Q1 2019

This Quarterly Update highlights certain notable developments during Q1 2019 in consumer-facing areas of e-commerce, e-banking and blockchain. This update is particularly focused on consumer-level regulatory activities of the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC), but also addresses relevant developments from other governmental agencies and from the industry.

Topics covered in this Q1 2019 update:

Q1 2019 Topics in Detail:

1. Consumer Financial Protection Bureau (CFPB) Updates

1. The FTC and CFPB issued their annual report to Congress on the administration of the Fair Debt Collection Practices Act (FDCPA) focused on unlawful debt collection practices. In the report, the FTC states that it filed or resolved a total of seven cases against 52 defendants, and obtained more than $58.9 million in judgments. The FTC also banned 32 companies and individuals that engaged in serious and repeated law violations from ever working in debt collection again. The FTC returned $853,715 to consumers who lost money to two phantom debt collection operations previously stopped by the FTC.
   1. In the report, the CFPB states its intent to issue a Notice of Proposed Rulemaking on debt collection that will address issues ranging from communication practices to consumer disclosures. The CFPB highlights in the report that it handled approximately 81,500 debt collection complaints related to first-party (creditors collecting on their own debts) and third-party collections. The CFPB also states that collection is among the most prevalent topics of consumer complaints about financial products or services received by the CFPB.
   2. The FTC and the Bureau share enforcement responsibilities under the FDCPA. In February 2019, the Agencies reauthorized their memorandum of understanding (MOU) that continues coordination between the agencies in enforcement, sharing of supervisory information and consumer complaints, and collaboration on consumer education.

      The report and MOU can be found here: https://files.consumerfinance.gov/f/documents/cfpb_fdcpa_annual-report-congress_03-2019.pdf,
      https://www.ftc.gov/system/files/documents/cooperation_agreements/ftc-cfpb_mou_225_0.pdf.

2. The CFPB released its 18th edition of Supervisory Highlights, which focuses on automobile loan servicing, deposits, mortgage servicing, and remittances. This report covers supervision activities generally completed between June 2018 and November 2018 and includes examination findings. Under Dodd-Frank, CFPB is authorized to supervise banks and credit unions with more than $10 billion in assets, as well as certain nonbanks. A few highlights from the report:
   1. The CFPB continued to examine auto loan servicing activities, primarily to assess whether servicers have engaged in unfair, deceptive, or abusive acts or practices (UDAAPs) prohibited by the Consumer Financial Protection Act of 2010 (CFPA). Recent auto loan servicing examinations identified unfair acts or practices related to collecting incorrectly calculated deficiency balances. Recent examinations have also identified deceptive acts or practices related to representations on deficiency balance notices.
   2. The CFPB continued to examine mortgage servicers, including servicers of manufactured home loans and reverse mortgage loans. Recent examinations identified unfair acts or practices for charging consumers unauthorized amounts, deceptive acts or practices for misrepresenting aspects of private mortgage insurance cancellation, violation(s) of Regulation X loss mitigation requirements, and potentially misleading statements to successors-in-interest on reverse mortgages. Regulation X requires servicers to exercise "reasonable diligence" in obtaining documents and information to complete a loss mitigation application, which may include promptly contacting the applicant to obtain the missing information; or, if the servicer has offered a short-term payment forbearance program based upon an evaluation of an incomplete application, actions like notifying the borrower about the option to complete the application to receive a full evaluation.
   3. The CFPB also continued to examine banks and nonbanks for compliance with Regulation E, Subpart B (Remittance Rule) and UDAAP. Examiners found that one or more supervised entities violated the error resolution provisions of the Remittance Rule by failing to refund fees and, as allowed by law, taxes, to consumers when remitted funds were made available to designated recipients later than the date of availability stated in the institution's remittance disclosures and the delay was not due to one of the four exceptions specified in the Rule. A remittance transfer provider's failure to make funds available to a designated recipient by the date of availability stated in the disclosures constitutes an error under the Remittance Rule, unless the delay was of the result of one of the four exceptions described in 12 CFR 1005.33(a)(1)(iv). Upon notice from a consumer of the delayed availability of funds, a remittance transfer provider must either refund the sender the amount of funds provided by the sender in connection with the remittance transfer which was not properly transmitted or the amount appropriate to resolve the error, or make available to the designated recipient the amount appropriate to resolve the error at no additional cost to the sender or the designated recipient.

