State AG Monitor

State AGs in the News

Posted in Consumer Protection, Data Privacy, Financial Industry, For-Profit Colleges, State AGs in the News

Consumer Protection

Federal Agencies Bulk-Up Investigation Into Dietary Supplements

  • The U.S. Department of Justice (DOJ), as lead agency in a multi-agency federal enforcement action, has filed criminal charges against USPlabs LLC, and commenced civil lawsuits against more than 100 other makers or marketers of dietary supplements. As we indicated in prior posts, it was only a matter of time before the investigation into dietary supplements spread from State AGs to federal regulators.
  • In the criminal indictment, the DOJ charges USPlabs with using false certificates of analysis and false labeling to sell products, including Jack3d and OxyElite Pro, that contained potentially harmful synthetic stimulants. USPlabs represented to consumers that the products were made from naturally occurring plant extracts. The indictment also alleges that the defendants committed wire fraud by transmitting false documents by means of wire and radio communications, obstructed a Food and Drug Administration (FDA) investigation by selling products verbally to avoid creating a paper trail, and conspired to commit money laundering.
  • In addition, the DOJ teamed with the U.S. Postal Inspection Service and the FDA to bring multiple civil cases against supplement companies for selling or marketing unapproved or misbranded drugs in violation of the Food, Drug, and Cosmetic Act. In these cases, the government used the claims made on the defendants’ labels and relevant websites to argue that defendants intended the products to be used for the diagnosis, cure, mitigation, treatment, or prevention of disease, and thus alleged the products were “drugs” under the Act. For example, the DOJ sued Lehan Enterprises for insinuating that its DMSO Cream could treat or cure, among other things, arthritis, herpes, gallstones, and toenail fungus.
  • The Federal Trade Commission (FTC) also joined the enforcement effort, filing civil cases alleging that supplement makers violated Section 5 of the FTC Act by engaging in false and misleading advertising and marketing practices. For example, the FTC filed a complaint against Sunrise Nutraceuticals, LLC, claiming that the supplement maker made false or unsubstantiated efficacy claims through marketing that indicated its supplement Elimidrol would help users complete opiate withdrawal successfully and overcome opiate addiction.

New York AG Takes Daily Fantasy Sports Fight Into Round Three

  • New York AG Eric Schneiderman filed an enforcement action seeking to enjoin daily fantasy sports websites DraftKings, Inc. and FanDuel, Inc. from accepting wagers and operating in New York for alleged violations of the State Constitution and Penal Code.
  • As we outlined in a prior post, AG Schneiderman issued cease-and-desist letters to the websites last week for what the AG believes are violations of New York’s gambling laws. The websites responded by filing separate lawsuits in New York Supreme Court, asking the court to rule that the AG’s letters were unconstitutional and an abuse of discretion, and to grant a temporary restraining order. The websites argued that their business model is legal under an exception for fantasy sports contained in the 2006 Unlawful Internet Gambling Enforcement Act. The court denied those requests.
  • On Monday, the AG filed complaints against DraftKings and FanDuel, highlighting other states that have banned daily fantasy sports wagering, and providing detailed arguments as to how the websites’ business operations are “knowingly advancing or profiting from unlawful gambling activity” as well as “engaging in bookmaking.”

FTC Amends Telemarketing Sales Rule

  • The FTC published final amendments to the Telemarketing Sales Rule to prohibit certain types of payment methods frequently used by scammers. Most of the amendments will become effective 60 days after publication.
  • The amendments will prohibit remotely-created checks or payment orders, as those mechanisms allow for direct debit from a consumer’s checking account, making it difficult to effectuate a reversal. They will also prohibit the use of “cash-to-cash” money transfers, which are often anonymous and difficult to trace after the fact. Finally the amendments will prevent payment through “cash reload” mechanisms, where a consumer loads money onto the caller’s prepaid card.
  • The amendments also alter aspects of the Do Not Call Registry, including requirements that a telemarketer: demonstrate an existing business relationship in order to call a person on the Registry; acquire the information needed to place the consumer on the entity-specific do-not-call list or be disqualified from the safe harbor for isolated or accidental violations; and not share the cost with other sellers for accessing the Registry.

Data Privacy

FTC Loses Data Security Suit in Its Own Court

  • Chief Administrative Law Judge Michael Chappell dismissed the FTC’s complaint, originally filed in 2009, alleging that LabMD, Inc. violated the FTC Act by failing “to employ reasonable and appropriate measures to prevent unauthorized access to consumers’ “personal data.”
  • The dispute also highlighted the role played by private security firms in detecting data breaches. In this case, a private firm named Tiversa contacted LabMD to discuss consumer information that it had found while searching public networks. Tiversa allegedly used that information in an attempt to sell data protection services to LabMD. When LabMD did not buy the services, Tiversa provided the information to the FTC. The FTC found that Tiversa had “a financial interest in intentionally exposing and capturing sensitive files on computer networks, and a business model of offering its services to help organizations protect against similar infiltrations.” In October, 2014, Tiversa filed a defamation case against LabMD, which is still pending in Pennsylvania trial court.
  • The FTC alleged that LabMD committed an unfair practice in violation of Section 5 of the FTC Act, when it stored the names, dates of birth, Social Security numbers, and personal health insurance information for over 9,000 consumers on publicly accessible, peer-to-peer networks. The FTC argued that “injury” was likely for any consumer whose information was disclosed, as they would be subject to increased risk of identity theft. This is a key element under Section 5(n), which requires the FTC to demonstrate that the indicated practice “causes or is likely to cause substantial injury to consumers.”
  • Ultimately, Judge Chappell did not accept the FTC’s theory of injury, finding that “Complaint Counsel has failed to meet its burden of proving that Respondent’s alleged unreasonable data security caused substantial consumer injury.” Whether the logic of this decision—i.e., the FTC must show more than just an increased risk of identity theft in order to meet consumer injury element—will be isolated to the complicated factual background, or whether it marks a shift in assessing data breach enforcement by the FTC overall will be a development to watch for in future cases, including the Wyndham case currently pending in federal court in New Jersey.

Financial Industry

NY DFS Plans to Issue Detailed Cybersecurity Rules

  • The New York Department of Financial Services (DFS) recently sent a letter to a group of federal and state regulators, outlining the DFS’s plans to create a new cybersecurity regulation for entities in the financial industry, and calling for coordination and collaboration among regulators.
  • The letter indicates the financial industry’s use of third-party service providers remains one of the main concerns regarding cybersecurity for banks and insurers, and suggests that covered entities be required to create and disclose third-party management procedures. The DFS issued a report in April describing concerns with third-party service providers in greater detail.
  • The letter also enumerates a number of additional policies and procedures the DFS expects cybersecurity regulations to require regulated entities to implement, including: to maintain written cybersecurity policies and procedures (identifying twelve specific areas to be addressed); to utilize multifactor authentication, to employ a chief information security officer; to establish annual audit procedures to test vulnerabilities; and to provide notice of cybersecurity incidents to the DFS.
  • A cybersecurity regulation of this detailed scope would be a first for a state-level regulator. Although State AGs have been increasingly active in data breach investigations, they have usually done so under broader laws to prevent unfair and deceptive practices. Moreover, as we have seen with trends in data breach notification requirements, what starts in one state often spreads to others.

For-Profit Colleges

DOJ and 39 AGs Settle With For-Profit College Consortium

  • The U.S. DOJ and AGs from 39 states and the District of Columbia reached agreements with Education Management Corp. (EDMC) to resolve multiple qui tam lawsuits alleging that the consortium of over 100 online and bricks-and-mortar, for-profit colleges violated federal and state false claims acts when it participated in federal student aid programs.
  • The cases centered on the claim that EDMC based administrative compensation on the number of students recruited by each admissions employee—an allegation, that if true would violate the Incentive Compensation Ban contained in Title IV of the Higher Education Act of 1965 (HEA). When EDMC certified that it was in compliance with the HEA and similar state laws in order to receive funding through student aid programs, it allegedly violated the False Claims Act.
  • Although EDMC indicated that the claims were without merit, it cooperated with the investigation and agreed to pay $95.5 million to the DOJ, and to provide $102.8 million in loan forgiveness to more than 80,000 former students in response to the suit. It agreed to make certain disclosures during the recruiting process, including potential student debt upon graduation, the graduation rate, and numbers of students who get jobs. Finally, EDMC agreed to limit enrollment in unaccredited programs and to implement an extended period during which new students can withdraw with no financial obligation.

