Episode 35: Enforcement Expectations and Marketing Compliance Best Practices

This COMPLY Podcast episode is part three of a discussion between Rhonda McGill, PerformLine’s Senior Director of Client Success, and Kimberly Monty Holzel and Courtney Hayden from Goodwin as they take a deep dive into recent marketing compliance enforcement actions and share their advice for getting ahead of regulatory scrutiny.

Listen as they discuss:

• Why public CFPB enforcement actions are down in recent years
• Enforcement action expectations on both the federal and state level for the rest of 2023 + 2024
• Marketing compliance best practices and takeaways

Show Notes:

• 2023 Complaint Risk Signal Report: https://bit.ly/3R31qdZ
• Marketing Compliance Insights from Recent Enforcement Actions: https://bit.ly/3PS4lnW
• Top Marketing Compliance Enforcement Actions 1H 2023: https://bit.ly/3Fl137N
• 5 Signs It’s Time To Invest In A Marketing Compliance Software: https://bit.ly/3MHGKFx
• Connect with Rhonda: https://www.linkedin.com/in/rhonda-mcgill/
• Connect with Kimberly: https://www.linkedin.com/in/kimberly-monty-holzel/
• Connect with Courtney: https://www.linkedin.com/in/haydencourtney/
• Connect with Ashley “AC” Cianci: https://www.linkedin.com/in/ashley-cianci/

Subscribe to COMPLY: The Marketing Compliance Podcast

• Apple Podcast
• Spotify
• Amazon Music
• Google Podcasts

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Ashley:
Hey COMPLY podcast listeners and welcome to this week’s episode. This COMPLY Podcast episode is part 3 of a discussion between Rhonda McGill, PerformLine’s Senior Director of Client Success, and Kimberly Monty Holzel and Courtney Hayden from Goodwin as they take a deep dive into recent marketing compliance enforcement actions and share their advice for getting ahead of regulatory scrutiny. During today’s episode they discuss why public CFPB enforcement actions are down in recent years, enforcement action expectations on both the federal and state level for the rest of 2023 and into 2024 and marketing compliance best practices and takeaways. Thanks for listening and enjoy.

Rhonda:
I’d like to jump into expectations for enforcement for the rest of the year and even moving into 2024, just looking at the data, the number of enforcement actions taken by the CFPB has decreased in recent years because consumer relief is up. It seems like we are expecting enforcement actions to increase under Director Chopra significantly. But what do you make of this? Kim, would you like to start?

Kim:
I was going to hand it over to Courtney, who has all the data.

Rhonda:
You want to go to Courtney? Okay, well, sure. I was trying to be fair.

Courtney:
Thank you, Yeah, no, I was going to say that I don’t think the numbers tell the whole story there, I think. From what we’ve seen, there is a lot, a huge number of non-public supervisory activity amongst these agencies that’s been happening behind the scenes, including in 2022. And it’s that non-public supervisory activity that’s going to yield more enforcement matters and more public investigations enforcement matters that we all become aware of. So, yes, while perhaps there might not be as many public matters, especially between 2021 and 2022 that we all expected I think that, whether it’s in 2023 or 2024, I think the non-public activity that we’ve seen in the past year and a half, two years is really going to kind of make its way to the public sphere.

Rhonda:
I can see that happening. And I’m glad that you’re saying that because there’s this false sense of, there’s not a lot going on over there in the CFPB, when in reality it sounds like there really is.

Courtney:
They are extremely busy and we are extremely busy, yes.

Rhonda:
Well, that’s good to know. Kim, would you like to chime in on that?

Kim:
Yeah, just one thing to add, which is with that background and broad brush, there’s more specific focuses that the CFPB has both for enforcement but also supervision. So one of the things that we’re watching really closely is the CFPB has publicly stated that they have a priority to focus on fintech companies and particularly on Buy Now, Pay Later, earn-way-to-access and similar companies, which is really interesting to us for a couple reasons. On the one hand, it’s kind of expected because some of these companies are huge now, they’re bigger than many of the banks. They’re large public companies. They have a really big portion of the market share. And as many of you may know, the CFPB does take market share into account when it determines its supervision priorities. They really do look for how to get the most bang out of their buck.

Kim:
So it’s unsurprising to see some of these companies wind up on their radar. What troubles me greatly is the fact that a lot of these fintech companies will actually offer their products by using banks that the CFPB has no jurisdiction over for supervision and very minimal jurisdiction for enforcement. So for example, if you’re a fintech company that offers a credit card program or debit card program most of those partnerships are offered by, well not just the partnership, but the actual regulated product is offered by a small community bank under $10 billion. The reason for that is because banks under $10 billion are exempt from some of the interchange fee caps on debit cards, and they can generally be more profitable for these fintech companies to partner with smaller banks. However, the CFPB has no supervisory authority over banks under $10 billion in assets.