      See more information at https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-18_032019.pdf.

2. Federal Trade Commission (FTC) Updates

1. Office Depot and a technical support vendor agreed to pay $35 million to settle FTC allegations. Office Depot and Support.com used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services from Office Depot and OfficeMax, Inc., which merged in 2013. The FTC alleged that Office Depot and its vendor Support.com configured the PC Health Check software to report that the scan had found malware symptoms or infections regardless of whether the computer was infected. After displaying the results of the scan, the program also displayed a "view recommendation" button with a detailed description of the tech services consumers were encouraged to purchase. The FTC's guidelines to other tech companies include the following:
   1. Even if a company is careful to substantiate its product claims, what about its service promises? Under Unfair or Deceptive Acts or Practices (UDAP), technical support and product service programs also need appropriate proof to back up consumer representations.
   2. Fear-mongering shouldn't be a sales strategy. When a company sends alarmist messages to a consumer, a consumer's understandable response is to reach for the wallet, especially when the warning is about complicated equipment that consumers are not in a position to repair them. For many consumers, computer security concerns fall into that category. The FTC is warning that it is unwise for companies to exploit consumer fears falsely for their own economic benefit.
   3. The FTC is asking companies to monitor employee feedback and to take employee concerns about internal business practices seriously. In the Office Depot case, the company ignored specific employee concerns that the software was incorrectly identifying virus infections on consumer computers. The FTC's message is that by responding to internal early warnings, tech companies may be able to prevent a more serious predicament.
   4. Additionally, we always advise tech companies and financial institutions to monitor their customer support complaints for common trends and systemic issues. If tech companies and financial institutions do not address those consumer complaints early, the FTC or CFPB may call next.

      See more information here: https://www.ftc.gov/news-events/blogs/business-blog/2019/03/office-depot-supportcom-pay-35-million-falsely-claiming-scan?utm_source=govdelivery and the original complaint here: https://www.ftc.gov/system/files/documents/cases/office_depot_complaint_3-27-19.pdf.

2. In March 2019, the FTC issued its 2018 Annual Highlights publication outlining some of its regulatory activities in 2018. On the consumer protection front, the FTC and the DOJ obtained a $125 million settlement with MoneyGram for not addressing fraud sufficiently to avoid scams impacting people who wired money through MoneyGram. Other major enforcement actions that resulted in large fines focused on payday lending, background screening, children's privacy, video social networking, advertising, the first violation of the Consumer Review Fairness Act, and charities that falsely claimed to help veterans. The figure below shows a detailed view of the FTC's enforcement activities in the consumer protection space.
   

   The full report is available here: https://www.ftc.gov/system/files/documents/reports/annual-highlights-2018/2018_annual_highlights_report.pdf.

3. Testifying before a House Oversight and Reform Subcommittee, the FTC described its role in overseeing the data security practices of Consumer Reporting Agencies (CRAs) on March 26, 2019. A few highlights from the testimony delivered by Bureau of Consumer Protection Director Andrew Smith:
   1. The FTC has been focused on enforcing UDAP and the Fair Credit Reporting Act (FCRA), and the FTC's Safeguards Rule since 2001;
   2. The FTC seeks to obtain civil penalty authority for violations of the Gramm-Leach-Bliley (GLB) Act, whose Safeguards Rule requires some non-bank financial institutions, including CRAs, to safeguard nonpublic personal information. The FTC believes that the Safeguards Rule would give the FTC a practical enforcement tool that would benefit consumers.
   3. The FTC would like to see Congress pass additional data security legislation to provide the Agency additional tools such as civil penalty authority, jurisdiction over common carriers and non-profits, and targeted rulemaking authority under the Administrative Procedure Act, the testimony explains.
   4. The FTC continues to engage with the industry and consumers closely by providing businesses with guidance on emerging cybersecurity threats, helping businesses protect the data in their care and understand what practices may violate applicable laws, and educating consumers on data security (e.g., tax identity theft, phishing scams, tips on buying internet-connected smart toys, and the aftermath of data breaches).