State AGs in the News

Posted in Antitrust, Charities, Consumer Financial Protection Bureau, Consumer Protection, Securities, State AGs in the News, States v. Federal Government

AG Insights

New York AG Doubles Down on Investigation Into Daily Fantasy Sports Websites

  • See this recent blog post highlighting the New York AG’s investigation by State AG Monitor Contributor and Dickstein Shapiro Counsel Aaron Lancaster.


Airline Antitrust Investigation: Are the Skies Too Friendly?

  • See this recent blog post on the U.S. Department of Justice’s (DOJ) investigation into major U.S. airlines by Daniel Schaefer, an attorney in Dickstein Shapiro’s antitrust practice.

FTC Finds Breeders Association’s Code of Ethics to Be Anticompetitive

  • The Federal Trade Commission (FTC) approved a final order resolving allegations that certain membership rules and practices implemented through the National Association of Animal Breeders, Inc.’s (NAAB) Code of Ethics violated Section 5 of the FTC Act.
  • The FTC alleged that the NAAB, a nonprofit trade association of animal breeders active in the dairy and beef industries, required its members to abide by a Code of Ethics that restricted how members could advertise their artificial insemination products and services. The Code of Ethics limited members’ ability to provide truthful, nondeceptive information about their bull stock and bovine semen products, and restricted comparisons of price and quality with other members’ bulls. The NAAB even allegedly provided a mechanism to implement sanctions when a member violated the Code.
  • Although there is no monetary sanction imposed, the final order requires the NAAB to cease imposing the restrictions and to implement an antitrust compliance program. NAAB must also publish an announcement explaining the FTC order and the resulting changes to the Code of Ethics, and must remove any references to the restrictions from its website and official documents.


Cert Denial Paves Way for State AGs to Get Donor Lists

  • The U.S. Supreme Court denied the Center for Competitive Politics’ (CCP) petition for certiorari to review the Ninth Circuit’s decision denying its motion for a preliminary injunction. The CCP had sought to enjoin a new California law that requires nonprofit groups soliciting contributions in the state to provide a list of significant donor names as part of an annual registration process with California’s Registry of Charitable Trusts.
  • The CCP along with numerous amici curiae, including the states of Arizona, Michigan, and South Carolina, argued that the law violates members’ rights to anonymous speech and free association under the First Amendment. Supporters of CCP also argued that donor names, once under control of the state AG’s office, will not be safe from disclosure, and might even be accessible to the public under state freedom of information laws.
  • The CCP alleged irreparable harm due to diminished enthusiasm among donors to contribute to controversial nonprofits if there was a risk of having their association made public. The Ninth Circuit found that plaintiffs had not demonstrated that such irreparable harm was “likely,” as is required to meet the standard for a preliminary injunction. This issue will be interesting to watch in the coming years to see if organizations like the CCP can demonstrate actual harm once the law has gone into effect.

Consumer Protection

SCOTUS to Decide on Standing to Seek Statutory Damages Without Concrete Harm

  • The U.S. Supreme Court heard oral arguments in Spokeo, Inc. v. Robins, an appeal of the Ninth Circuit’s decision that a plaintiff who alleges a violation of a federal statute on behalf of himself and a class has standing to sue in federal court for statutory damages without otherwise alleging that he or other class members suffered a concrete harm as a result of the alleged violation.
  • The plaintiff, Thomas Robins, claimed that Spokeo, an Internet database that gathers information from publicly available online sources, violated the Fair Credit Reporting Act (FCRA) by collecting and publishing inaccurate information about him and other consumers online. Robins’ claims center on Spokeo’s alleged failure to implement reasonable procedures to assure the accuracy of the information it gathers and publishes. The FCRA provides statutory damages of $1000 per violation, and what Robins is alleging would amount to one violation. However, given the scope of Spokeo’s actions across the Internet, the potential class of equally “injured” consumers could be in the millions.
  • The Consumer Financial Protection Bureau and the DOJ filed an amici brief in support of Robins, arguing that the willful invasion of a legally protected interest is a sufficient injury-in-fact to give a plaintiff standing in federal court. The brief further argues that Robins’ allegations that Spokeo failed to exercise due care in collecting and publishing information, and that such failure resulted in the dissemination of false information, could, if true, demonstrate a willful failure to comply with the FCRA as required by 15 U.S.C. 1681n(a).
  • In contrast, eight State AGs filed their amici brief in support of Spokeo, arguing that class actions based on statutory damages, but unrestrained by proof of a concrete harm, “endanger the judicial process by creating immense pressure to settle.” The AGs argued that Congress has the power to create a new cause of action and a statutory remedy, but “it cannot confer standing on a plaintiff who is not actually harmed.”


SEC Files Fraud Charges Over Transatlantic Tweets

  • The Securities and Exchange Commission (SEC) filed securities fraud charges against a trader who allegedly used Twitter accounts, designed to mimic those of well-known securities research firms, to post false tweets to manipulate stock prices.
  • The complaint claims that James Alan Craig, a resident of Dumfries, Scotland, issued false and misleading tweets, and traded on the market reaction. In the first instance, Craig allegedly tweeted that noise suppression company Audience Inc., was being investigated by the U.S. Department of Justice for fraud. Audience’s stock price fell 28 percent in the hours that followed. In the second instance, Craig allegedly tweeted that Sarepta Therapeutics Inc. was facing U.S. Food and Drug Administration scrutiny for doctoring the trial results of one of its drugs. Sarepta’s stock price dropped 16 percent in subsequent trading.
  • The SEC alleges that Craig’s conduct amounts to fraud in violation of Section 10(b) of the Securities Exchange Act of 1934, and Rule 10b-5. The SEC seeks a permanent injunction, disgorgement of Craig’s profits, and monetary penalties.

States v. Federal Government

Court of Appeals Affirms Injunction Over President’s Executive Action on Immigration

  • The Court of Appeals for the Fifth Circuit, by a 2-1 decision, upheld the preliminary injunction against President Obama’s executive orders on immigration that would have offered deferred immigration action for parents of American citizens (DAPA) and for immigrants who arrived as children (DACA).
  • The court’s majority sided with Texas AG Ken Paxton, joined by AGs from 25 additional states as plaintiffs, and ruled that the district court did not abuse its discretion in finding that the injunction was proper because Texas and the other challengers were likely to succeed on the merits, which in this case were based on the argument that the President’s orders failed to comply with the Administrative Procedure Act’s requirements for creating agency regulations.
  • In the dissent, Judge Carolyn King indicated that the challenged orders contain only guidelines for the exercise of prosecutorial discretion and do not confer any benefits to DAPA recipients without further action, indicating that she would deem the issue to be nonjusticiable. In addition, Judge King noted the political nature of the case, which was brought by 24 states under Republican governorship, along with Republican AGs from Montana and West Virginia.
  • The DOJ has indicated that it will seek review by the Supreme Court, but will be under a tight deadline to do so in the upcoming term. If the Supreme Court does not grant cert, then the injunction will stand and the President will be unable to implement the immigration programs until after the substantive case has been decided on the merits, likely under a new President.

New York AG Doubles Down on Investigation Into Daily Fantasy Sports Websites

Posted in Consumer Protection, Investigations

With the debate over fantasy sports wagering heating up among regulators in various jurisdictions, it should come as no surprise that New York AG Eric Schneiderman upped the ante on Tuesday, issuing cease-and-desist letters to the largest daily fantasy sports wagering sites, DraftKings and FanDuel. AG Schneiderman indicated that his investigation—which was initiated on allegations of employee misconduct and the unfair use of proprietary information—had determined that the two sites violated New York law by supporting illegal gambling. The letters demand that the sites stop accepting wagers in New York. Moreover, for FanDuel, which keeps its headquarters in New York, the AG’s determination might have an even greater effect on business.