Kim:
And they have secondary enforcement authority, very little enforcement authority, over these banks as well, because their primary regulator is maybe the FDIC or the OCC. And so I’m very interested to see how this plays out because on the one hand, you know, sure the CFPB can go after the non-bank fintech company, but if the regulated product isn’t even offered by them they’re going to have to be very careful in carving out which activity they’re actually going to go after or supervise. Because if it’s the activity of the bank, which they have no jurisdiction over, that’s going to be a really tough road for them. That being said, there are plenty of activities that the CFPB could regulate for the non-bank fintech company. You know, advertising, as we’ve been talking about is a big one, they can just use their UDAAP authority to say that the non-bank company advertises the program and made false or misleading statements about it. That’s a very easy way for them to go. But I think it will be interesting to see if anyone pushes back on this because at the end of the day, the product is offered by someone that they have no jurisdiction over.

Rhonda:
Wow, that’s very interesting. So outside of the CFPB, what else are you seeing? What’s happening at the state level?

Courtney:
Yeah, I’m happy to jump in there on that, on that point too. So one thing that kind of tethering or tying the CFPB discussion to what’s happening at the state level. So as you may know the CFPB doesn’t have as many tools in its tool belt necessarily as other regulators. And so it tries to at times expand the tools available to it. And with respect to the states while state enforcement activity has actually been down over recent years, we expect that activity to start to increase because the CFPB had issued an interpretive rule that reinforced state’s authority to actually enforce federal consumer financial protection laws in particular. So now state regulators are armed with enforcing the Consumer Financial Protection Act, for example, and it’s implementing regulations. And this interpretive ruling also permitted the states to bring and assert CFPA claims against entities that even the CFPB could not assert claims against given its limited authority. And so in part because of that, we do expect, and we have seen there to be an uptick in state regulator activity. There’s a lot of state regulator activity behind the scenes with confidential investigations going on. And we expect that to absolutely continue and eventually make its way to the public sphere as well.

Rhonda:
Wow, very informative. Anything else we wanna add before we move forward?

Kim:
Yeah, I think on the state level, we’re seeing a lot of informal inquiries as well, which may be turn into public enforcement, but sometimes these inquiries will land on my desk on the business law side and compliance side first before they turn into public enforcement. And we are seeing an uptick in that and we’re seeing an uptick in it from states that are not usually considered the usual suspects. The most common types of actions we see are either false advertising, UDAAP-type claims, but also licensing. And I think what the states are trying to do here is they’re seeing the development of technology into crypto, fintech. And a lot of these products are set up by lawyers like us who are really trying to carefully draw lines around the rules and figure out what is the product subject to and what is it not?

Kim:
And we’re dealing with these old laws that maybe require licensing for one particular thing. A good example is these loan broker laws and do they apply to somebody who markets a credit card program that’s actually offered by a bank? You know, if you build the app, you take the application, you help the consumers get the loan there’s enough there for some of these states to come after these fintech partnerships and say, well, the fintech partner should have been licensed as a loan broker. Or maybe they’re involved in servicing and collections, that’s another way. And so what we’re seeing is the states have enough information at this point about where the state of the industry is. We’ve been in this fintech and crypto world for quite a few years now, and I think they’ve finally grown wise to how these are set up and they’re thinking about ways that they can assert their jurisdiction to protect consumers in their state. And so we’re seeing a lot of licensing inquiries and we’re seeing a lot of advertising inquiries just from a general UDAAP perspective.

Rhonda:
Absolutely. So from the marketing compliance perspective based on all the things that we were discussing today, what are some of the best practices and strategies that you would offer to those that are listening in? Things that they can do right now to get their compliance programs in order?

Courtney:
Yeah, happy to mention a couple and then kick it to you, Kim, if that works. I would say, you know, going back to some of the initial enforcement actions that we were talking here with respect to potential discrimination claims and making sure that you have not only robust compliance programs, but those that oversee marketing endeavors of the company to ensure that your marketing in assuming it’s applies to your company in both minority and majority neighborhoods, communities, et cetera. Make sure that you’re monitoring for that. And then I think data monitoring is always helpful to do. Most compliance programs have some sort of data monitoring compliance aspect, but I would say being aware to the extent feasible of what peer companies are doing as well with respect to their advertising always helps to. It’s not considered a best practice to say, well, just because, you know, my peer’s not doing something means I don’t need to do something. That’s not an argument that ever bodes well with regulators or courts. But at least knowing whether you’re in the market average is helpful to assessing compliance risk in that area.