      The full report is available at https://www.ftc.gov/system/files/documents/public_statements/
      1508935/p180101_ftc_testimony_re_oversight_house_12262019.pdf.

4. The FTC seeks to examine the privacy and data management practices of broadband providers. On March 26, 2019, the FTC issued orders requesting information from seven U.S. internet broadband providers and related entities to examine how broadband companies collect, retain, use, and disclose information about consumers and their devices. The orders were sent to: AT&T Inc., AT&T Mobility LLC, Comcast Cable Communications doing business as Xfinity, Google Fiber Inc., T-Mobile US Inc., Verizon Communications Inc., and Cellco Partnership doing business as Verizon Wireless. The information sought by the FTC is comprehensive and deserves some thought because these requests may be a template for future similar orders addressed at other industry segments, including omnicommerce, e-banking, wireless and wireline telecommunications, SaaS and cloud providers. The information requested by the FTC includes the following:
   1. Any program or service that collects, transmits, receives, stores, maintains, uses, or discloses personal information about consumers
   2. Ad services, including whether the ad services rely on information about users and their devices from third parties
   3. Categories of personal information collected about consumers or their devices, together with purposes, use cases, collection techniques, and sources
   4. how personal information is combined with other types of information about consumers and their devices
   5. Data retention programs
   6. Disclosure of personal data to third parties
   7. Practices around anonymized data
   8. Consumer notices and disclosures
   9. Consumer consents
   10. Consumer access and correction of personal data

       The order template is available at https://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-examine-privacy-practices-broadband-providers/isp_privacy_model_order.pdf?utm_source=govdelivery.

5. FTC case against a sweepstakes scam highlights broad international collaboration among regulators. In a settlement with the operators of the sweepstakes scam, the FTC is collecting $30 million in cash and assets, and the operators will be permanently banned from the prize promotion business.
   1. The settlement with the FTC and the state of Missouri requires the defendants to turn over more than $21 million in cash, as well as two luxury vacation homes, a yacht, a Bentley automobile, and other personal property. The case represents the largest forfeiture the FTC has ever obtained in a case against a sweepstakes scam, and the proceeds will be used to refund money to victims.
   2. The complaint charged certain individuals and corporations under their control with sending tens of millions of deceptive personalized mailers to consumers around the world since 2013. The defendants' mailers falsely told recipients they had won or were likely to win a substantial cash prize, as much as $2 million, in exchange for a fee ranging from $9.00 to $139.99. Some of the defendants' mailers included notices, such as "Congratulations, You Have Just Won $1,230,946.00." Other mailers invited recipients to play "games of skill," without clearly and conspicuously disclosing the total fees that the recipient would have to pay to play, or that the final round of the game involved a complex mathematical puzzle that few people, if any, could solve. Many consumers, including seniors, paid the defendants several times before realizing they had been scammed.
   3. The FTC received assistance from the U.K. National Trading Standards Scams Team, the U.S. Postal Inspection Service, the Canadian Anti-Fraud Centre, the Better Business Bureau of Greater Kansas City, the Kansas Attorney General's Office, and the Utah Attorney General's Office. To facilitate cooperation with the U.K. National Trading Standards Scams Team, the FTC relied on key provisions of the U.S. SAFE WEB Act, which allows the FTC to share information with foreign counterparts to combat deceptive and unfair practices that cross national borders. This highlights the broad international regulatory footprint of U.S. agencies and the close collaboration between agencies focused on consumer protection across international borders.

      The Stipulated Order is available here: https://www.ftc.gov/system/files/documents/cases/172_3133_next-gen_stipulated_order_3-7-19.pdf.

