This survey year offered developments too numerous to cover, as often is the case. We debated which developments to include and decided to showcase different types of products and services, different providers, and different regulators.
Part II views issues related to stimulus payments arising from the COVID-19 pandemic. Part III reports on litigation over whether retailers must offer gift cards printed in Braille. Part IV looks at recent actions of the Federal Trade Commission (“FTC”) related to payment processors and others. Part V describes amendments to the “remittance” regulation promulgated by the Consumer Financial Protection Bureau (“CFPB”). Part VI focuses on regulatory responses and enforcement actions aimed at cryptocurrencies and their providers. Part VII provides some conclusions and thoughts on what the coming year may bring.
In response to the COVID-19 pandemic, the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act was enacted on March 27, 2020, to provide, among a large number of relief programs, direct economic stimulus payments to millions of Americans.1 The Act directed the Secretary of the Treasury to make the payments “as rapidly as possible,” but in no case later than December 31, 2020,2 and included several provisions modifying the rules under which the U.S. Department of the Treasury normally makes payments. First, the Act authorizes Treasury to make the stimulus payments electronically to any account to which the payee had authorized delivery of a federal tax refund on or after January 1, 2018.3 This allows Treasury to use account information supplied in 2018 or 2019, rather than having to collect payment data from recipients. For individuals who did not file a tax return in the prior two years, the Act allows Treasury to make the stimulus payment using account information collected for Social Security and Railroad Retirement payments.4 Finally, the Act authorizes disbursing officials to modify payment information provided by the certifying official if the change “facilitate[es] the accurate and efficient delivery of [the] payment.”5 This authorization allows disbursing officials to modify the payment information they received—a practice normally forbidden—to update it with newer payment information from the Internal Revenue Service, Social Security Administration, or Railroad Retirement Board.
In part because of these special provisions, Treasury was able to begin delivering stimulus payments, dubbed Economic Impact Payments (“EIPs”), within three weeks of enactment of the CARES Act.6 Treasury provided an online application that taxpayers may use to track their EIPs and update their electronic payment information.7 In May, Treasury announced that approximately four million EIPs would be distributed by prepaid debit cards mailed to recipients.8 Overall, in just two months, Treasury distributed 159 million EIPs worth more than $267 billion.9 Of those payments, 120 million were made by direct deposit, 35 million by paper check, and 4 million by prepaid debit card.10
In support of governmental efforts to help individuals harmed by COVID-19, the CFPB issued an interpretive rule that concluded that, under certain conditions, pandemic relief payments from state or federal entities were not “government benefits” for purposes of the Electronic Fund Transfer Act (“EFTA”) and its implementing rules, Regulation E,11 and thus were not subject to the prohibition on compulsory use found in EFTA.12 To be exempt from EFTA, the relief payments must be made to consumers in response to COVID-19, not be a part of an already established government benefit program, be made on a one-time or limited basis, and be distributed without a general requirement that consumers apply to an agency in order to receive the funds.13
Nothing in the CARES Act protects EIP funds from garnishment or attachment to cover debts owed to third parties. As a result, banks and other creditors have seized some of the EIP funds from recipients’ bank accounts.14 In response to these actions, the Indiana Supreme Court used its emergency rulemaking authority to issue an order prohibiting state courts from issuing new orders placing a hold on or attaching funds derived from stimulus payments, except to pay child support.15 In a number of other states, governors issued executive orders under their emergency pandemic powers to prohibit garnishments and certain other debt collection practices.16 We anticipate additional regulatory activity to protect stimulus payments from garnishment and attachment.
Starting in October 2019, several hundred nearly identical lawsuits were filed in federal court in New York against retailers, claiming that their failure to issue gift cards in Braille was a violation of Title III of the Americans with Disabilities Act (“ADA”).17 In the first of these cases to reach decision, Dominguez v. Banana Republic, LLC, Judge Gregory H. Woods of the U.S. District Court for the Southern District of New York granted the defendant’s motion to dismiss.18 Judge Woods found that the plaintiff lacked standing to bring suit because he failed to plead the requisite “intent to return” to the retailer necessary to establish an injury-in-fact.19 The court also held that a gift card is a “good” and, under the ADA, a retailer has no obligation to stock specialty goods; therefore, a retailer has no obligation to provide Braille-embossed or otherwise accessible gift cards.20 The court also concluded that the reach of Title III of the ADA was limited to a “place of public accommodation” and a gift card is not a place of public accommodation.21 Finally, the court held that, by not providing Braille-embossed gift cards, the retailer did not deny plaintiff an auxiliary aid or service in violation of the ADA.22 For these reasons, the court dismissed the case.
