In the first half of 2023, there have already been over 100 enforcement actions taken against financial services organizations from federal, state, and local regulators for a wide variety of violations.
In a recent webinar, we were joined by industry experts Kimberly Monty Holzel and Courtney Hayden from Goodwin as they took a deep dive into recent marketing compliance enforcement actions and shared their advice for getting ahead of regulatory scrutiny.
Below is a recap of the discussion, which included topics like notable enforcement actions and trends in 2023, expectations from federal and state regulators for the rest of the year, and best practices for proactive marketing compliance.
This webinar involves a ton of valuable information, and this recap only scratches the surface. For full insights, catch up on the full webinar on-demand here.
Recent Enforcement Action Trends
Fair Lending in Mortgage and Beyond
We kicked off our discussion with fair lending in the mortgage space, particularly centered around the practice of redlining, which has been a significant focus for regulators in recent years. Particularly, the Department of Justice (DOJ) has been paying extra close attention to the issue, and has launched its “Combating Redlining Initiative” which aims to crack down on illegal redlining activities.
Courtney talked about two similar enforcement actions taken by the DOJ. The first one was against a national bank for redlining by failing to provide mortgage lending services in majority-Black and Hispanic neighborhoods, and concentrating its branches and mortgage lenders solely in majority-white neighborhoods.
The second one was against another bank that failed to serve majority-Black and Hispanic neighborhoods while targeting majority-white areas with its marketing and advertising practices.
The enforcement actions for both of the above banks are similar in nature and require them to invest a significant amount of money into increasing credit access, marketing and advertising efforts, community partnerships, and hiring mortgage loan officers for their branches in these majority-Black and Hispanic neighborhoods.
Kim jumped in and added that in addition to the DOJ, the CFPB has also placed a heightened emphasis on battling redlining—and not just for mortgages. Companies offering any type of credit product should be proactive in their fair lending efforts.
The CFPB and DOJ are not necessarily limiting their redlining enforcement to mortgages. We’re starting to see some inquiries into other financial service products. For example, if you’re a bank that offers a credit card program, it’s still important to make sure that you’re advertising and offering the service throughout your footprint and making sure that your footprint is fair from a redline perspective.Kimberly Monty Holzel, Goodwin
She also emphasized that market saturation does not excuse redlining concerns—regulators expect organizations to adhere to fair lending practices, even in the most competitive markets.
Lastly, Kim reminds us that the Federal Financial Institutions Examination Council (FFIEC) has a long-standing fair lending guidance that organizations can use to help adhere to fair lending regulations and avoid potential compliance issues.
FDIC Insurance Misrepresentation by Fintechs
The discussion moved on to the critical issue of false or misleading representations related to deposit insurance and the Federal Deposit Insurance Corporation (FDIC).
Four companies were found to have made false and misleading statements regarding FDIC deposit insurance in their marketing materials. These misrepresentations included claiming FDIC insurance (when it was not the case), misusing the FDIC name or logo, misrepresenting the extent of deposit insurance, and failing to disclose the insured depository institutions for customer deposits—all of which violate the Federal Deposit Insurance Act, explains Courtney.
The FDIC issued a demand letter to the companies, ordering them to immediately cease and desist from making false or misleading statements. The companies were required to take corrective action to address the inaccuracies.
Kim talked about how these misrepresentations are often unintentional and are due to overlooked requirements, but are still important to be on the lookout for.
Oftentimes, it’s not intentional at all. We see these programs set up in such a way that they just don’t qualify for FDIC insurance because the requirements were not met—and they’re not particularly difficult requirements—but they’re things that get overlooked, and that’s what generates a lot of these actions.Kimberly Monty Holzel, Goodwin
She talks about how this happens often with bank-fintech partnerships, where a fintech wants to offer a financial product and wants to be FDIC insured. This is possible as long as these partnerships are set up correctly (and which we won’t get into specifics of in this particular blog), but mistakes can lead to regulatory issues. If these details aren’t handled properly—like how accounts are structured, for example—customers might lose their FDIC insurance coverage, and misrepresenting insurance status could result in enforcement actions.
Another hot topic that was discussed was dark patterns, which involve design techniques that manipulate users into making choices they might not fully understand. Dark patterns have been a concern for regulators for quite some time, including the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB).
Before discussing enforcement actions, Courtney gave an overview of some specific types of dark patterns that the FTC highlighted in their “Bringing Dark Patterns to Light” report. These include:
- Disguising advertisements in a way that makes them appear as independent editorial content or disguising them as non-promotional content
- Countdown timers to create a sense of urgency and pressure consumers into making an impulsive decision that they might later regret
- Hard-to-cancel subscriptions that frustrate consumers, leading them to give up on canceling and continuing to get charged for that subscription
- Hiding key terms or fees into lengthy customer disclosures where users are less likely to notice them
- Tricking consumers into sharing data through methods that exploit a consumer’s inattention, such as pre-selecting checkboxes that opt users into sharing personal data during the sign-up process
Courtney then discussed a specific FTC complaint filed in June 2023 against a giant e-commerce company for allegedly engaging in deceptive practices related to its subscription program. The company is accused of enrolling consumers into its subscription service without their consent by employing manipulative user-interface designs to deceive customers into signing up for automatically renewing subscriptions. The company was also found to have deliberately complicated the cancellation process for subscribers attempting to end their membership.
While this case isn’t targeted toward a consumer finance organization, it still highlights the regulatory response to dark pattern practices and sets the stage for understanding enforcement actions.
