Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory announcements, recap key enforcement actions, and preview upcoming deadlines and events. We also include links to our articles, blogs, and webinars with more analysis in these areas. We understand that keeping on top of the rapidly evolving regulatory landscape is more important than ever for businesses seeking to offer new and ground-breaking technologies. Regulatory Announcements President Biden Nominates Alvaro Bedoya to Serve as FTC Commissioner. On September 13, the Biden Administration announced the nomination of Alvaro Bedoya to serve as FTC Commissioner. Bedoya is being nominated to replace FTC Commissioner Rohit Chopra, who has been nominated to serve as CFPB Director, but has not yet been confirmed by the Senate. Bedoya is the founding director of the Center on Privacy & Technology at Georgetown Law, where he is a visiting professor of law. Previously, Bedoya served as the first chief counsel to the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law upon the subcommittee’s creation in 2011. Bedoya’s nomination is subject to Senate confirmation. FTC Announces Agenda for September 15 Open Commission Meeting. On September 8, the FTC announced the agenda for its September 15 Open Commission Meeting, which will take place at 11:00 AM Eastern Time. At the meeting, the agency will consider a proposed policy statement on privacy breaches by health applications and online platforms; an FTC study on non-Hart-Scott-Rodino Act reported acquisitions by certain technology platforms; proposed revisions to the agency’s rules regarding petitions for rulemaking; and a proposed withdrawal of the Vertical Merger Guidelines issued in June 2020 by the FTC and Department of Justice (DOJ), and the FTC’s Commentary on Vertical Merger Enforcement issued in December 2020. After the meeting has concluded, members of the public who have signed up will be able to share comments with the FTC. FTC Approves Modifications to Five FCRA Rules Applicable to Motor Vehicle Dealers. On September 8, the FTC announced that it approved final revisions to rules that implement the Fair Credit Reporting Act (FCRA) to bring them in line with the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Specifically, the FTC approved largely technical changes in line with the FTC’s limited FCRA rulemaking authority under the Dodd-Frank Act, clarifying that these five FCRA rules enforced by the agency apply only to motor vehicle dealers. The changes affect the FTC’s Address Discrepancy Rule, Affiliate Marketing Rule, Furnisher Rule, Pre-Screen Opt-Out Notice Rule, and Risk-Based Pricing Rule. The changes do not affect FCRA regulations issued by the CFPB, which apply more generally. Additionally, the Pre-Screen Opt-Out Notice Rule added the web address where consumers can opt-out of credit offers to the model notices that can be used by automotive dealers. The FTC voted 5-0 to publish the notices in the Federal Register. Texas District Court Upholds CFPB Rule on Payday, Vehicle Title, and High-Cost Installment Loans. On September 7, the CFPB announced that the U.S. District Court for the Western District of Texas upheld the payment provisions of the agency’s Final Rule regarding payday loans, vehicle title loans, and high-cost installment loans. The challenged provision would prohibit certain lenders from continuing to attempt to withdraw payment from borrowers’ accounts after two attempts have failed. Acting CFPB Director Dave Uejio issued a statement praising the ruling, noting that the agency “expects lenders to follow the requirements of the payment provisions, consistent with the court’s order.” CFPB Proposes New Rule on Small Business Data Reporting. On September 1, the CFPB proposed a new rule pursuant to Section 1071 of the Dodd-Frank Act that would require lenders to report certain information about their small business lending practices, including the amount and category of small business credit applied for and granted, demographic information about applicants, and key characteristics about the details of the price offered. The information collection would apply to term loans, lines of credit, credit cards, and merchant cash advances. Among other things, the CFPB seeks comment on how to define a “small business” for the purpose of data collection; how to determine whether the lender is required to submit information; and the appropriate period for rule implementation. Comments on the proposed rule are due 90 days after publication in the Federal Register. Significant Enforcement Actions FTC Sends Cease-and-Desist Letters to 10 Diabetes Treatment Companies. On September 9, the FTC announced that it sent 10 cease-and-desist letters to companies for allegedly advertising unproven treatments or cures for diabetes. The letters urged the companies to stop making the claims within 15 days or face potential action by the agency. The letters were issued jointly with Food and Drug Administration (FDA) warning letters, and were sent to Ar-Rahmah Pharm, LLC; Aceva, LLC; Live Good Inc.; Holistic Healer & Wellness Center, Inc.; Lysulin, Inc.; Metamune Inc.; Nuturna International LLC; Pharmaganics LLC; Phytag Labs; and Radhanite, LLC d/b/a Curalife Ltd. The letters warned of potential violations of both the FTC Act and the Food and Drug Cosmetic Act (FD&C Act). The FD&C Act regulates products intended to cure, treat, mitigate, or prevent disease, even if the advertiser labels them as dietary supplements. CFPB Files Lawsuit Against Lender for Allegedly Violating 2016 Consent Order and Engaging in Deceptive Advertising. On September 8, the CFPB filed a complaint in the U.S. District Court for the Northern District of California alleging that LendUp Loans, LLC (LendUp) violated a 2016 consent order that required the company to pay $1.83 million in consumer redress and a $1.8 million civil penalty for purportedly misleading consumers with false claims about the high cost of loans and the benefits of serial borrowing. The CFPB’s complaint argues that LendUp has continued with the same deceptive marketing in violation of the Consumer Financial Protection Act (CFPA). According to the CFPB, LendUp allegedly promised consumers lower interest rates on future installment loans if the initial loans were paid back. The CFPB, however, alleges that an internal investigation by the agency found that 140,000 repeat borrowers were charged the same or higher interest rates after timely making payments. The CFPB’s complaint seeks an injunction, damages or restitution to consumers, disgorgement of ill-gotten gains, and the imposition of a civil money penalty. CFPB Sues Student Loan Company for Allegedly Misleading Borrowers Regarding Income Share Agreements. On September 7, the CFPB announced that it filed suit and issued a consent order against income share agreement (ISA) provider, Better Future Forward, Inc., for allegedly representing that ISAs are not loans; failing to provide disclosures otherwise required by federal law; and failing to abide by a prohibition on prepayment penalties for private education loans. ISAs are a payment product used in the student lending industry that requires borrowers to make payments in proportion to their income for a set payment of time or until the borrowers hit their payment cap. The CFPB argues that Better Future Forward’s failure to identify ISAs as loans violated the CFPA. The proposed consent order requires Better Future Forward to, among other things, stop stating that its ISAs are not loans or do not create debt for consumers and reform its ISA contracts. FTC Bans Company from Surveillance Industry Over Allegations That Company Shared Device Data. On September 1, the FTC announced that it banned Support King, LLC (doing business as “SpyFone”) and its CEO from engaging in surveillance business activities, following allegations that the company secretly collected data on users’ movements, phone usage, and online activities that was disclosed. The FTC alleged that SpyFone’s monitoring products and services injured device users by enabling purchasers to stalk users surreptitiously. The FTC voted 5-0 to issue the administrative complaint and consent order. The proposed order will be subject to public comment for 30 days after publication in the Federal Register. Upcoming Comment Deadlines and Events Federal Reserve Board, FDIC, and OCC Seek Comment on Third Party Risk Management Principles. Comments are due September 17 on proposed interagency guidance issued by the Board of Governors of the Federal Reserve (the Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC). The proposed interagency guidance is focused on risk management practices for banking organizations to consider when developing risk management strategies for third party relationships. The Board, FDIC, and OCC intend for the proposed interagency guidance to take “into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship.” If adopted, the proposed guidance would replace each agency’s existing guidance and would be directed to all banking organizations regulated by the agencies.