Subsequent to his Banana Republic decision, Judge Woods dismissed a number of nearly identical lawsuits filed against other retailers.23 Other judges in the Southern District of New York—including Judge Lorna G. Schofield,24 Judge Ronnie Abrams,25 and Judge Mary Kay Vyskocil26—have adopted Judge Wood’s reasoning and dismissed nearly identical Braille gift card cases. Numerous additional cases are still active in the Southern District of New York and other courts. Plaintiffs in several of these matters have filed appeals, so lawyers for retailers and gift card providers should continue to monitor these cases for developments.
The FTC and the Ohio Attorney General settled claims with payment processors Madera Merchant Services and B&P Enterprises for violations of the FTC Act, the Telemarketing Sales Rule, and the Ohio Consumer Sales Practices Act.27 The claims arose from what the FTC described as the companies’ and their owners’ role in helping unscrupulous merchants scam consumers out of millions of dollars.28
For more than a decade, the defendants operated a payment processing scheme that used remotely created checks (“RCCs”) to withdraw money from consumer accounts on behalf of third-party merchants. An RCC is “a check that is not created by the paying bank and that does not bear a signature applied, or purported to be applied, by the person on whose account the check is drawn.”29 RCCs are created using the consumer’s bank account information and can be printed and manually deposited or processed electronically. Because checks are generally subject to less oversight and consumer protections than payments made via the credit- and debit-card networks or the Automated Clearing House network, they are a preferred payment method for unscrupulous merchants. While it is legal to create RCCs for many types of transactions, doing so for goods or services sold through telemarketing is illegal.30
The plaintiffs alleged that the defendants processed consumer payments for merchants while knowing, or consciously avoiding knowing, that some of their largest merchants were scamming consumers and were selling their services via telemarketing.31 The defendants kept the scheme afloat by engaging in a Whac-A-Mole enterprise of opening account after account with dozens of financial institutions.32 When financial institutions eventually closed the defendants’ accounts after discovering suspicious activity, the defendants would apply for new accounts, concealing or misrepresenting the nature of their business.33
Ultimately, the defendants stipulated to an order permanently enjoining them from engaging in the business of payment processing and subjecting them to a monetary judgment of $8.646 million, the majority of which was suspended due to an inability to pay.34
During the past year, the FTC has pursued several other actions against payment processors that serve as intermediaries to bad actors.35 Although those defendants likely knew their clients’ intentions, this is a good reminder for payment intermediaries to have robust compliance programs, lest they end up on the wrong end of an angry regulator.
The FTC settled claims against LendEDU and three of its officers for deceptive business practices related to a website they operated.36 The respondents promoted the LendEDU website as an unbiased resource for consumers in search of loans and insurance. The website published rate tables, rankings, star ratings, and reviews of lenders and insurers, claiming that the rankings and ratings were “unbiased” and uninfluenced by compensation paid by the companies under review.37
According to the FTC, and contrary to the company’s representations, LendEDU was really operating a pay-to-play site where lenders and insurers could climb the rankings and increase their star ratings by paying LendEDU more money.38 The FTC also claimed that the company posted fake consumer reviews of its own service on a third-party consumer review website to bolster its reputation: a Russian nesting doll of deception. The FTC determined that about 90 percent of the reviews were written by LendEDU employees, agents, and even its outside counsel.39
LendEDU agreed to a monetary payment of $350,000 and certain conduct provisions, including a prohibition on making future misrepresentations and a requirement to clearly and conspicuously disclose material connections in close proximity to a representation, the absence of which would render the representation deceptive.40
The LendEDU settlement provides a valuable reminder for companies that claim to provide neutral ratings to do just that. Interestingly, we have not seen enforcement actions by any of the financial regulators against any of the lenders or insurers that were participating in LendEDU’s pay-to-play scheme. The FTC’s legal theory against LendEDU also applies to the lenders and insurers that paid LendEDU for higher ratings and rankings, and, even if federal regulators currently lack the appetite for enforcement against those lenders and insurers, a new administration may display greater hunger.