3. Electronic Banking (E-Banking)

1. U.S. banks with large consumer finance practices pass Dodd-Frank Stress Test by federal regulators with high marks. As another indicator that the financial industry is on solid footing after the structural regulatory reforms implemented over the past 10-plus years, the Federal Reserve Board and the Federal Deposit Insurance Corporation completed an evaluation of the 2017 resolution plans for 14 domestic banking organizations that have significant consumer-level activities without identifying any deficiencies or shortcomings. Resolution plans, known as "living wills," must describe a firm's strategy for rapid and orderly resolution under bankruptcy in the event of material financial distress or failure of the firm. Resolution plans are a requirement implemented by the Dodd-Frank Act. The banks evaluated included Ally Financial Inc., American Express Company, Capital One Financial Corporation, Discover Financial Services, Fifth Third Bancorp, KeyCorp, and U.S. Bancorp.
   1. But when evaluating the consumer lending segment, note also new consumer lending data released by the Federal Reserve Bank of New York in February 2019, which notes that the overall performance of auto loans has been slowly worsening, despite an increasing share of prime loans in the stock. The percent of auto loans that are in serious delinquency (90+ days delinquent) in the fourth quarter of 2018 increased to 2.4 percent, substantially above the low of 1.5 percent seen in 2012. And while overall delinquency rates remain below 2010 peak levels, there were over seven million Americans with auto loans that were 90 or more days delinquent at the end of 2018. This is a historical record, more than a million above the level reached at the end of 2010.

      More information about the federal Dodd-Frank Stress Test results is available here: https://www.fdic.gov/news/news/press/2019/pr19027.html?source=govdelivery&utm_medium=email&utm_source=govdelivery.

      Lending data released by the Federal Reserve Bank of New York is available here: https://libertystreeteconomics.newyorkfed.org/2019/02/just-released-auto-loans-in-high-gear.html.

2. Updated information about the methodology and models for the federal Dodd-Frank Act Stress Test (DFAST) program. On March 28, 2019, the Federal Reserve Board (FRB) released a document providing additional information on its stress testing program, which will be helpful to financial institutions as they assess and refine their compliance programs. The FRB carries out its supervisory stress test program pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act), as amended by the Economic Growth, Regulatory Relief, and Consumer Protection Act, as well as the FRB's rules. The supervisory stress test serves to inform the FRB, firms, and the general public of how firms' capital ratios might change under a hypothetical set of stressful economic conditions developed by the FRB. This release followed an announcement in February that the FRB had finalized changes intended to increase the transparency of its stress tests without compromising its ability to test the resiliency of the nation's largest banks.
   1. Stress tests ensure that banks have adequate capital to absorb losses and retain their ability to lend to households and businesses even in a severe recession. The Dodd-Frank Act Stress Test (DFAST) is one component of the FRB's stress testing program, along with the Comprehensive Capital Analysis and Review (CCAR), which evaluates the capital planning processes and capital adequacy of the largest bank holding companies. The FRB's release is a comprehensive analysis covering the following topics:
   2. FRB's approach to supervisory model development and validation, which provides an overview of the general approach to supervisory model development and validation in stress testing
   3. Overview of modeling framework, which summarizes the supervisory modeling framework and methodology employed by the FRB
   4. Descriptions of supervisory models, which address various FRB supervisory stress test models
   5. Modeled loss rates, which contain additional disclosures for certain material portfolios, including modeled loss rates on pools of loans and loss rates associated with portfolios of hypothetical loans
   6. A comprehensive list of supervisory model changes effective in DFAST 2019.

      See the full report at https://www.federalreserve.gov/publications/files/2019-march-supervisory-stress-test-methodology.pdf.

