CFPB Warns Digital Marketers, Loops In State AGs

By Jacob D. Alderdice and Michael W. Ross

In a recent interpretive rule announced on August 10, 2022,—and unveiled at a summit of the National Association of Attorneys General—the CFPB stated that digital marketers are subject to the CFPB’s jurisdiction, and expressly warned that it may take enforcement action against these entities. Such enforcement is likely to concern anti-discrimination provisions, and the new rule notes that State Attorneys General have jurisdiction to enforce these rules as well.

Prior to the CFPB’s August 10 rule, digital marketers—companies that market to consumers through social media, websites, and other online and digital channels—may have considered themselves outside the reach of the Consumer Financial Protection Act of 2010 (CFPA), which provides that an entity is not a covered “service provider” if it provides “time or space” for an advertisement for a consumer financial product or service through print, television, or electronic media.

In its new interpretive rule, however, the CFPB announced that it believes digital marketers are not exempt if they are “materially involved” in the development of a “content strategy” for the marketing of financial products, and thus are covered service providers under the CFPA. The CFPB noted the evolution of modern digital ad targeting, describing how instead of just providing a forum for an ad, digital marketers are increasingly involved in the selection of prospective customers or the placement of content to affect consumer behavior, often based on the gathering of consumer data. Whereas the former practices would not be covered, the CFPB contends that the latter are more similar to conduct that would typically be performed by persons covered by the CFPA. The rule singled out practices such as lead generation, customer acquisition, and other marketing analysis or strategy using data and technology, as amounting to “material” involvement and thus covered behavior.

The new rule is a signal that the CFPB will be increasing enforcement in this area. In its accompanying press release, it described the new rule as a “warning” to digital marketing providers, and CFPB Director Rohit Chopra stated, “When Big Tech firms use sophisticated behavioral targeting techniques to market financial products, they must adhere to federal consumer protection laws. . . . Federal and state law enforcers can and should hold these firms accountable if they break the law.” In his remarks at the rule’s unveiling, Chopra also encouraged state attorneys general to pursue claims under the Consumer Financial Protection Act for any misconduct involving consumer financial products or services, including as to digital marketers.

The rule’s reference to “state law enforcers” is notable. The rule was first unveiled by Director Chopra during a summit of the National Association of Attorneys General, on consumer protection in the digital world. In his prepared remarks, Chopra emphasized the “role of state enforcers in policing unlawful conduct at the intersection of consumer finance and digital marketing.” The interpretive rule notes state AG jurisdiction, and the CFPB has stated previously that state enforcement authorities also have jurisdiction to enforce the CFPA.

Substantively, a stated purpose of this effort by the CFPB is to address discrimination, which the CFPB has raised as a concern with regard to AI and machine learning. The new rule warns that the UDAAP provision (unfair, deceptive and abusive acts/practices) will be used to combat the use of protected characteristics to make marketing decisions (i.e. digital redlining).

The CFPB has taken other actions directed towards discrimination more broadly. It recently updated its Examination Manual to include discrimination as a part of UDAAP, and the agency is currently litigating the reach of ECOA (Equal Credit Opportunity Act) to digital marketing. In July 2019, we publicly highlighted the use of UDAAP and similar authority as a basis for enforcement actions alleging discrimination in the use of digital tools. 

Companies involved in digital marketing should review the new interpretive guidance carefully, re-review their practices to consider whether they may be potentially subject to enforcement action at the state or federal level, and be on the lookout for any potential challenges to the new rule.

California Attorney General Sends “Strong Message” in Fining Sephora $1.2 Million for CCPA Violations and Announces “New Investigative Sweep”

By: Madeleine V. Findley and Effiong K. Dampha

On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora Inc. (Sephora), the first public enforcement action under the California Consumer Privacy Act (CCPA).[1] The settlement resolved allegations that Sephora failed to disclose it was selling consumers’ personal information, failed to honor opt-out requests from user-enabled global privacy controls, and failed to cure these violations within 30 days, as required by CCPA. The settlement is part of “an enforcement sweep” of online retailers and their use of third-party tracking software on websites and mobile apps. The Attorney General simultaneously announced a new “investigative sweep” focused on whether businesses are complying with opt-out requests from user-enabled global privacy controls. Attorney General Bonta underscored his commitment to “robust enforcement” of California’s privacy law, stating “My office is watching, and we will hold you accountable.”[2] 

Sephora Settlement for Failure to Disclose Third-Party Tracking and Honor Opt-Out Requests

According to the Attorney General, Sephora allowed third-party companies to install cookies and other tracking software on its website and in its app that collected data about consumers, including the type of device a consumer used, the brand of cosmetic product the consumer placed in the shopping cart, and the consumer’s precise location. The Attorney General found this data sharing to be a sale of consumer information, and that Sephora had failed to notify consumers of the sale and offer an opt-out or to honor opt-out requests via global privacy controls.