The core of the AG’s claims is that DraftKings’ and FanDuel’s business models and operations constitute illegal gambling under both the New York Constitution and New York Penal Law, which generally prohibit a person from staking or risking “something of value upon the outcome of a contest of chance or future contingent event not under his or her control or influence.” The AG stressed that the sites are in full and active control of the wagering and derive most of their revenue from fees associated with placing bets. In addition, the AG argues that the sites even promote their services like a lottery.

However, there are also hints of a deceptive practices claim in the AG’s allegations; namely that the sites market their product as something anyone can win, but according to the AG’s investigation, only a few professional, highly sophisticated players appear to take home “the vast majority of the winnings.” With this, Schneiderman may face a bit of a conundrum: if the same people win most of the time, how can the AG argue that there is not at least some aspect that is not under the control or influence of the people making the wagers?

The New York law requires that “chance” play a material role in the outcome in order for a game to be deemed illegal. If there is some element of skill involved, and chance plays only a minor role determining who wins through daily fantasy sports, it will be harder to argue that the business model constitutes illegal gambling. Proponents of Texas Hold ‘Em and other poker games have made a similar argument, with some success, seeking to avoid culpability under federal law. See United States v. Dicristina, 886 F. Supp. 2d 164, 225 (E.D.N.Y. 2012) (reversed on other grounds at 726 F.3d 92 (2d Cir. 2013)).

The New York definition of illegal gambling is similar to that of many other states, and thus the outcome of this action will resonate outside of the state (Congressmen from New Jersey are asking the FTC to look into the issue). In addition, a violation of state gambling laws can bring forth federal indictments under the Illegal Gambling Business Act of 1970 (the U.S. Attorney for the S.D.N.Y., Preet Bharara, is allegedly already investigating FanDuel and DraftKings), and could also raise concerns of money laundering and other violations that are tangentially related to criminal activity.

Airline Antitrust Investigation: Are the Skies Too Friendly?

Posted in Antitrust

By: Daniel Schaefer[1]

This past summer the Department of Justice opened up an investigation into the domestic airline market to determine if there had been collusion in the decisions to limit the expansion of seat capacity (ergo, to raise ticket prices). In the months that followed, airline passengers around the country filed at least 23 separate class action suits accusing the airlines of conspiring to fix airline ticket prices. After a jurisdictional battle broke out among leading cases, the U.S. Judicial Panel on Multidistrict Litigation consolidated the class actions to the District of the District of Columbia. Unfortunately for the airlines, regardless of the outcome of the DOJ investigation, the multidistrict lawsuit will likely continue.

At this point, it is not exactly clear what prompted the investigation, nor has a cogent theory of collusion emerged. The New York Times initially reported that multiple airline executives may have signaled each other in public addresses and trade association meetings to remain “disciplined” about capacity—industry jargon for limiting flights. Shortly thereafter, Senator Richard Blumenthal of Connecticut called on the DOJ to take more aggressive action, pointing to surging airline profits and perceived higher fares for passengers in spite of falling fuel costs. Senator Chuck Schumer followed, alleging that the airlines were withholding flight information from discount websites in an attempt to control ticket sales. And in recent months, the DOJ has indicated that it is looking into communications between the airlines and their significant investors, presumably under the theory that investors with common ownership served as a conduit through which a collusive outcome was sought.

Whatever the alleged vector, regulators may have a hard time overlooking prior antitrust investigations in this industry. From 2005 to 2011, the DOJ obtained guilty pleas from many airlines and secured nearly $2 billion in fines for an alleged conspiracy to fix cargo fuel surcharges. The current claims fall against that backdrop, and in spite of plummeting fuel costs—savings you’d expect airlines to pass on to customers—inflation-adjusted fares have risen (slightly). In addition, the airlines are now reporting large profits; a remarkable recovery for an industry that lost billions for many years and had several participants file for bankruptcy.

Of course, the fact that the airlines are finally all making profits does not prove anything on its own. In many competitive industries, business decisions on pricing and capacity may be “interdependent.” Competitors may have parallel responses when presented with similar market forces. The airlines could be engaging in substantially similar business conduct, whether in terms of setting prices or limiting passenger carrying capacity, simply because they have all decided independently that it is the best strategy. If common investors are involved, it opens up a new-ish theory of antitrust liability that asks whether investors, acting in self-interest to reap higher profits and in response to similar market forces, violate the Sherman Act by influencing their airline investments in similar ways.

Still another twist that might play out is the role of confirmation bias. The DOJ has, for the most part, approved the series of mergers over the past few years that reduced the number of major airlines from eight to four. The most recent of these mergers between American and US Air in late 2013 consolidated more than 80% of the domestic airline seats into only four carriers. The DOJ initially sued to block it, but American and US Air ultimately persuaded the DOJ that the merger would benefit consumers by allowing the joined airlines to create more options for travelers through a comprehensive network of global alliances. Can the DOJ now be tasked with impartially determining whether this market is supporting collusion without calling into question the prudence of its prior decisions?

In addition, some research suggests that the industry is not predisposed to price-fixing. This is the position of Harvard professor Michael Porter, famous for his Five-Forces Analysis assessing the “attractiveness” of a market through five external forces: (1) threat of new entrants; (2) threat of substitute products; (3) buyers with bargaining power; (4) suppliers with bargaining power; and (5) rivalry among existing firms.[2] Collusion acts on the fifth force by suppressing inter-firm rivalry.[3] As such, price-fixing should be more profitable in industries where forces 1-4 have a relatively benign effect on prices, and factor 5 exerts greater influence.

The Five Forces analysis implies that the airline industry is notoriously unattractive for price-fixing because airline profitability and growth are most heavily influenced by Forces 1-4: there are low barriers to entry, with new startups continually threatening incumbent airlines (force #1); other means to travel are improving (force #2); customers are becoming better informed and can easily discover competitors’ prices through online sources (force #3); the two main suppliers of commercial jets are responding to increased international demand, and flying is dependent on fuel, labor, and infrastructure costs, and subject to government control and political influence (force #4). Even meteorological forces, from Icelandic volcanoes to polar vortices, can wreak havoc on airlines profits.[4]

Porter’s work emphasizes an important reality underpinning the potential for collusion in the airline industry; namely, inter-firm rivalry, historically, has not been the main threat to airline profitability. On the other hand, we might be witnessing a new dynamic in the post-merger environment. Although mergers eliminate competition between the firms that merge, they also increase the incentives—and therefore the likelihood—for the remaining firms to collude. If the mergers create an oligopolistic market, it also becomes easier for the remaining participants to consciously monitor, and parallel, their competitors’ actions without ever having forged an agreement, a phenomenon known as tacit collusion. The ultimate question for the DOJ is whether the airlines made an agreement. Although the Sherman Act is broad enough to encompass a purely tacit agreement to fix prices, the DOJ usually proves collusion through communications.

At some point, the antitrust regulators at the DOJ must have concluded that the airline mergers it approved were competitively beneficial or at the worst competitively neutral. Yet all merger analysis is predictive and imperfect. Perhaps the DOJ has had a change of heart, or perhaps it just believes an investigation is warranted as a first step. Either way, for companies operating in markets with only a few major participants, it might not be a bad idea to be just a bit less friendly.


[1] The ideas expressed herein are my own personal and independent views, and not those of Dickstein Shapiro or its clients.

[2] Michael E. Porter, “The Five Competitive Forces That Shape Strategy,” Harvard Business Review (Jan. 2008).

[3] Robert C. Marshall & Leslie M. Marx, The Economics of Collusion (2012).

[4] The Five Competitive Forces That Shape Strategy, An Interview with Michael E. Porter, (June 30, 2008) (here for video).