4. Electronic Commerce (E-Commerce) and Data Monetization

1. Data monetization in omnicommerce and banking. During the past five-plus years, the convergence of web technology, mobile apps, and cloud platforms with large data processing and storage capabilities have enabled fast scaling of B2C business models. In turn, large scale, consumer-facing platforms have enabled real-time collection of consumer data, including commercial transactions, lifestyle, and biometric data. In the e-commerce space in particular, consumer transactional data has become a key driver of revenue and business models, including product placement and recommendations, advertising, loyalty programs, and Data-as-a-Service (DaaS) feeds. A report published by Sonecon LLC and sponsored by Future Majority looked at the consumer data industry and business models, and estimated a number of metrics. Here are a few notable highlights:
   1. The value of personal data used in U.S. digital advertising in 2018 was around $57.7 billion and is growing fast.
   2. To estimate the value of personal data, the authors of the study relied on a 2018 study that analyzed data from AdChoices, and which found that the cost of ads not based on personal data was 52 percent lower than the cost of comparable ads informed by personal data.
   3. The study identified six top companies involved in data monetization in the advertising space, and together they accounted for around 70 percent of the total digital advertising revenue in the U.S. surveyed by the study.
   4. The value of personal data in the advertising space grew significantly between 2016 and 2018. Among the companies identified above, Amazon's data business grew the fastest (311.6 percent).
   5. It is interesting to note that the "Other" segment tracked by the study showed a growth rate of 55.7 percent, which is higher than the growth rate of many top brand names involved in data monetization, and this confirms that data monetization is now underpinning a wide range of business models across the whole B2C space, with many companies involved in data collection, management, security, compliance, and monetization.
   6. The value of the personal information sold by data brokers was around $14.8 billion, and is growing slower than the digital advertising monetization segment.
   This study confirms that data monetization is a major driver of economic activity across most sectors of the digital economy. In fact, while already impressive, the figures shown in the study probably vastly understate the total value of consumer data: beyond the value reflected directly in advertising revenue, data monetization permeates most aspects of many successful business models in e-commerce and e-banking, including loyalty programs, cross-selling of products and services and cross-referral relationships, behavioral sales targeting, and customer retention and revenue churn management.

   See the full study here: https://assets.futuremajority.org/uploads/report-for-future-majority-on-the-value-of-people-s-personal-data-shapiro-aneja-march-8-2019.pdf.

2. The CFTC knows the value of data. Also, it is about to get easier for the industry to work with the CFTC. On March 6, 2019, CFTC Chairman J. Christopher Giancarlo spoke at the 4th Annual DC Blockchain Summit. Chairman Giancarlo focused on the current technological innovation in the Financial space and summarized the CFTC's approach to fintech innovation and modern market regulation through four fundamental principles: 1) Adopting an exponential growth mindset, 2) Creating an internal fintech stakeholder, 3) Becoming a quantitative regulator, and 4) Embracing market-based solutions. A few key takeaways:
   1. This is a good time for the industry to engage with the CFTC and drive technology and business models in predictable and sustainable directions. Chairman Giancarlo's remarks suggest that the CFTC seeks to engage with the industry and learn where the industry is pushing the envelope, but has been unable to engage directly in R&D and commercial projects with the industry given regulatory holdbacks. According to Chairman Giancarlo, "… CFTC lacks the legal authority to partner and collaborate with outside entities engaging directly with FinTech and innovation within a research and testing environment, including when the CFTC receives something of value absent a formal procurement." But legislation introduced in last Congress by Representative Austin Scott (R-GA Eighth District) would provide such authority. Commercial enterprises should soon be able to engage directly with the CFTC's internal fintech stakeholder, the LabCFTC, to learn, educate, and help shape the future of regulatory oversight.
   2. It's all about the data. During the past few years, the e-commerce and e-banking industries have increasingly focused on data as an enabler of growth and profit generator. The CFPB clearly understands the value of data and seeks to become a "Quantitative Regulator" by engaging in "robust data collection, automated data analytics, and artificial intelligence deployment." This creates unique opportunities for companies focusing on data, data analytics and data management, including blockchain and conventional database platforms. Someone at the CFTC may want to talk to you if your company can help the CFTC with market intelligence, trade surveillance and oversight, and calibration of policy prescriptions. In the end, the CFTC's goals will be to conduct independent market data analysis across disparate data sources, be less reliant on delegation to SROs and major market intermediaries, and access in real time information found in decentralized, economic blockchains and networks.

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.

5. Blockchain, Cryptocurrencies, and Cryptographic Tokens

1. Blockchain spending is expected to increase worldwide from around $2.1 billion in 2018 to $9.7 billion in 2021, led by the financial sector and banking industry, according to a report issued by the International Data Corporation (IDC) on March 4, 2019.
   1. Blockchain spending will be led by the financial sector ($754 million in 2018), driven largely by rapid adoption in the banking industry. The distribution and services sector ($510 million in 2018) will see strong investments from the retail and professional services industries, while the manufacturing and resources sector ($448 million in 2018) will be driven by the discrete and process manufacturing industries. In the U.S., the distribution and services sector will see the largest blockchain investments.
   2. Within the financial sector, regulatory compliance, cross-border payments and settlements, custody and asset tracking, and trade finance and post-trade/transaction settlements are expected to be the leading blockchain use cases. In the distribution and services sector and the manufacturing and resources sectors, the leading use cases include asset/goods management and lot lineage/provenance.

