On April 22, the Supreme Court unanimously ruled in AMG Capital Management v. Federal Trade Commission that § 13(b) of the Federal Trade Commission (“FTC”) Act does not authorize the FTC to obtain equitable monetary relief, such as restitution for consumer harm.  This development will make it more complicated for the FTC to obtain consumer redress.  While the FTC will still be able to seek consumer redress through other legal avenues, especially § 19 of the FTC Act, these avenues generally impose additional legal requirements beyond what § 13(b) required.  This decision may prompt Congress to consider amending the FTC Act to increase the availability of consumer redress.  It may also encourage the CFPB to be more assertive in areas where the agencies share jurisdiction.

Continue Reading Supreme Court Ruling Complicates FTC’s Ability to Obtain Consumer Redress

On December 10, the Federal Trade Commission (“FTC”) and Consumer Financial Protection Bureau (“CFPB”) held a joint workshop on accuracy in consumer reporting. The workshop included remarks from FTC Commissioner Noah Joshua Phillips, CFPB Assistant Director for Supervision Policy Peggy Twohig, CFPB Deputy Director Brian Johnson, and FTC Deputy Director for the Bureau of Economics Andrew Stivers. The workshop included four panels:

  • Panel 1: Furnisher Practices and Compliance with Accuracy Requirements
  • Panel 2: Current Accuracy Topics for Traditional Credit Reporting
  • Panel 3: Accuracy Considerations for Background Screening
  • Panel 4: Navigating the Dispute Process

Panelists included a range of stakeholders in the consumer reporting ecosystem, including representatives from consumer reporting agencies (“CRAs”), trade associations, furnishers, and consumer advocacy organizations.

In her closing remarks, Maneesha Mithal, Associate Director in the FTC’s Division of Privacy & Identity Protection, discussed three key takeaways and themes from the workshop:

  • (1) Alternative Data: Mithal noted that the issue of alternative data came up on almost every panel, and that there appeared to be a consensus that using some types of alternative data may benefit consumers and the industry. Mithal noted that a number of panelists expressed caution about using “fringe data,” including social media data.In a panel discussion, Michael Turner, founder and President of the Policy and Economic Research Council (“PERC”), drew a distinction between “proven payment data,” including payments for utilities, media, and rent, and unproven “fringe data” or “unstructured data,” including information from social media. Turner, along with a number of other panelists, believed that reporting proven payment data would be beneficial for consumers. Francis Creighton, President and CEO of the Consumer Data Industry Association (“CDIA”), noted that consumers are currently experiencing the “downside” impacts of the reporting of negative information about the non-payment or late payment of obligations for utilities, media, and rental housing, but are not receiving the “upside” benefits of reporting on the positive payment histories on those recurring obligations. Consumer advocates, such as Ed Mierzwinski of U.S. Public Interest Research Group (“PIRG”), expressed skepticism regarding the use of certain alternative data, such as utility payment data, and the ability of the industry to ensure the accuracy of such data.
  • (2) Role of Technology: Mithal also noted that there was some consensus that technology, including Artificial Intelligence (“AI”) and pattern recognition, may improve the quality and accuracy of consumer report information. Mithal stated that there appeared to be less consensus regarding the use of technology in data matching, with some panelists expressing the view that manual review is still necessary to ensure maximum possible accuracy. Mithal also noted that some panelists expressed the view that the CFPB should exercise its supervisory authority to examine CRAs and furnishers’ use of technology in consumer reporting.
    • In general, industry panelists spoke favorably about the prospects for AI and other technologies. For example, Eric Ellman, Senior Vice President, Public Policy and Legal Affairs at CDIA, discussed the use of technology in dispute intake, including filtering credit repair disputes from legitimate consumer disputes. Chi Chi Wu of the National Consumer Law Center expressed skepticism about relying on AI and other technologies for data matching and dispute investigations.
  • (3) Accuracy: Mithal concluded by discussing the accuracy of consumer reporting more generally, and stated that some panelists believe that the regulators should issue specific guidance in this area. Mithal also noted that panelists discussed both the importance of data accuracy with respect to consumer reports and furnished data, including ways in which CRAs may oversee furnishers.
    • In general, industry panelists pointed to substantial improvements made in recent years with regard to the accuracy of consumer reports, with repeated emphasis on improvements brought about by the National Consumer Assistance Plan (“NCAP”), an outgrowth of a multi-state attorney general settlement with the three nationwide CRAs in May 2015. Turner discussed improvements between the early and more recent studies of data accuracy. Consumer advocates stressed continuing problems with data accuracy, including the reappearance of derogatory information on consumer reports.


Continue Reading FTC and CFPB Host Workshop on Accuracy in Consumer Reporting

On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”).  Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect customer data.

In addition, the FTC is proposing to expand the definition of “financial institution” under the Safeguards Rule and the Privacy Rule to include “finders.”  Finally, the FTC is proposing to amend the Privacy Rule to make technical and conforming changes resulting from legislative amendments to GLBA in the Dodd-Frank Act and FAST Act of 2015.

Proposed Revisions to the Safeguards Rule’s Information Security Program Requirements

The Safeguards Rule establishes requirements for the information security programs of all financial institutions subject to FTC jurisdiction.  The Rule, which first went into effect in 2003, requires financial institutions to develop, implement, and maintain a comprehensive information security program.  As currently drafted, the Safeguards Rule has few prescriptive requirements, but instead generally directs financial institutions to take reasonable steps to protect customer information.

The FTC’s proposed revisions would add substantially more detail to these requirements.  Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, explained that the purpose of the proposed changes is “to better protect consumers and provide more certainty for business.”  The new requirements are primarily based on the cybersecurity regulations issued by New York Department of Financial Services (“NYSDFS”), and the insurance data security model law issued by the National Association of Insurance Commissioners.