State AGs in the News

Posted in Consumer Financial Protection Bureau, Consumer Protection, False Claims Act, Financial Industry, State AGs in the News

2015 Elections

Kentucky and Mississippi Select AGs and Governors, Louisiana Waits for Runoff

Consumer Financial Protection Bureau

CFPB Finds Background Checking Companies Lacking

  • The Consumer Financial Protection Bureau (CFPB) reached an agreement with General Information Services and its affiliate,, (together, “Defendants”) to resolve an investigation into whether the background screening service providers violated the Fair Credit Reporting Act through generating inaccurate pre-employment reports.
  • The CFPB alleged that Defendants failed to take reasonable measures to assure accuracy between the information reported and the consumer for which it was requested. Such alleged missteps included attaching criminal records to the wrong consumers, reporting dismissed and expunged records, and reporting misdemeanors as felony convictions. The CFPB also claimed that Defendants reported information on civil suits and judgments older than seven years.
  • The consent order requires Defendants to pay $10.5 million in relief to harmed consumers and $2.5 million in civil penalties. It also requires that Defendants significantly revise their procedures to assure accuracy by: retaining an independent consultant to assess the company’s procedures, conducting frequent audits, and implementing algorithmic safeguards that cross reference other consumer data when the requested report involves a person with a common name.

Consumer Protection

FTC and State AGs Unite to Avenge Unfair Debt Collection

  • The Federal Trade Commission (FTC) announced that it will partner with other federal, state, and local law enforcement agencies, including 48 State AGs, to target abusive debt collection practices in a nationwide enforcement effort dubbed “Operation Collection Protection.”
  • As indicated by Delaware AG Matt Denn, one of the major benefits to participating in this operation is that it will allow AGs and the FTC “to share information about investigation targets with other members, as well as share best practices for investigating and bringing actions against illegal debt collectors.”
  • In announcing the initiative, the FTC highlighted cases in which it has already worked successfully with State AGs—touting 115 of them. It also indicated the types of actions that it will pursue through this alliance, including: knowingly collecting on phony or “phantom” debts (i.e., debts that no longer exist, are beyond statute of limitations, or have already been settled), failure to provide legally required disclosures and notices, and failure to follow state and local licensing requirements.

NHTSA Issues Largest Ever Civil Penalty

  • The National Highway Traffic Safety Administration (NHTSA) ordered TK Holdings Inc. (better known as “Takata”) to pay civil penalties connected to the airbag maker’s alleged violations of the Motor Vehicle Safety Act.
  • NHTSA’s claims against Takata center on whether the airbag maker provided, in a timely manner, complete information as to the potential defect—first after it initially discovered the potential for consumer safety issues, and second in response to NHTSA’s special orders issued as it sought to investigate the problem.
  • Under the terms of the consent order, Takata must pay $200 million in civil penalties—the most ever ordered by the agency—but with $130 million being deferred and held in abeyance pending Takata’s adherence to the settlement terms and avoidance of any further violations of federal law. Notably, the consent order indicates that the NHTSA investigation will remain open, and payment of civil penalties does not preclude the potential for further claims based on safety issues with similar parts. The consent order also requires Takata to change internal quality control and risk assessment processes, and to retain an independent monitor to ensure compliance.

AGs Form Multistate Investigation Into Volkswagen

  • U.S. and European regulators have expanded their respective investigations into Volkswagen’s alleged use of “defeat device” software in its diesel engines to get around emissions laws; the new list of vehicles under investigation now includes Porsches and an increased number of Audi models.
  • State AGs are also investigating. According to reports, AGs from at least 45 states and the District of Columbia have joined in a multistate investigation, and have already begun forming an executive committee. Three State AGs, from California, Texas, and West Virginia, have filed lawsuits alleging violations of state consumer protection laws and state clean air standards.
  • Unlike the federal investigation, which will focus on the environmental and competition issues involved and have possible criminal implications, State AGs will likely focus on the claims made by the carmaker in its advertisements, including print and digital media, describing clean diesel cars as being good for the environment. State deceptive practices laws typically cover misleading advertisements and can carry fines of $5000 for each violation.

Massachusetts AG Pulls the Plug on Internet Lenders

  • Massachusetts AG Maura Healey, along with the state bank regulator, reached a settlement agreement with Western Sky Financial, LLC; WS Funding, LLC; CashCall, Inc.; Delbert Services Corporation; Martin Webb; and J. Paul Reddam (together, “Lenders”) resolving a number of issues arising out of the Lenders’ efforts to provide consumer loans over the internet.
  • The complaint alleged that the Lenders solicited consumer loans over the internet with annualized interest rates (APRs) ranging from 89 to 355 percent. In Massachusetts, the legal amount of interest on a consumer loan of less than $6000 is 12 percent. In addition, as addressed by the Division of Banks (DOB) in three separate Cease Orders in 2013, the Lenders were operating from outside the state and did not have the proper licenses or registrations to conduct business in Massachusetts. The Lenders sought judicial review of the DOB Orders, and those actions were consolidated with the AG’s consumer protection action filed on October 6, 2015.
  • The final judgment by consent requires the Lenders to provide refunds to the extent that a consumer’s total payments exceeded the principal plus the statutory maximum 12 percent rate of interest, and debt forgiveness for any remaining debt. The DOB estimates the consumer refunds and debt relief could approach $17 million. The Lenders must also pay $388,231 in civil penalties, half of which will be suspended after full compliance with the consent judgment. The companies also agreed to pay attorneys’ fees of $65,000.

False Claims

States and Feds Move Forward With Settlement Over Reverse False Claim

  • A group of AGs from 49 States and the District of Columbia finalized a settlement with AstraZeneca LP and Cephalon, Inc. ending a joint state-federal investigation into charges that the drug makers violated state and federal false claims acts.
  • The complaint alleged that AstraZeneca and Cephalon had submitted “reverse” false claims by underpaying the rebates due to the states under the Medicaid Drug Rebate Program. The amount of the rebate that the drug makers owe depends in large part on the average price that drug wholesalers pay them for the drugs: the lower the average price, the lower the rebate that must be paid. In this case, the drug makers allegedly utilized an accounting practice through which they classified service fees paid to wholesalers as “discounts” in the price of the drug. The result being that the drug makers could report an artificially deflated average price and thus pay less to the states as rebates.
  • The U.S. Department of Justice (DOJ) intervened in July, after reaching a settlement in principle under which AstraZeneca will pay $46.5 million and Cephalon $7.5 million. Although the states did not participate, they will receive shares based on a variety of factors, including state false claims acts, sales, etc. The lawsuit was initiated by a whistleblower in the Eastern District of Pennsylvania and is ongoing with numerous other drug makers remaining as defendants.

Financial Industry

Settlement Requires Bank to Kill Off “Zombie” Debt and Pay $100 Million

  • California AG Kamala Harris has entered into a stipulated judgment with JPMorgan Chase & Co.; Chase Bank USA, N.A.; and Chase BankCard Services, Inc. (“Chase”) putting to rest the state’s claims that Chase violated California Business and Professions laws through consumer debt sales and enforcement actions.
  • The complaint, which was filed in 2013, alleged that Chase engaged in a variety of illegal consumer debt collection practices, including: selling “zombie” or “phantom” debts (debts that were inaccurate, settled, discharged in bankruptcy, not owed, or otherwise not collectable) to third-party debt collectors; filing more than 125,000 collection lawsuits based on “robo-signed” documents; making illegal threats of litigation; and obtaining default judgments against military servicemembers on active duty.
  • As part of the stipulated judgment, Chase agreed to pay $50 million to consumers nationwide ($10 million estimated for California consumers), $45 million to the California AG’s consumer protection enforcement efforts, and $5 million as a civil penalty. Chase also agreed to make significant changes to its practices, including internal controls for providing proper documentation to consumers both before and after debt sales, as well as restrictions on third-party debt buyers post purchase recovery actions.

2015 AG Elections

Posted in Elections

Although an off-year, the Attorney General (AG) positions in Mississippi, Kentucky, and Louisiana all were up for grabs this year.

In Mississippi, the election resulted in more of the same: Democrat Jim Hood won his fourth term as AG, defeating Republican Mike Hurst by a margin of 56 to 44 percent. Republican Phil Bryan secured his second term as governor over a challenge by Democrat Robert Gray by a margin of 66 to 32 percent.

