms and repayment options. Forum participants also expressed a number of concerns about how some products are being offered in the evolving marketplace (including the use of aggressive, potentially misleading sales tactics and abusive collection practices).

The Perspective also reflects the concern that inconsistent information and non-uniform disclosures could impede the ability of business owners to make “apples-to-apples” comparisons of their options for financing. According to the Perspective, small business owners often are confused about the central features of financing products, and underestimate the costs of the products.

Takeaways

Because of the possibility of consumer confusion in the small business financing marketplace, providers should keep in mind the FTC Act’s prohibition against deceptive and misleading claims as they are designing and marketing their products.  According to the Perspective, small business owners’ understanding of financial products may be more akin to that of individual consumers in personal credit transactions.   Further, the Perspective warns that providers should avoid the types of practices that the FTC has alleged to be deceptive in enforcement actions involving small business and individual consumer financing.  Such actions have included allegations of deceptive fees, consumer savings, payment amounts and/or interest rates.

High Profile Settlements, Strengthened Data Security Orders, and COPPA: The FTC’s 2019 Privacy and Data Security Update

By

A&B ABstract

Each year the Federal Trade Commission (the “FTC” or “Commission”) publishes a report on its activities with respect to consumer privacy and data security during the prior year.  On February 25, 2020, the Commission released its 2019 Privacy and Data Security Update. The update contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions as well as its activities with respect to its privacy and security-related workshops, consumer education and business guidance, and international engagement.  The update is a useful way to see what the FTC focused on in the prior year and where to expect continued interest. Some highlights from the update are provided below.

 Discussion

In the enforcement space, the FTC update spotlights its two most high-profile settlements to date: Facebook and Equifax.  First, in July 2019 the FTC and the Department of Justice’s announced a joint settlement with Facebook based on allegations that the company’s misrepresentations and consumer privacy failures violated its 2012 order.  The 2019 settlement order imposed a record-setting $5 billion penalty and included a number of provisions designed to change Facebook’s overall approach to privacy.  The settlement is currently pending approval by the United States District Court for the District of Columbia. Also, in July 2019, the FTC announced a settlement with Equifax for alleged data security violations, including Gramm-Leach-Bliley Act violations, that affected 147 million people.  The settlement included a payment of up to $700 million to help consumers affected by the breach and was part of a global resolution with a consumer class action, the Consumer Financial Protection Bureau, and 50 states and territories.

Data Security Orders

The FTC’s enforcement actions over the past year with respect to data security incidents also highlight the Commission’s efforts to strengthen its data security orders, including through increased specificity, increased accountability of third- party assessors, and improved corporate governance on data security issues.  Each category of improvement is reflected in seven data security orders issued by the FTC over the past year against companies in a range of industries: ClixSense (pay-to-click survey company), i-Dressup (online games for kids), DealerBuilt (car dealer software provider), D-Link (Internet-connected routers and cameras), Equifax (credit bureau), Retina-X (monitoring app), and InfoTrax (service provider for multilevel marketers).

COPPA

The FTC’s update also makes clear the FTC’s continued focus on the Children’s Online Privacy Protection Act (“COPPA”) in 2019 and beyond.  In September 2019, the FTC and New York Attorney General settled with Google, and its subsidiary YouTube over allegations it collected personal information, including in the form of persistent identifiers, from viewers of child-directed channels without first notifying parents and getting their consent.  The $170 million judgment is the largest civil penalty under COPPA. In 2019 he FTC also settled charges against Musical.ly, now known as TikTok, for $5.7 million for illegally collecting personal information from children on a child-directed app.  The FTC also announced it was seeking comments on the effectiveness of the 2013 amendments to the COPPA Rule and hosted a workshop in October 2019 to discuss whether additional changes are needed.

Other Concerns

The FTC update describes other areas of focus, including credit reporting and financial privacy, Do Not Call and telemarketing, and international enforcement. You can read the entire update here.