In a prior survey, we advised FinTech lawyers—and their less tech-y colleagues—to follow the developments in the FTC’s case against Lending Club.41 In 2018, the FTC brought suit against Lending Club, a peer-to-peer lending platform that connects borrowers and lenders, alleging the following three counts of unfair or deceptive business practices in violation of the FTC Act and one violation of Regulation P:
Litigation of this action has continued, and each party can claim limited victories in a recent court order. The FTC prevailed on summary judgment for its second deception count: that Lending Club told prospective borrowers that their loans were approved prior to actual final approval.43 Lending Club failed to raise a genuine issue of material fact, and it was clear to the court that Lending Club’s communications to prospective borrowers were likely to mislead a reasonable consumer. Lending Club prevailed on summary judgment on the Regulation P count. Because the FTC sought only injunctive relief and Lending Club had already amended its disclosure process to come into compliance with the law, the court dismissed the count as moot.44
The bulk of the litigation, however, will proceed. The more interesting of the two remaining counts is the FTC’s claim that Lending Club deceptively advertised that it did not assess hidden fees, while assessing origination fees that were disclosed in a pop-up bubble. What makes this claim particularly interesting is that Lending Club worked with the CFPB prior to making the loan application flow available to the public. Lending Club claims that the CFPB performed a “‘page-by-page’ review of the loan application flow and did not flag an issue as to the disclosure of the origination fee.”45 Because one of the CFPB’s statutory objectives is to ensure that “consumers are protected from unfair, deceptive, or abusive acts and practices,”46 Lending Club’s position, that its disclosure practices were not deceptive if the CFPB approved of them, seems persuasive. After all, the CFPB is in a better position than the FTC to know what is unfair or deceptive in the context of consumer financial services. When two agencies have overlapping regulatory authority (as the FTC and CFPB do, in certain instances) and the doctrines of unfairness and deception are as amorphous as they are, there are bound to be instances where one agency thinks a practice is deceptive, while the other agency thinks the same practice is lawful.
Effective July 21, 2020, the CFPB amended its “remittance transfers” regulation.47 The regulation will provide relief to certain low-volume providers by changing the safe harbor in the definition of “remittance transfer” from 100 to 500 transfers annually. Providers increasing their volume to more than 500 remittance transfers “in the normal course of business” will have six months to “begin complying with” Subpart B of Regulation E.48 Providers expecting declines in remittance transfers to fewer than 500 per calendar year will be allowed to cease compliance.49 Also, provisions on allowable cost estimates will allow insured institutions that made 1,000 or fewer transfers to the destination country in the prior calendar year to disclose estimated exchange rates if the designated recipient will receive funds in the country’s local currency and three additional criteria are met.50 Similarly, insured institutions that made 500 or fewer transfers to the designated institution recipient may disclose estimated third-party fees at the destination if four additional conditions are met.51
Last year’s survey mentioned class actions lawsuits filed against Chase Bank, Bank of America, and State Farm Bank that alleged the financial institutions had illegally imposed cash-advance fees on purchases of cryptocurrency.52 In the litigation against Chase Bank, the court granted preliminary approval to a proposed settlement.53 Under the settlement agreement approved by the court, Chase would pay $2,500,000, which would cover attorneys’ fees and settlement costs, and provide for a cash payment to each of the 62,000 class members who choose to participate.54 Whether the other defendants in this trio of cases will settle or continue on to trial remains unknown at this juncture.