In Kentucky, the election demonstrated a stronger Republican turnout than expected. Despite this, Democrat Andy Beshear emerged the victor over Whitney Westerfield in the AG race, but by a much narrower margin than was expected, 50.1 to 49.9 percent. Between the two AG campaigns, and significant contributions by the Republican Attorney General Association, almost $6 million was spent on the race. The race for governor saw the Bluegrass State go red as Republican Matt Bevin surprisingly surged past former AG Jack Conway, 53 to 44 percent. Conway had led in most significant polls leading up to the election.

Louisiana voters must wait for a November 21 runoff between incumbent AG Buddy Caldwell, the Democrat-turned-Republican, and former Congressman and Republican challenger Jeff Landry. Since the two candidates emerged with almost identical results from Louisiana’s “jungle” primary, but with neither gaining more than 50 percent, a runoff is required. There will also be a runoff for the governor’s chair between Democrat John Bel Edwards and Republican David Vitter.


State AGs in the News

Posted in Consumer Financial Protection Bureau, Consumer Protection, Data Privacy, Financial Industry, Securities

Consumer Financial Protection Bureau

CFPB Settles With Debt Collector Allegedly “Abusing” Servicemembers

  • The Consumer Financial Protection Bureau (CFPB) entered into a consent order with Security National Automotive Acceptance Company (SNAAC), LLC, resolving the CFPB’s allegations that the auto lender violated the Consumer Financial Protection Act (CFPA) through its actions to collect on debt held by U.S. servicemembers.
  • In addition to arguing that SNAAC’s false and misleading threats regarding legal action were “deceptive acts” under the CFPA, the CFPB also alleged that SNAAC committed “abusive acts” under Section 1031 when it threated to contact commanding officers and inform them that a servicemember was delinquent on payments. Although failing to pay certain debts might violate certain military regulations and subject the consumer to disciplinary action, the CFPB argued that SNAAC took “unreasonable advantage of consumers’ inability to protect their interests” by leveraging the debtors’ military status and making exaggerated claims regarding the potential impacts of a delinquency on their military careers.
  • The administrative consent order requires SNAAC to create a consumer redress plan and provide redress in the form of credits and refunds totaling $2.28 million, and to pay $1 million as a civil penalty to the CFPB. SNAAC must also keep relevant records and submit to compliance monitoring for a period of five years. A separate stipulated final judgment and order entered in federal court prevents SNAAC from including provisions in future debt contracts that purport to allow it to contact commanding officers or other employers in connection with debt collection efforts. SNAAC did not admit or deny the CFPB’s allegations.

Consumer Protection

Oregon AG Sues Nutrition Retailer Over Unapproved and Unlisted Ingredients

  • Oregon Attorney General Ellen Rosenblum filed a lawsuit claiming that General Nutrition Corporation (GNC) violated the state Unlawful Trade Practices Act (UTPA) when it allegedly sold a variety of third-party nutritional and dietary supplements containing drugs unapproved for sale in the U.S. In some cases the packages failed to list the drugs on the labels.
  • In the complaint, AG Rosenblum indicated that her investigation centered around two main substances: Picamilon, a drug used to treat neurological conditions in some countries that is not approved for sale in the U.S.; and BMPEA, a synthetic amphetamine-like stimulant, allegedly present in certain products sold by GNC, either listed outright on the label as BMPEA or coming from the ingredient Acacia rigidula (and not listed on the label).
  • AG Rosenblum argues that GNC violated the UTPA by representing that the products containing the substances were lawful dietary supplements; by indicating that the products were of a particular standard or quality; and by creating the implication that the Picamilon and BMPEA had been approved for use in the U.S., when the substances have not been approved as dietary ingredients. The lawsuit asks for $25,000 in civil penalties for each sale of BMPEA or Picamilon, as well as disgorgement, restitution, attorney fees, investigation costs, and permanent injunction.

Vermont AG Turns up Heat on Propane Supplier

  • Vermont AG William Sorrell reached an agreement with Suburban Propane, LP to resolve allegations that it violated state propane and consumer protection laws.
  • AG Sorrell claimed that Suburban’s actions violated various provisions of the state’s propane laws, including a failure to timely remove propane storage tanks from homeowners’ properties and issue refund checks to consumers once they had terminated service (the law requires both to be completed within 20 days), improperly billing and collecting for a fuel tax, charging an illegal regulatory fee, and terminating service for certain customers without providing 14-day notice, as required by law.
  • Under the Assurance of Discontinuance, Suburban will pay $283,000 to consumers to account for actual or potential delays in service, and refund $28,398 improperly charged in regulatory fees. It will also pay $200,000 to Vermont’s Low Income Home Energy Assistance Program and $200,000 in civil penalties to the State.

Data Privacy

Senate Passes Cybersecurity Bill, Various Groups Question Purpose and Efficacy

  • By a 74 to 21 vote, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA), a bill that will encourage U.S. businesses to share information relating to cyber threats with the federal government and with other potentially affected entities.
  • The main provisions of CISA, formerly Senate Bill 754, create a legal framework within which private entities can not only monitor and defend against cybersecurity threats on their own information systems, but can also coordinate defenses with other private and government entities. Under certain conditions, CISA would allow private companies to share consumers’ personal data otherwise protected by state privacy laws without legal liability. It also requires the creation of procedures through which the federal government can share classified cyber threat information with cleared representatives from relevant private entities.
  • Privacy rights groups, however, are not satisfied with the final bill. The Electronic Frontier Foundation, for example, has called the bill fundamentally flawed, contending it creates broad access and immunity for the government without sufficient privacy protections. Other groups have indicated that the bill does not properly address the core problem of hacking and cybercrime. From here, the bill must go to conference committee, where it will be reconciled with bills previously passed in the House of Representatives.

Financial Industry

Bank Agrees to Pay $50 Million for “Revolving Door” Hire

  • The New York Department of Financial Services (DFS) settled an enforcement action with Goldman, Sachs & Co. resolving allegations that Goldman violated New York Banking Law by hiring a departing bank examiner from the U.S. Federal Reserve Bank of New York (NY Fed), and whether Goldman profited from the use of confidential information gleaned from the former examiner’s contacts.
  • The DFS determined that former NY Fed examiner Rohit Bansal was recruited, in large part, due to his oversight of a particular regulated entity while he was working for the NY Fed. According to reports, Goldman insisted that Bansal get clearance from his former employer, and as a “revolving door” employee, the NY Fed provided Bansal with a Notice of Post-Employment Restriction that prohibited him from working directly on matters regarding the entities he oversaw for one year after his termination at the Fed.
  • Bansal, as outlined in the consent order, offered his own interpretation of the Restriction, asserting that he was only prohibited from personally interacting with the entity. Bansal proceeded to work directly on matters involving the particular entity, and obtained confidential information and documents regarding the entity from his former colleagues at the NY Fed and shared them with his management at Goldman.
  • In addition to firing Bansal and his manager upon learning of his actions, Goldman agreed to pay a civil monetary penalty of $50 million to the DFS, and agreed to a three-year period during which it would not accept any new business that would require the DFS to authorize the disclosure of confidential supervisory information.


SEC Looks to Finalize Crowdfunding Rules, Investors Rejoice for Now

  • The Securities and Exchange Commission (SEC) will vote to approve final rules for Title III retail crowdfunding on Friday, presumably easing the requirements for investors to participate in equity crowdfunding projects. This exception to federal securities laws that generally apply to all publicly sold equity shares stems from the 2012 Jumpstart Our Business Startups Act (JOBS Act).
  • Under the proposed rule, a company would be able to raise a maximum of $1 million in a 12-month period by selling equity shares directly to qualified retail investors. The SEC currently allows crowdfunding of this nature, but only if each investor has annual income of $200,000, or at least $1 million in assets excluding their house. If adopted, the final rules would allow anyone to participate, subject to a limit according to their income and net worth: 5 percent of the investor’s annual income or net worth (whichever is higher) if both numbers are less than $100,000; or 10 percent if income or net worth is greater than $100,000. The final rules would allow the income and net worth of spouses to be combined when calculating the cap.
  • Industry analysts believe the rule will provide an easier, less regulated path for a critical source of funding for companies. However, the rule still requires a company to make certain disclosures and undertake certain procedures in order to participate in retail crowdfunding. The final rule will also create requirements for broker-dealers or funding portals to operate as an SEC-registered crowdfunding platforms. Among other things, these platforms would be prohibited from:
    • Offering investment advice or making recommendations.
    • Soliciting purchases, sales, or offers to buy securities displayed on its website.
    • Imposing certain restrictions on compensating people for solicitations.
    • Holding, possessing, or handling investor funds or securities.