FTC to Settle Charges of Deception with Marketer of Consumer Financial Products

By

A&B ABstract: The Federal Trade Commission (“FTC”) recently announced an administrative complaint and proposed settlement against a marketer of consumer financial products that highlights potential compliance issues with product and service reviews, particularly entities that provide “pay-to-play” rankings and ratings.

Discussion:

On February 3, 2020, the Federal Trade Commission (“FTC” or “Commission”) announced an administrative complaint and proposed settlement against Shop Tutors, Inc., doing business as LendEDU  (the “Company”), and three executives, including the Chief Executive Officer, the Chief Technology Officer, and the Vice President of Product (collectively the “Respondents”).  The complaint and proposed settlement relate to allegations of deceptive content on the Company’s comparison shopping website which markets student loans, personal loans, credit cards, and insurance products.  According to the FTC, the individual Respondents knew about or directly participated in the deceptive conduct alleged.

The FTC’s complaint contains three counts alleging violations of Section 5 of the FTC Act, which prohibits unfair and deceptive acts and practices.  To settle the case, the Respondents must pay $350,000, are prohibited from making deceptive claims about their products or services, and must affirmatively disclose certain material information, among other remedies.  The FTC voted 5-0 in favor of this proposed settlement, with Commissioner Rebecca Kelly Slaughter issuing a concurring statement.  As the FTC brought this case as an administrative complaint rather than through the federal courts, the proposed settlement will be subject to 30 days of public comment before the Commission determines whether to make the proposed order final.  Once entered, the final order will be in effect for 20 years.

The Complaint:

According to the FTC’s complaint, since 2014 lendedu.com has promised “honest” “accurate” and “unbiased” ratings of the companies offering financial products on its website, but instead promoted particular companies by boosting rankings and ratings in exchange for payment.  The FTC further alleges that: (a) positive reviews about lendedu.com and its customer service posted on its own and other third-party review platforms were written by employees of and others with a connection to the Company, and (b) the vast majority of “reviewers” don’t appear to have used lendedu.com.

 Allegations related to “pay to play”:

Lendedu.com’s web pages for financial and insurance products include rate tables, rankings, star ratings and reviews of what it claims were the “best” or “top” companies in the product category.  According to the FTC, the Respondents claimed that the “ratings are completely objective and not influenced by compensation in any way,” and that their “research, news, ratings, and assessments are scrutinized using strict editorial integrity.”  The FTC alleges that contrary to these claims, the Company provided financial service companies with higher numerical rankings or star ratings and higher positions on rate tables in exchange for compensation.

The FTC’s complaint cites to a range of evidence as support for this allegation.  For example:

  • An email from the CEO asked a student loan refinance company to pay $9.50 per click to retake the number one ranking in that product category after it had fallen to number three. The company agreed to pay $8.50 per click for the number one ranking and table placement (and was restored to the number one spot).  In a later email, the VP of Product asked the same company to increase its payment to $16.00 per click, stating “we want to keep your business positioned as the #1 lender on our site, but we need to justify the move from a business perspective.”  That company then agreed to pay $15 per click and kept its number one position.
  • The Respondents’ presentation material to a prospective bank customer included a slide that discussed “Partner Positioning & Ordering,” explaining that “compensation may influence the products we review and write about, the order in which partners appear in our articles, whether products appear on our site, and where they’re placed.”

Additionally, according to the FTC, the Company’s paid placement policies caused some previously highly ranked companies’ ratings to drop when they refused to pay to maintain those positions.  For example, the Respondents ranked one student loan refinance company number two in the rankings and listed it second in the rate table for several months.  When the company refused to pay more to be placed in the second spot, Respondents dropped its ranking to number five or lower.

Allegations related to inadequate disclosures:

The FTC alleges that the Respondents included virtually no information about their relationships with the companies that appear on the lendedu.com website, including that a company’s inclusion or ranking on the site may have been influenced by payment.  According to the complaint, in mid-2016, Respondents added a fine-print disclaimer that the “site may be compensated through third party advertisers,” in the website’s footer.  And in March 2019, after becoming aware of the FTC’s investigation, the Respondents included on a separate webpage a list of companies that “may provide compensation to LendEDU.”  The FTC found these disclosures to be inadequate as neither was clear and conspicuous.