Rhonda:
Absolutely.

Kim:
I think from the beginning of all this, I was an examiner at the CFPB from the early days and I remember on my first exam I didn’t know anything but we zeroed in on the process by which the bank was conducting its marketing reviews and we noticed holes in who was reviewing what. And maybe there was a circumstance where something was initially approved by someone in compliance, but then maybe it was changed and not run back through the process. The other thing too is understanding the scope of the items that need to be reviewed. We have seen companies get in some hot water with regulators, not necessarily from the usual marketing or the website, which underwent perfect compliance review, but then someone wrote a blog post and made some statement that wasn’t necessarily untrue, but it was written in an imprecise manner, because it was a blog post, it was supposed to be informal. And that has generated attention from regulators. 

Kim:
So I think it’s really important to look at your process and make sure that there’s a clear process for who approves what and when. And that there is an approval at the last step out the door, including for anything that comes back for any sort of edits understanding the scope of your procedure. And then also I think in the world of vendors and, and partners and these fintech partnerships, there’s a lot of fighting around how to divide that responsibility between the bank and the fintech partner. So I think at the end of the day, whoever’s actually offering the product under their charter or their license is the one that needs to be responsible for all that.

Kim:
And what that means for their partner who might be directing the marketing activities is that they need to run things through the bank or through the licensed company that’s offering it. And I know that is the bane of their existence sometimes, especially for some of these smaller nimble startups who wanna go a million miles a minute. But it’s a really important process because something so small on their website could really generate a lot of problems. And so again, going back to process and making sure we understand the scope of the materials, the scope of the people that have to come to who for approval and just generally having that plan in place.

Courtney:
And it all,

Rhonda:
Oh, go ahead. I was going to just, I was just going to chime in too, but go for it.

Courtney:
Oh, I didn’t mean to interrupt. Go ahead.

Rhonda:
No, no, no. I was just, one of the things that kind of sits with me just from the past I had in the marketing compliance space was the importance of the ongoing monitoring and just being on top of it. It’s not just approved and done, that there has to be a process in place for that ongoing monitoring because you don’t know what could change up on a website. You don’t know what could change up on social or anywhere. So just being vigilant about staying on top of the ongoing monitoring and documenting any changes.

Courtney:
And maintenance. So if there’s ever an unfair advertising claim of sorts, then, and if it makes it to the court system, there’s a lawsuit, regulators absolutely will demand the data or documents supporting advertising statements, including those made on your own website or your vendor’s websites. And so making sure that you have data or documents supporting current statements that are on websites, ensuring and monitoring your vendors or any sort of third party affiliates’ websites, statements, marketing brochures that perhaps advertise your company as well to ensure that those statements are accurate. That’s something that needs to be done as well.

Rhonda:
Totally agree. Totally agree. So as we are coming up to the top of the hour, I just wanted to thank you both, but before we leave, I wanted to give you at least an opportunity if you had any additional last minute thoughts, any additional nuggets that you would like to share that you maybe didn’t get a chance to get out there. But I feel like we had such a great discussion here, so much good stuff. But I definitely would like for you to feel free to have closing thoughts.

Courtney:
Yeah, first of all, thank you for having us really appreciate the opportunity to engage in this discussion. I think our main takeaway is ensuring that there’s a robust compliance system and completely understand also that with respect to startup companies as Kim mentioned, kind of move a mile a minute, but having a designated employee who’s at least starting to monitor that stuff is really helpful especially in the new company space.

Rhonda:
Appreciate that.

Kim:
Yeah, absolutely. And then just to move back to the monitoring piece, I think making sure that there’s monitoring not just on the website and marketing, but monitoring that the procedures and processes that you have in place are being followed. Because as Courtney said, the regulators will come back for proof of compliance. And even if you follow the law, there’s a concept of a policy violation where if you’re not following your policies, even if your policy went above and beyond that is an important thing that regulators look at as well. So overall having a process that makes sense and is realistic for your organization is really important.

Rhonda:
Totally agree, and thank you so much for those closing thoughts.

Ashley:
Thanks for listening to this episode of the COMPLY Podcast!  If you want to read more about the enforcement actions from the first half of 2023 and the marketing compliance insights from them I will drop two resources for you on these exact topics in today’s show notes.  And if you think it might be time to invest in a marketing compliance software that will help automate discovery of non-compliant messaging from your brand, but aren’t exactly sure if the timing is right,  I’ll drop another piece for you titled 5 Signs It’s Time to Invest In a Marketing Compliance Software in the show notes as well. As always for the latest content on all things marketing compliance you can head to content.performline.com. And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!