State AG in the News

Posted in Consumer Financial Protection Bureau, Consumer Protection, Data Privacy, False Claims Act, Financial Industry, State AGs in the News

Consumer Financial Protection Bureau

CFPB’s Final Rule Looks to Expand and Improve Mortgage Lending Data

  • The Consumer Financial Protection Bureau (CFPB) finalized the Rule to update lenders’ reporting requirements under the Home Mortgage Disclosure Act (HMDA). The goal of enhanced data gathering under the Rule is to give policymakers greater transparency into consumers’ ability to access the residential mortgage market. The Rule adopts a “dwelling-secured” standard, applying only to loans secured by the house, including home equity loans and reverse mortgages, but excluding home improvement loans and other unsecured lines of credit.
  • The Rule expands the scope of data that mortgage lenders are required to make public, now including disclosure of the property value, term and type of the loan (e.g., adjustable rate, balloon payment, etc.), and the duration of any introductory interest rates. Financial institutions will also be required to give more information as to loan underwriting and pricing, including debt-to-income ratio of the borrower and any discount points charged for the loan.
  • The Rule also seeks to streamline reporting and to expand protections for smaller lenders. Small depository institutions located outside a metropolitan area are excluded from reporting requirements altogether. In addition, the Rule creates a reporting threshold under which depository institutions that have low residential mortgage loan volume will no longer be required to report HMDA data.

Consumer Protection

FTC Settles With Wireless Provider Over Alleged Violation of Risk-Based Pricing Rule

  • The Federal Trade Commission (FTC) reached an agreement with Sprint Corporation over allegations that the mobile communications provider violated the Fair Credit Reporting Act (FCRA) by failing to give proper notice when it charged extra fees to customers with lower credit scores.
  • The Risk-Based Pricing Rule, added to the FCRA in 2003, requires that any company that uses consumer credit reports in connection with providing credit on terms less favorable than those given to a substantial proportion of consumers, must provide notice prior to the consummation of the transaction. The Rule outlines how this notice must be drafted and the information it must provide. The FTC alleged that Sprint placed certain customers in an “Account Spending Limit” program, and charged an additional monthly fee of $7.99 without providing the required notice, or if they did, the notice came too late to allow the customer to cancel and choose a different provider.
  • The proposed settlement requires Sprint to pay a penalty of $2.95 million, and to alter company procedure to give affected customers notice within five days of signing up, or at a point where they can still avoid reoccurring fees and cancel without a penalty. The proposed order was filed in U.S. District Court on the FTC’s behalf by the Department of Justice (DOJ) and awaits approval in the District of Kansas.

Data Privacy

California Amends Data Breach Laws to Clarify Standards

  • California Governor Jerry Brown recently signed into law a series of amendments to further enhance the state’s data privacy and breach notification requirements. The new laws apply to all businesses conducting business in the state that store personal information in electronic format and will take effect on January 1, 2016.
  • Assembly Bill 964 further clarified requirements to use an existing safe harbor provision for encrypted data. Under the new law, for data to be deemed “encrypted,” the company must store it in a manner that renders it “unusable, unreadable or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security.” As this language is not contingent on a specific technology, it may be adapted as technologies continue to improve.
  • Senate Bill 570 creates a standard format for companies to provide data breach notification to consumers. According to the law, the notification must be titled “Notice of Data Breach,” and must include explanations under subheadings titled “What Happened?” “What Information Was Involved?” “What We Are Doing,” and “What You Can Do.” The new law allows for substitute notice through a conspicuous posting on the business’s homepage remaining for at least 30 days.

False Claims Act

Medical Laboratory Agrees to $256 Million FCA Settlement

  • Millennium Health reached a settlement with the U.S. Department of Justice (DOJ) to resolve allegations that the medical laboratory violated the U.S. False Claims Act by billing Medicare and Medicaid for unnecessary urine-based drug and genetic tests.
  • The DOJ alleged that Millennium encouraged doctors—essentially creating a standard operating procedure—to order large numbers of urine drug and genetic tests without regard for individualized patient assessments. The DOJ also alleged that Millennium violated the Stark law and anti-kickback law by giving certain drug test materials to doctors free of charge on the condition that they use Millennium as their drug test service provider.
  • Millennium agreed to pay $256 million and to enter into a corporate integrity agreement with the Department of Health and Human Services. Whistleblowers who initially filed eight separate cases will split $31.8 million. In a statement, Millennium’s CEO indicated that “it was time to bring closure to an investigation that began nearly four years ago.” Millennium reported that it is currently in the process of restructuring its debt, either with lenders directly or through Chapter 11 filing.

New York Court of Appeals Rules Failure to Collect State Sales Taxes Can Be False Claim

  • New York’s highest court has denied a motion to dismiss and ruled that AG Eric Schneiderman can move forward with his lawsuit against Sprint for allegedly violating the state False Claims Act by failing to charge state taxes on wireless phone services.
  • AG Schneiderman brought the lawsuit in 2012, alleging that Sprint knowingly failed to collect more than $100 million in New York sales taxes for sales of mobile telephone services. The lawsuit alleged that Sprint knowingly did not collect taxes as part of a strategy to make its overall prices more competitive when compared to other service providers that charged the state taxes. AG Schneiderman is seeking $300 million in damages and penalties.
  • Sprint argued that the New York False Claims Act should not apply to service fees based on interstate calls as these were governed by the federal Mobile Telecommunications Sourcing Act. Sprint also argued that the New York law, which was passed in 2010, could not be applied retroactively to taxes not collected prior. The Court of Appeals rejected both arguments.

State and Local Governments Reach Agreement With Package Delivery Company

  • Fourteen states, Chicago, New York City, and the District of Columbia all reached an agreement with United Parcel Service, Inc. (UPS) resolving allegations that the world’s largest package deliverer violated various false claims acts by overcharging the governments for next-day and overnight deliveries.
  • The government intervenors alleged that UPS employees entered false delivery times for packages sent to government customers, indicating that the package had arrived on time to qualify as next-day when in fact it had arrived late; they also alleged UPS employees entered inappropriate exception codes (e.g., claiming adverse weather conditions despite sunny weather) to excuse late packages. UPS’s actions prevented the government customers from claiming refunds for the late deliveries.
  • The Settlement Agreement requires UPS to pay $4 million to be distributed among the government intervenors accordingly. UPS must institute programs to improve training, monitoring, and reporting regarding delivery failures and policy violations.

Financial Industry

French Bank Settles With Cadre of Regulators Over Sanctioned Transactions

  • The DOJ has reached a forfeiture and deferred prosecution agreement with Crédit Agricole Corporate and Investment Bank (CACIB) to resolve allegations that the French bank violated U.S. sanctions laws, and New York banking transparency and record-keeping laws, by facilitating and then hiding financial transactions on behalf of entities in Cuba, Iran, and Sudan. CACIB also reached agreements with the U.S. Treasury Office of Foreign Assets Control, the Federal Reserve Board of Governors, the Manhattan District Attorney’s Office, and the New York Department of Financial Services (NYDFS).
  • The federal and state regulators had alleged that CACIB, through its foreign subsidiaries and affiliates, omitted and changed information in various wire transactions to mask the fact that the bank was facilitating payments on behalf of sanctioned entities. The NYDFS specifically alleged that CACIB’s Geneva branch created special processing methods (e.g., “Sudanese U-turn”) to hide the sanctioned transactions as they passed through the New York branch.
  • The bank is required to pay combined penalties of $787 million: the NYDFS came down particularly hard with $385 million in civil penalties and the requirement that the bank fire certain employees involved; the Federal Reserve will take $90 million; the Manhattan District Attorney’s Office will receive $156 million, and $156 million will go to the U.S. Attorney’s Office for the District of Columbia.