The June 2019 Guidance for Risk-Based Approach: Virtual Assets and Virtual Asset Service Providers, issued by the Financial Action Task Force (“FATF”), called for a June 2020 review of how FATF-member nations have implemented regulations requiring records of customers and transactions sufficient to comply with FATF’s anti-money-laundering and counter-terrorist financing provisions.55 The FATF’s Guidance defined two new terms—“virtual asset” and “virtual asset service provider.”56 The term “virtual asset” subsumed key elements of FATF’s 2014 definition of the term “virtual currency” to include currency and non-currency assets that are digitally represented.57
A U.S. Treasury official later explained that “virtual asset service providers” under FATF’s definition of that term were governed by FinCEN’s “money service business” registration and recordkeeping guidance published in 201158 and in 2013.59 The official also stressed that FinCEN’s 1996 Travel Rule60 governs “virtual asset service providers.”61 The same official subsequently stressed the need for compliance with the Travel Rule.62
In 2019, the Securities and Exchange Commission (“SEC”) filed enforcement actions under the Securities Act of 1933 (“1933 Act”)63 against Telegram Group, Inc. (“Telegram”)64 and Kik Interactive Inc. (“Kik”).65 Both complaints charged that defendants failed to register offerings and that their initial offerings promising later token distributions were not exempt from registration under the 1933 Act.
We focus on Telegram, which had raised $1.7 billion from 175 initial investors in 2018.66 Telegram offered those investors Simple Agreements for Future Tokens (“SAFT”), whereby initial investors deliver money to promoters, who then use that money to develop functional networks and functional tokens, which tokens are then delivered to the initial investors, who may then resell the tokens to the public.67 The proponents of SAFT acknowledged that SAFT’s first phase involves an “investment contract,” and thus a “security,” but they believe that their design offers the crypto industry a framework for token sales that complies with the federal securities laws.68 The Complaint focused on the post-SAFT token deliveries and prospective sales by original investors to the public. Telegram had not registered the SAFT-phase offering or the impending sales of tokens—a new cryptocurrency called Grams.
Telegram argued that SAFTs are exempt from registration under SEC Regulation D69 because the initial investors were accredited.70 Telegram also claimed that public purchasers of post-SAFT tokens from the SAFT-phase initial investors would not be purchasing “securities.”71
On March 24, 2020, a federal district court issued a preliminary injunction against Telegram’s failure to register its offering.72 The court applied the multi-prong Howey “investment contract” test73 to Telegram’s 2018 SAFT sales, purchase agreements, and the series of “contracts and understandings,” including plans for post-SAFT deliveries of Grams to initial investors, and concluded they were “part of a larger scheme” under Howey.74 The court found that the SEC had established a substantial likelihood of success on the merits that Telegram was violating the 1933 Act.75
Following the court’s decision, Telegram announced that it would not proceed to deliver Grams promised to the SAFT-phase investors and that Telegram would end its involvement with Grams.76
On September 30, 2020, in SEC v. Kik Interactive Inc., the court—finding that the Telegram opinion was “instructive”—granted summary judgment to the SEC on the allegation that Kik offered and sold securities without a registration statement or an exemption from registration.77
In January 2020, the SEC issued an Investor Alert on Initial Exchange Offerings (“IEOs”).78 IEOs are offered directly through online trading platforms and purport to give investor-purchasers immediate vehicles for trading the sponsored digital assets.79 The SEC has designated as “red flags” an offeror’s failure to discuss the applicability of U.S. securities laws or its claim that the IEO is not governed by U.S. laws because the platform is located abroad.80 The SEC stated its position that IEOs may violate U.S. securities laws and may lack the protections associated with registered or exempt securities offerings.81 The Alert leaves no doubt: “There is no such thing as an SEC-approved IEO.”82
Looking to the coming year, we foresee that the COVID-19 pandemic will have some effects on financial services, such as increased use of electronic payments, payroll failures, business and consumer bankruptcies, mortgage foreclosures, and garnishments. Some repercussions of the pandemic, however, may not be so obvious. A case in point is the shortage of coins, which is beginning to affect retailers, especially grocery stores and quick-service restaurants.83
Separate from the pandemic, we also expect threats to providers of e-payments and financial services to continue to increase. For example, the FBI has identified “business email compromise” (“BEC”) as the number one financial threat at this time.84 BEC involves the capture of business credentials that enable the perpetrator to transmit wire transfer instructions that bleed funds from the unsuspecting business.85
Cryptocurrencies are likely to see innovations and regulatory pressures. Facebook is working on regulatory approvals for its Libra currency,86 PayPal is working on its own cryptocurrency,87 and central-bank digital currencies appear to be gaining traction.
With so many prospective innovations and ensuing regulatory jousts likely to accompany new providers, products, and services, readers will need to stay alert and be resourceful.