      Please see more details from the IDC at https://www.idc.com/getdoc.jsp?containerId=prUS44898819.

2. Blockchain data availability could help U.S. regulators manage better the next financial crisis better.
   1. On March 6, 2019, CFTC Chairman J. Christopher Giancarlo spoke at the 4th Annual DC Blockchain Summit and noted that he was serving as a senior executive of one of the world's major trading platforms for credit default swaps (CDS) in the fall of 2008, when the financial collapse occurred. Chairman Giancarlo was at the epicenter of systemic risk, and according to him, "Panic was in the air and tension was on our broking floor trying to maintain orderly markets. I remember a call from a U.S. bank regulator asking about CDS trading exposure of several major banks, including Lehman Brothers. In fact, trading conditions were deteriorating by the hour. It was clear that the regulator had little means, short of telephone calls, to read all the danger signals that the CDS markets were broadcasting."
   2. Chairman Giancarlo thinks that the transparency and real-time data access made possible by blockchain could have helped manage the financial crisis better: "[I]imagine what a difference it would have made a decade ago on the eve of the financial crisis if regulators had access to the real-time trading ledgers of large Wall Street banks, rather than trying to assemble piecemeal data to recreate complex, individual trading portfolios."..."Imagine if, instead of having to call around to brokerage firms like mine searching for market information, prudential regulators had access then to a 'golden record' of the real-time ledgers of all regulated trading participants."..."In short, what a difference it would have made a decade ago if [b]lockchain technology had been the informational foundation of Wall Street's derivatives exposures. At a minimum, it would certainly have allowed for far prompter, better-informed, and more calibrated regulatory intervention instead of the disorganized response that unfortunately ensued."

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.

3. Is the bitcoin price volatility decreasing? Allegations of bitcoin price manipulation are not new and have been under investigation by regulatory agencies, and a recent presentation made by Bitwise Asset Management to the U.S. Securities and Exchange Commission (SEC) on March 19, 2019 further suggested that a vast majority of the daily bitcoin reported trading volume is fake and/or non-economic wash trading. Nevertheless, a recent speech from the CFTC makes a strong argument that the price volatility of bitcoin may decrease as regulated trading in bitcoin futures appears to become a driver for bitcoin pricing.
   1. A speech from Chairman Giancarlo on March 6, 2019 pointed out a correlation between the price of bitcoin and the launch of regulated bitcoin futures. After allowing the launch of bitcoin futures incorporating certain risk mitigating elements (e.g., higher margin requirements and contract sizes), Chairman Giancarlo noted that the price of bitcoin was reduced from around $19,000 to less than $10,000 within months. Seeking an explanation for that correlation, Chairman Giancarlo referenced a 2018 economic letter from the Federal Reserve Bank of San Francisco which advanced the following possible answer: "perhaps… futures allowed for the first accessible way to speculate against the price of the asset." According to Chairman Giancarlo, "markets allow actors to meet and reach price equilibrium on the value of an asset and/or transfer risk. In the case of [b]itcoin, I would posit that the decrease in prices has helped end a speculative bubble and perhaps allow this novel technology and asset class quieter time to continue to develop from a technological and adoption sense."
   2. While Bitwise's analysis showing that the price of bitcoin is actively manipulated may be true, we also note Chairman Giancarlo's confidence that risk transfer markets driven by sophisticated institutional investors can make informed assessments regarding the value of bitcoin and the need to offset price or volatility risk. Consequently, we could expect that such investors are indeed sufficiently sophisticated to assess the current and future expected price impact of market manipulation, and therefore the price of bitcoin should self-correct better than in the past to reach more rational equilibriums. It is impossible to know where the price of bitcoin and other cryptocurrencies are going next, but the bitcoin futures market coupled with Chairman Giancarlo's confidence in the efficiency of markets suggest that we should see less price volatility in the absence of material factors that are not anticipated by sophisticated traders of futures.

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.