State AGs in the News

Posted in Consumer Financial Protection Bureau, Data Privacy, Environment, False Claims Act, Securities, State AGs in the News

Consumer Financial Protection Bureau

CFPB Continues to Scrutinize Student Loan Servicers

  • The Consumer Financial Protection Bureau (CFPB) is allegedly investigating Wells Fargo & Co. over its student loan servicing practices. The exact issue with Wells Fargo remains undisclosed, and the bank transferred the servicing of its federal student loan portfolio to third parties in 2011. It does, however, remain the second largest servicer of private student loans by volume.
  • The CFPB is showing increased interest in student loan servicing. In July, the CFPB brought its first enforcement action against a servicer, alleging that Discover Bank violated the Consumer Financial Protection Act and the Fair Debt Collection Practices Act when it overstated the minimum amount to be paid and failed to inform borrowers of their rights. In addition, the CFPB continues to investigate Navient Solutions, Inc., the largest student loan servicer.
  • The CFPB has recently issued a thorough report explaining the problems facing the industry, and entered into a Joint Statement of Principles with the Departments of Treasury and Education. Some of the issues highlighted there include loan servicers’ actions that contribute to borrower delays and defaults through mismanaged payments and paperwork, as well as loan modifications that put distressed borrowers into improper repayment programs.

Data Privacy

Federal Appeals Court Rules Video Privacy Protection Act Does Not Apply to Free Mobile Apps

  • In Ellis v. The Cartoon Network, Inc., the U.S. Court of Appeals for the Eleventh Circuit has ruled that the privacy requirements of the Video Privacy Protection Act (VPPA) do not apply to mobile apps that offer downloaded or streaming video free of charge.
  • The VPPA was originally designed to protect consumers from having their video tape rental history made public, yet in recent years, it has also been applied to streaming video websites and apps. Because the VPPA generally prohibits a company providing videos from knowingly disclosing to a third party “personally identifiable information concerning any consumer,” Ellis sued the Cartoon Network when it provided his smart phone identification number and his video viewing records to a third-party data analytics company.
  • The court based its ruling on the determination of who is a “subscriber” under the VPPA. Although it did not entirely rule out the possibility of a free subscription, it indicated that in order to come under the VPPA, there must be some form of “commitment, relationship, or association” between the app and the user beyond simply downloading the app. The court hinted that a consumer who creates a login account, and thereby provides some form of personally identifiable information, might fall under the term “subscriber.”


Flooring Maker Pleads Guilty to Violation of Conservation Law

  • Lumber Liquidators has agreed to plead guilty to U.S. Department of Justice (DOJ) charges that the hardwood flooring manufacturer violated the Lacey Act. The DOJ accused the company of failing to properly investigate whether its foreign suppliers harvested timber in excess of what their permits allowed from protected areas in foreign jurisdictions, and importing products made from this timber under false designations of origin.
  • The company has issued a statement that it fully cooperated with federal authorities and is continuing to make significant enhancements to its sourcing and compliance practices. It also indicated that it will continue to cooperate with other agencies, including the Consumer Product Safety Commission, California Air Resource Board, U.S. Securities and Exchange Commission, and U.S. Attorney’s Office for the Eastern District of Virginia, regarding the ongoing legal proceedings stemming from allegations that its products contained toxic levels of formaldehyde.
  • In addition to a $7.8 million fine, and a forfeiture payment of $969,175 paid to the federal government, Lumber Liquidators agreed to make contributions to the National Fish and Wildlife Foundation ($880,825) and the Rhinoceros and Tiger Conservation fund ($350,000). It will also implement an Environmental Compliance Plan and pay $3.2 million in lieu of a civil forfeiture for yet unsold product implicated by the violations.

False Claims

Waste Disposer Comes Clean in False Claims Settlement

  • Stericycle, Inc. reached a settlement to resolve a 2008 qui tam lawsuit filed in the Northern District of Illinois by a whistleblower who was a former employee of the company. The lawsuit alleged that the medical waste disposal company charged unjustified fuel and energy surcharges to its government customers. There were no government intervenors in the action.
  • The case centered on whether Stericycle violated state and federal false claims acts when it allegedly added “fuel and energy” surcharges to each bill (increasing 18 percent every nine months) without disclosing that such charges bore no relationship toward Stericycle’s actual costs vis-à-vis each government customer. In addition, on some occasions, Stericycle allegedly billed government customers in advance of providing its services. Stericycle denied all allegations raised by the former employee and has indicated that it is settling “to avoid the delay, uncertainty, and expense of continued litigation.”
  • The settlement agreement requires Stericycle to pay $26.75 million divided among the state and federal governments, plus $1.75 million in attorneys’ fees. A separate Relator Share Agreement indicates how the settlement amount is to be distributed among the states, federal government, and relator.

Hospital Settles False Claims Litigation, Patients Keep Their Heads

  • West Chester Hospital and parent company, UC Health, reached an agreement with the DOJ to settle charges that the hospital committed violations of the False Claims Act by billing Medicare and Medicaid for hospital charges related to medically unnecessary spine surgeries.
  • The claims against the hospital are connected to a previous criminal case against Dr. Abubakar Atiq Durrani, a surgeon with admitting privileges at West Chester. Dr. Durrani was arrested in 2013 for allegedly performing medically unnecessary spine surgeries, in some cases after falsely telling the patient that she or he was at risk of grave injuries without surgery (e.g., the patient’s head would fall off if the patient was in a car accident because there was almost nothing attaching it). Dr. Durrani fled the U.S. after arraignment and remains a fugitive.
  • The hospital agreed to pay $4.1 million to settle all claims. The settlement resolves a lawsuit filed by former patients of Durrani who as whistleblowers under the federal law will receive approximately $800,000 as a group.

Financial Industry

NY DFS Issues Guidance for Banks Using Encrypted Messaging Services

  • The New York Department of Financial Services (DFS) recently concluded agreements with five major banks under its regulation regarding the use of a specific end-to-end encrypted communication platform, and has now issued guidance to any DFS-regulated entity that is considering the use of such encrypted technology.
  • The agreements and guidance specifically address Symphony Communication Services, LLC (“Symphony”), which began in September to offer a chat and messaging platform for financial services companies that guarantees unbreakable encryption and data deletion. The guidance would presumably apply to other similar platforms.
  • The guidance indicates that banks and other regulated entities cannot use encryption to avoid regulatory compliance. DFS indicates that regulated entities should conform their use of such platforms to require the service provider to maintain copies of all communications sent through the platform for at least seven years. In addition, the regulated entity must store a copy of the relevant decryption keys with an independent custodian (i.e., not controlled by the entity) and must inform DFS of the location of the stored decryption keys.


SEC Goes After Issuer of Structured Notes

  • The Securities and Exchange Commission (SEC) accepted an Offer of Settlement from UBS AG, resolving allegations that the Swiss bank made false or misleading statements and omissions in its offering materials used in the marketing and sale of structured notes to retail investors.
  • UBS represented the notes as being a transparent way to invest in an underlying currency trading strategy calculated using market prices. However, as outlined in the Order, the SEC found that UBS erred in three ways regarding its disclosures to retail investors: first, UBS did not disclose that it added markups for facilitating hedging transactions; second, it also added undisclosed internal spreads to hedge transactions; finally it traded its investors’ positions shortly before its own, potentially market-moving, internal hedging transactions. The SEC indicated that these undisclosed actions caused investors’ returns to be less than the expected return based on the strategy described by UBS.
  • The settlement, touted by the SEC as its first involving “misstatements and omissions by a structured notes issuer,” requires UBS to pay $11.5 million in disgorgement and prejudgment interest ($5.5 million to investors, $6 million to the SEC) and $8 million in civil penalties to the SEC.