Based on this discussion, Kim shared a few takeaways for avoiding dark pattern compliance concerns, including:
- Ensure that signup screens have clear and noticeable disclosures and require users to actively check a box to confirm their understanding and agreement
- Follow the FTC’s guidelines for clear and conspicuous disclosures and acceptance processes, such as using checkboxes and clear hyperlinks
- Consumers’ acceptance of terms should be affirmative—simply scrolling through terms on a phone is not enough
- Look to California for best practices on subscriptions and cancellations, as they have some of the most strict laws around the topic
Crackdown on Junk Fees
The last enforcement trend discussed was junk fees, specifically the CFPB’s focus on credit card late fees and overdraft/insufficient funds fees.
The Bureau has been cracking down on this topic, and even the slightest bit of ambiguity in terms related to fees has led to expensive class action litigation against banks. They’ve had the most success in situations where a single transaction leads to multiple fees.
For example, if a consumer makes a $100 payment, but only has $75 in their account, they could be charged an overdraft fee. Then, the retailer will try to charge the card again the next day, causing another fee. And if they try a third time, consumers could get hit with another fee, or even be charged more if the bank covers the payment.
In response to this regulatory pressure and increased class action lawsuits, Kim notes that a lot of organizations are decreasing or fully eliminating insufficient funds fees and are only charging for overdraft fees, or are setting limits to the number of fees a consumer can get hit with over a certain period of time.
Courtney then circles back to class action lawsuits, noting that when a federal or state regulator issues a consent order related to a specific issue, plaintiffs’ attorneys tend to take notice and are likely to initiate class action litigation.
Therefore, staying informed about significant consent orders and settlement agreements with federal or state regulators is essential for companies to effectively manage risks associated with potential class action lawsuits.
Kimberly adds to this by mentioning that plaintiffs’ attorneys can also often be the first to alert regulators about an issue they are pursuing. When plaintiffs’ attorneys target specific industries or practices, regulatory bodies (like the CFPB or FDIC) take notice and may take regulatory action against companies under their supervision.
Enforcement Expectations for the Rest of 2023 and 2024
CFPB Enforcement Actions are Down, Consumer Relief is Up
Looking at the data, the number of enforcement actions taken by the CFPB has decreased in recent years, but consumer relief is up. It seems like most were expecting enforcement actions to increase under Director Chopra significantly.
But, the apparent decline in public enforcement actions might not tell the whole story. Courtney explains that while the number of public enforcement actions might have dropped, the focus on non-public supervisory activities has been robust, especially in the last year and a half.
I don’t think the numbers tell the whole story here. From what we’ve seen, there’s a huge number of non-public supervisory activity occurring behind the scenes, including throughout 2022. This non-public supervisory activity is what’s going to generate a greater number of enforcement matters and, subsequently, more public investigations, which will come to light. So, while there might not have been as many public cases, particularly from 2021 to 2022, as we initially anticipated, I’m of the opinion that whether it’s in 2023 or 2024, the non-public activities that we’ve seen over the past year and a half to two years will progressively find their way into the public domain.Courtney Hayden, Goodwin
Looking ahead, Kim highlighted specific areas of focus for the CFPB in its enforcement and supervision efforts. Notably, the Bureau has expressed interest in the fintech sector due to its rapid growth and popularity among consumers. A lot of these fintechs are huge, public companies, some even bigger than traditional banks.
What’s concerning in this sector, says Kim, is that many fintechs will partner with banks by using banks that the CFPB has no jurisdiction over for supervision and very minimal jurisdiction for enforcement.
But, while the CFPB’s oversight is limited when these partnerships involve banks with assets under $10 billion, it still possesses authority over the non-bank fintech entities and their activities, such as advertising practices, if they pose risks to consumers.
The delicate balance between jurisdiction and effective enforcement is a key aspect to monitor in the evolving landscape of consumer financial protection.
The CFPB is often limited with their enforcement toolkit, so they’ll work to expand the tools available to them.
One example of this is an interpretive rule by the CFPB that empowers states to enforce federal consumer financial protection laws, extending their jurisdiction over entities beyond their authority.
Even with this expanded authority, state enforcement has also been down in recent years, but the expectation is that enforcement will increase, says Courtney. Similar to the CFPB, there has been a lot of activity behind the scenes, and that will likely make its way to the public as well.
Kim notes that there’s already been an uptick in activity by the states—not just from the usual states (like New York and California), but from those who are not typically very active with regulatory activity. Informal inquiries are on the rise, which could potentially lead to public enforcement actions.
The most common types of actions happening on the state level are around false advertising, Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) claims, and licensing matters.
This rise in licensing inquiries could likely be attributed to the development of technology in consumer finance, particularly crypto and fintech.
A lot of these products are set up by lawyers like us who are really trying to carefully draw lines around the rules and figure out what the product is subject to and what it is not, and we’re dealing with these old laws that maybe require licensing for one particular thing…We’ve been in this fintech and crypto world for quite a few years now, and I think regulators have finally grown wise to how these are set up, and they’re thinking about ways that they can assert their jurisdiction to protect consumers in their state.Kimberly Monty Holzel, Goodwin
Marketing Compliance Best Practices and Takeaways
We ended our discussion by asking Kim and Courtney for their best practices for ensuring marketing compliance amidst these increasing trends and enforcement actions.
Here’s a rapid-fire list of what they shared:
- Build a robust compliance program that oversees all marketing activities to prevent potential fair lending, UDAAP, and other compliance issues
- Be vigilant about compliance monitoring to quickly discover, identify, and flag any potential violations and remediate them quickly
- Extend compliance monitoring to third parties and partners to ensure accurate representation of your company’s offerings.
- Have clear processes and procedures for reviewing and approving marketing materials to prevent potential oversights and ensure consistent compliance.
- Monitor data and benchmark against others in your industry to assess compliance risk in that area
- Back up claims with documentation and data to support any content on websites and ensure that they’re accurate
- Regularly assess and adjust your compliance program as needed to stay aligned with evolving regulations and market dynamics