Allegations related to fake reviews:  

The FTC also alleges that reviews and testimonials about LendEDU’s website and customer service that appear on its own site or and on third-party review platforms were written by employees of the Company or were completely made up.  According to the FTC, at the time the FTC announced its complaint, lendedu.com had 126 reviews on a third party review website; of those, 111 (or 90%), were written or made up by Company employees or their family, friends, or other associates. The FTC further alleges that the lendedu.com homepage included “testimonials” from consumers claiming they saved money using the Company’s services, but that the Respondents had fabricated these “testimonials.”

Takeaways  

The FTC continues its focus on deceptive endorsements, reviews and testimonials, regardless of the medium through which they are offered, be it third-party websites, social media, traditional media, such as broadcast or print, or “native” advertising.  Companies should ensure that any reviews of product or services they publicly post or publish reflect the actual experience of the endorser. Further, companies should clearly and conspicuously disclose if there is a “material connection” that is not obvious on its face, such as when the endorser receives payment or product in exchange for the endorsement, or where the endorser has an ownership interest in the product or service he is endorsing.

In addition, review sites and other businesses promoting the products and services of others must be transparent about any compensation or other consideration they receive in exchange for inclusion or placement. In her concurring statement, Commissioner Slaughter underscored this point warning that “companies that engage in pay-to-play rankings and ratings should take heed: this conduct robs consumers of vital information, pollutes our online marketplaces, and violates the law, which will result in serious consequences.”

FTC Announces Settlement with Mortgage Broker for Publishing Personal Information about Consumers

By

A&B ABstract:

On January 7, 2020, the Federal Trade Commission (FTC) announced a complaint and settlement against California mortgage broker Mortgage Solutions FCS, doing business as Mount Diablo Lending, and its owner, Ramon Walker, (collectively, Mortgage Solutions).  The FTC’s complaint (Complaint) alleged that in response to negative Yelp reviews posted by applicants and customers, the company publicly posted sensitive personal information, including financial information, about those individuals gleamed that it gleaned from mortgage applications and credit report.  Specifically, according to the Complaint, that information included sources of income, payment and credit histories, taxes, family relationships and health. The FTC alleged that Mortgage Solutions’ actions violated the Fair Credit Reporting Act (FCRA), the Gramm Leach Bliley Act (GLBA) and Section 5 of the FTC Act. As part of the settlement, Mortgage Solutions will pay a $120,000 civil penalty for violating the FCRA.

Discussion

The Complaint, filed in the U.S. District Court for the Northern District of California by the U.S. Department of Justice on behalf of the FTC, alleges that between June 2015 and August 2016, defendant Walker published or caused to be published responses to negative consumer reviews about Mortgage Solutions’ services that appeared on the consumer review website, Yelp.com, that were publicly viewable on Yelp’s page for Mount Diablo Lending.  The Complaint also alleges that required privacy notices provided to customers were inadequate and were not followed, and that the company’s information security program was inadequate.   A summary of the FTC’s complaint counts follows:

Violations of the FCRA: 

The Complaint alleges that Mortgage Solutions impermissibly used consumer reports in violation of the FCRA.  According to the Complaint, some of the personal information that Mortgage Solutions publicly posted about consumers was information contained in consumer reports it obtained.  The FCRA allows use of consumer reports only for the permissible purposes identified in section 604(a) of the FCRA; however, public dissemination – such as Mortgage Solutions’ posting of consumers’ information on Yelp.com – is not a permissible purpose

Violation of the GLBA Privacy Rule (Regulation P): 

The Complaint alleges that Mortgage Solutions failed to provide a clear, conspicuous and accurate privacy notice and impermissibly disclosed non- public personal information about some of its customers in violation of the GLBA Privacy Rule.  The Privacy Rule requires, among other things, that a financial institution provide annually a clear and conspicuous notice to customers that accurately reflects the financial institution’s privacy policies and practices, including its security policies and practices.