State AGs in the News

Posted in Consumer Financial Protection Bureau, Data Privacy, Environment, Financial Industry, Health Care, Pharmaceuticals, Securities, State AGs in the News

Consumer Financial Protection Bureau

CFPB Continues Drive to Clean Up Auto Lending

  • The Consumer Financial Protection Bureau (CFPB) settled with Westlake Services, LLC and wholly-owned subsidiary Wilshire Consumer Credit, LLC (“Westlake”), resolving allegations that the indirect auto lender and title loan company violated the Consumer Financial Protection Act, the Fair Debt Collection Practices Act, and the Truth in Lending Act.
  • The CFPB alleged that Westlake deceived borrowers by using call spoofing technology to make borrowers think they were being called by repossession companies, investigation or enforcement divisions, flower delivery companies, and even the borrowers’ family and friends. The CFPB alleged that, in some cases, Westlake’s goal was to trick the borrower into making additional payments to avoid repossession and, in other cases, it was to discover the location of a vehicle so it could be repossessed. In addition, Westlake allegedly called borrowers’ employers, family, and friends and disclosed loan information.
  • The CFPB also alleged that Westlake marketed its services deceptively, in part by using the monthly rate and failing to disclose the annual percentage rate as required by law. Westlake also allegedly changed the terms of the loans without the borrowers’ permission, causing greater amounts of interest to accrue.
  • Under the Consent Order Westlake is required to provide $44.1 million to consumers in both cash relief and reductions in their balance. Westlake is also required to pay a civil penalty of $4.25 million to the CFPB, and to alter its advertising and loan servicing practices to comport with the law.

CFPB Takes First Step Toward Limiting the Use of Arbitration Clauses

  • The CFPB announced that it is considering proposals to exercise authority under Dodd-Frank to regulate the use of arbitration clauses in consumer financial products. The CFPB indicated that such action is needed to prevent companies from “sidestep[ing] the courts and avoid[ing] accountability for wrongdoing.”
  • Earlier this year, the CFPB completed a Congressionally-mandated study on the effect of arbitration clauses in financial products, concluding that the use of such clauses restricted consumers’ ability to obtain adequate relief when they have a dispute with financial service providers. Specifically, the CFPB concluded that most arbitration clauses found in contracts for consumer financial products like credit cards and bank accounts deny consumers the right to participate in class action lawsuits and arbitrations. The CFPB study also found that fewer than 25 percent of consumers surveyed knew they were subject to an arbitration clause in their contract, and fewer than 7 percent realized that the clauses restricted their ability to sue in court.
  • The CFPB indicated that it would not seek to ban arbitration clauses outright, but rather will push for clauses that expressly state that they do not apply to class action lawsuits “unless and until the class certification is denied by the court or the class claims are dismissed in court.” However, the CFPB has indicated that it will continue to seek advice, input, and recommendations from small business leaders as it drafts the final rule.

Consumer Protection

West Virginia AG Sues Volkswagen for Consumer Deception, Other States May Follow

  • West Virginia AG Patrick Morrisey filed a lawsuit against Volkswagen of America, Inc. arguing that the car maker violated the West Virginia Consumer Credit and Protection Act through advertising and marketing various models as utilizing “clean” diesel engines.
  • Paralleling claims made by the Environmental Protection Agency, AG Morrisey’s complaint alleges that Volkswagen engineered certain diesel vehicles to utilize emissions controls while the vehicle is being tested in order to appear compliant with U.S. standards, but then to suppress emissions controls while driving to increase performance and fuel economy. The lawsuit seeks civil penalties of $5,000 per violation, as well as costs related to the investigation and litigation.
  • Meanwhile, AGs from at least 30 other states have formed a multistate investigation into Volkswagen’s actions regarding its clean diesel claims, with AGs from New York and Illinois serving subpoenas on the carmaker.

Data Privacy

European Court of Justice Attacks Safe Harbor

  • The European Court of Justice (CJEU)—the highest court on issues of EU law—has ruled that a 2000 agreement between the European Commission and the U.S. Department of Commerce granting safe harbor for data transfers across the Atlantic failed to adequately protect the privacy rights of EU citizens. The CJEU decision was based in part on the fact that U.S. law allows the government “to have access on a generalized basis to the content of electronic communications,” which the CJEU felt “compromise[ed] the essence of the fundamental right to respect for private life.”
  • The safe harbor agreement created a streamlined protocol under which firms could transfer personal data from Europeans to the U.S. while maintaining legality under EU privacy law. The safe harbor agreement allowed firms to self-certify that they were in compliance with the requirements of EU privacy law. The safe harbor also provided a standard from which the Federal Trade Commission, the main U.S. authority on data security, could judge a company’s compliance efforts.
  • As some commentators have noted, the decision may have broad effects for companies looking to transfer data to the U.S., not only large tech companies like Facebook or Google, but any company that has international operations and the need to transfer employee or customer data. Without the safe harbor option, data exporters will need to execute standard contract clauses identified by the EU Data Protection Directive, or adopt binding company rules with specific reference to the data involved and the security precautions in place to ensure that it will be protected once transferred outside of the EU.
  • From the European perspective, the outcome is significant: transatlantic companies may need to compartmentalize data in the EU country where it is collected, and deny access without approval through diplomatic channels. As we have previously reported, Microsoft is battling with the Department of Justice over whether it must provide direct access to data stored on servers in Ireland in response to a U.S. subpoena.


Gulf States Get Final Settlement From Deepwater Oil Spill—BP on Hook for Record Civil Penalty

  • BP Exploration & Production Inc. reached an agreement to settle all remaining claims stemming from the 2010 Deepwater Horizon oil spill in the Gulf of Mexico.
  • As indicated in the Consent Decree containing the terms of the settlement, which is guaranteed by parent companies BP Corporation North America Inc. and BP P.L.C., BP will pay approximately $20.8 billion, including:
    • $8.1 billion to federal and state trustees for damages to natural resources, with $700 million set aside to address any natural resource conditions that are currently unknown and to assist in adaptive management needs.
    • $5.5 billion as a civil penalty for violating the U.S. Clean Water Act—the largest civil penalty in the history of environmental law.
    • $4.9 billion to the Gulf states (Alabama, Florida, Louisiana, Mississippi, and Texas), and an additional amount, up to $1 billion, to numerous local governments, to settle claims for economic damages caused by the spill.
  • The Consent Decree and the Damage Assessment and Restoration Plan are lodged at the U.S. District Court for the Eastern District of Louisiana, and will be available for public comment until December 4, 2015.


New York AG Probes Fantasy Sports for Insider Bets

  • New York AG Eric Schneiderman has initiated an investigation into daily fantasy sports betting site operators FanDuel Inc. and DraftKings Inc. in the wake of allegations that employees may have used nonpublic information to make wagers.
  • AG Schneiderman sent letters specifically seeking responses to questions, including how the websites store user-generated data, how that information is protected, and whether the companies have rules or policies regarding who can access or use that information. Among other things, the letters request information regarding an employee of DraftKings who allegedly won $350,000 by playing daily fantasy sports on rival FanDuel.
  • There is also a growing concern over the legality of daily online fantasy sports. The 2006 Unlawful Internet Gambling Enforcement Act contained a carve out for “fantasy sports,” but commentators wonder if that would be applicable to the form offered by the two sites. Senator Bob Menendez and Representative Frank Pallone have asked the Federal Trade Commission to weigh in on the discussion, and Rep. Pallone had previously requested a Congressional hearing on the issue of fantasy sports and sports betting.

SEC Settles With Drug Maker Over FCPA Allegations in China

  • The Securities and Exchange Commission (SEC) accepted Bristol-Myers Squibb’s (BMS) Offer of Settlement, resolving charges that the pharmaceutical maker violated the Foreign Corrupt Practices Act (FCPA) by offering cash payments and other benefits to health care providers at state-owned hospitals in China in exchange for increased sales of BMS’s prescription medications.
  • The SEC alleged that BMS failed to detect and prevent personnel at BMS’s joint venture in China from offering bribes. The SEC alleged that BMS did not properly investigate “red flags” indicating that improper payments were occurring, including claims made by former employees. It also claimed that BMS did not properly implement a formal FCPA compliance program, including violations of the Recordkeeping and Internal Controls Provisions of the FCPA.
  • BMS did not admit to the findings, but agreed to return $11.4 million in profits and to pay a civil penalty of $2.75 million to the SEC. In addition, BMS has implemented measures to enhance its ability to detect and prevent bribery, specifically in its expense claims that involve interaction with health care providers.