Some of the specific proposed changes include:


Continue Reading FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule

On March 26, 2018, the staff of the Federal Trade Commission’s Bureau of Consumer Protection (“BCP”) filed a comment in response to the Consumer Financial Protection Bureau’s Request for Information on the procedures for issuing Civil Investigative Demands.

In large part, the comment summarizes the BCP’s experience with its own CID program and highlights the BCP’s recent reform efforts. However, the FTC staff comment also provides recommendations to the CFPB, several of which are summarized here:

  • The comment notes that the CFPB Director, Assistant Director, and Deputy Assistant Directors of the Office of Enforcement all have the authority to issue CIDs, whereas this authority at the FTC is limited by statute to the FTC Commissioners themselves, who review and often modify CIDs or even decline to issue them. FTC staff suggest that review by a “very senior official” is appropriate because of the seriousness of a CID and that the CFPB may wish to consider revising its delegation of authority accordingly. Moreover, the comment emphasizes that agency-head approval “ensures that there will be an independent assessment of the costs and benefits of the CID by someone who is not conducting the investigation.”
  • FTC staff also recommend applying an oversight approach to opening and closing investigations that is more consistent with the FTC’s. The heads of both agencies delegate the authority to initiate investigations. At the FTC this delegation includes delegation to managers in the BCP, led by the BCP Director. The comment notes that the BCP Director meets “regularly” with the Commissioners to maintain a close understanding of their enforcement priorities and objectives. In turn, the BCP Director must ensure that the other BCP managers make decisions about opening, furthering, or closing investigations consistent with those priorities and objectives.
  • The comment suggests that the CFPB use its response to the RFI to publicly “ratify” the agency’s recently adopted policy that CIDs include a more specific description of the relevant investigation and how the requested information is connected to that investigation. The comment notes that the CFPB’s new policy brings it in line with FTC practice.
  • FTC staff also suggest that the CFPB pair its meet-and-confer requirement with delegated authority to enforcement staff allowing the staff to modify the time and manner of complying with a CID, contingent on a CID recipient demonstrating progress toward compliance with the information demands.
  • The BCP staff also recommend that the CFPB shorten and simplify the production requirements for electronically stored information. The comment notes that the BCP’s guidelines are “significantly shorter and less complex.”


Continue Reading FTC Files Comments with CFPB on CID Processes

This week, the House Financial Services Committee (the “Committee”) approved by a vote of 35-25 a bill introduced last month by Rep. Alex Mooney (R-WV) that would exclude from the definition of “debt collector” under the Fair Debt Collection Practices Act (“FDCPA”) law firms or licensed attorneys engaged in litigation activities to collect a debt,

Yesterday, the Consumer Financial Protection Bureau (“CFPB”) and Federal Trade Commission (“FTC”) issued a joint annual report to Congress on their activities in 2017 to combat illegal debt collection practices under the Fair Debt Collection Practices Act (“FDCPA”), for which the agencies share responsibilities.
The report suggests that, even amidst other changes at the CFPB, debt collection activities remain an area of focus, particularly on the enforcement side. The report also highlights coordination between the FTC and CFPB at least on this issue. It remains to be seen how this coordination plays out practically in future investigations and how the CFPB handles similar overlapping authorities with other regulators.


Continue Reading Regulators Issue Report on Activities to Combat Illegal Debt Collection Practices

In its decision in Kokesh v. SEC, issued on Monday, June 5, 2017, the Supreme Court unanimously ruled that “disgorgement” of ill-gotten gains by the Securities and Exchange Commission (“SEC”) is a “penalty” within the meaning of 28 U.S.C. § 2462.  As a result, disgorgement is unavailable to the SEC in judicial proceedings involving conduct that took  place more than five years before the filing of the government’s complaint.  As explained below, because Section 2462 is a statute of general application (i.e., not specific to the SEC), the Court’s ruling could have implications for judicial civil penalty proceedings brought by the Consumer Financial Protection Bureau (“CFPB”), the Federal Trade Commission (“FTC”), the Commodity Futures Trading Commission (“CFTC”), and other financial and consumer regulators.

Continue Reading Kokesh v. SEC and Implications for Consumer and Financial Regulatory Agencies

On February 6, the FTC, along with the State of New Jersey, announced a settlement with TV-maker VIZIO related to VIZIO’s alleged data collection practices on millions of its ‘smart,’ network-connected TVs. According to the complaint, VIZIO collected information on consumers which it then shared with third parties, without sufficiently disclosing the data collection

On September 29, 2016, the FTC obtained a preliminary injunction against three companies and their principals for allegedly impersonating government transportation authorities (such as the U.S. Department of Transportation) to obtain payments for federal and state motor carrier registrations and required reports from commercial truckers and trucking companies.  The complaint in FTC v. DOTAuthority.com, Inc.

On September 30, 2016, a federal district court in Nevada granted summary judgment to the Federal Trade Commission (“FTC”) against the remaining defendants in the FTC’s lawsuit against payday lender AMG Services Inc. and various related individuals and entities.  The court ruled against race car driver Scott Tucker, whom it found individually liable as a controlling person of AMG and other corporate defendants, and against the corporate defendants themselves.  The court imposed a $1.3 billion judgment on the defendants, the largest litigated judgment ever obtained by the FTC.  The court’s order also bans Tucker and his companies from any aspect of consumer lending, and prohibits them from conditioning the extension of credit on preauthorized electronic fund transfers, misrepresenting material facts about any good or service, and engaging in illegal debt collection practices.
Continue Reading Court Imposes $1.3 Billion Judgment on Payday Lender