According to the Complaint, from October 2012 until April 2018, Mortgage Solutions disseminated a privacy notice that omitted or misstated significant information. Among other things, the notice indicated that the only personal information collected by Mortgage Solutions is customers’ Social Security numbers and that Mortgage Solutions did not share this personal information with any third party for any reason. In fact, the company collected myriad types of sensitive personal information, including income information, credit histories, and dates of birth.  The Complaint further alleges that Mortgage Solutions’  posting of customer information on Yelp.com caused the privacy notice to be inaccurate, and additionally violated the Privacy Rule

Violation of the GLBA Safeguards Rule:

The Complaint alleges that  Mortgage Solutions failed for a period of time to develop and implement an information security program, and when it did implement a program, it fell short of regulatory standards.  The Safeguard’s Rule requires financial institutions to implement a comprehensive written “information security program” containing reasonable administrative, technical, and physical safeguards. It further requires that financial institutions regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures.

According to the Complaint, Mortgage Solutions did not have an information security program until September 2017 (in spite of being in business since at least 2012), and when it did finally implement a plan, the plan made no provision for regularly testing or assessing its own effectiveness.  Further, according to the complaint, Diablo failed to engage in such regular testing or assessment.

Violation of Section 5 of the FTC Act: 

The Complaint alleges that publicly posting consumers’ personal information was deceptive and unfair under Section 5 of the FTC Act.

Relief:

In addition to paying a $120,000 civil penalty, the terms of the settlement prohibit Mortgage Solutions from misrepresenting its privacy and data security practices; misusing credit reports; and improperly disclosing personal information to third parties. It also must implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years. Finally, the company must designate a senior corporate manager responsible for overseeing the information security program to certify compliance with the order every year.

Takeaways

The FTC is continuing to assert its authority against financial institutions within its jurisdiction, including its general authority to prevent unfair and deceptive acts or practice under the FTC Act, and its authority with respect to the FCRA and GLBA.

In addition, this case represents the FTC’s latest effort to crack down on companies who attempt to restrict or retaliate against consumers negative public reviews on social media and other public websites.  In 2019 the FTC announced five cases alleging violations of the Consumer Review Fairness Act, which bans form contract provisions that restrict a consumer’s ability to post reviews about a seller’s goods, services, or conduct. Those cases challenged illegal “confidentiality” or “non-disparagement” clauses that sometimes threatened consumers with financial penalties for posting reviews.

 

 

Alston & Bird Expands Privacy and Cybersecurity Capabilities with Former FTC Veteran

By

Alston & Bird has expanded its privacy and cybersecurity litigation practice in Washington, D.C. with partner, Kathleen Benway. Benway, a former U.S. Federal Trade Commission (FTC) chief of staff, brings exceptional experience at the FTC, FCC, and in the Senate with consumer protection law and policy, especially in privacy and data security. She arrives from Wilkinson Barker Knauer LLP.

Benway has more than 12 years of service at the FTC, including most recently as chief of staff for the agency’s Bureau of Consumer Protection (BCP). While at the FTC, Benway served as chief of staff to three former directors of the agency’s BCP, where she managed day-to-day operations, represented the bureau in interactions with FTC commissioners, and assisted with congressional relations.

Benway also held a number of other positions at the FTC. In addition to serving as attorney advisor to former FTC Commissioner Julie Brill and counsel to the director of the BCP, she led investigations and litigated enforcement actions as a senior attorney in the bureau’s Privacy and Identity Protection Division and Marketing Practices Division. Additionally, she served two details as counsel to the Senate Committee on Commerce, Science, and Transportation, where she assisted in investigations and advised senators, staff, and other stakeholders on proposed legislation and policy issues within the FTC’s jurisdiction.

Benway also served at the U.S. Federal Communications Commission, where she was assistant chief of the Enforcement Bureau.

The addition of Benway represents the latest expansion of Alston & Bird’s Privacy & Cybersecurity Litigation practice. She follows Wim Nauwelaerts, who joined as partner in the firm’s Brussels office in October, and Amy Mushahwar, who joined as partner in Washington, D.C. in April.

To read the full press release, click here.