The settlement required Sephora to pay $1.2 million in penalties and to: 

  1. clarify its online disclosures and privacy policy to state that it sells data, 
  2. provide opt out mechanisms, including via the Global Privacy Control, and
  3. conform its service provider agreements to the CCPA’s requirements. 

The agreement also required Sephora to provide status reports to the Attorney General on its progress on each of these obligations.[3] 

Notices of Non-Compliance with Global Privacy Controls

The Attorney General also announced a “new investigative sweep” focused on compliance with global privacy controls. As part of this “sweep,” the Attorney General sent notices of non-compliance on August 24 to over a dozen businesses relating to their alleged failure to process consumer opt-out requests made through user-enabled global privacy controls, such as the GPC. After quietly adding an FAQ about the GPC to the AG’s CCPA webpage in 2021 that the GPC “must be honored” as a request to opt out of the sale of personal information, the AG’s actions signal an increasingly aggressive enforcement approach. Businesses that receive a notice will have 30 days to cure their noncompliance—but this right to cure will expire when the California Privacy Rights Act becomes effective on January 1, 2023. The new round of notices makes clear that the Attorney General’s expectation that businesses will honor user-enabled global privacy controls.

Additional Case Examples

The Attorney General also updated the CCPA Enforcement Case Examples webpage for the first time since July 2021 with 13 new case summaries. These include failure to honor consumer opt out requests, failure to appropriately disclose financial incentives in loyalty programs, flaws in responding to consumer requests to access or delete personal information, and non-compliant privacy policies. The businesses involved ranged from telehealth providers to fintech to fitness chains.

In a press statement, Attorney General Bonta emphasized his view that the Sephora settlement would “send a strong message to businesses,” and noted “there are no more excuses” for not complying with CCPA. The settlement, case examples, and new round of notices reflect an increasingly robust focus on enforcing California privacy law, and pose additional compliance challenges as businesses prepare for the California Privacy Rights Act to take effect in 2023.

[1] Press Release, Cal. Dept. of Justice, Attorney General Bonta Announces Settlement with Sephora as Part of Ongoing Enforcement of California Consumer Privacy Act (Aug. 24, 2022), (AG Bonta Press Release)
[2] AG Bonta Press Release
[3] AG Bonta Press Release; California v. Sephora, Inc., Case No. CGC-22-601380 (Cal. Sup. Ct. Aug. 24, 2022), available at Judgment.pdf

Montera v. Premier Nutrition Corporation: A Case Study in Aggregate Statutory Damages

By: Alexander M. Smith, Jenna L. Conwisar, and Peter Welch

New York’s two principal consumer fraud statutes, N.Y. G.B.L. §§ 349 and 350, authorize statutory damages of $50 or $500 per violation respectively. In false advertising cases involving low-cost consumer products, these statutes pose the risk that defendants may face hundreds of millions—if not billions—of dollars in exposure if found liable at trial. And while N.Y. C.P.L.R. § 901(b) seeks to avert this result by prohibiting courts from awarding statutory damages in class actions, the Supreme Court has held that this is a “procedural” rule that does not preclude federal courts sitting in diversity from awarding statutory damages in class actions. See generally Shady Grove Orthopedic Assocs., P.A. v. Allstate Ins. Co., 559 U.S. 393 (2009). Since Shady Grove, plaintiffs have routinely used the threat of statutory damages under Sections 349 and 350 to bludgeon defendants into settling false advertising class actions before trial.

That threat materialized in July 2022, however, when a jury in the Northern District of California returned a verdict for the plaintiffs in a certified class action, Montera v. Premier Nutrition Corporation. Although the jury determined that the class had suffered less than $1.5 million in actual damages, the plaintiff nonetheless asserted that the class was entitled to over $91 million in statutory damages. In a result that will inevitably disappoint both plaintiffs and defendants, the Montera court awarded the class only $8.312 million in statutory damages—less than 10% of what the plaintiffs sought, but over five times the amount of actual damages.

In a critical victory for defendants, the court reduced the aggregate amount of statutory damages based on its finding that “the calculated amount of statutory damages . . . is ‘so severe and oppressive as to be wholly disproportioned to the offense and obviously unreasonable.’” ECF No. 293 (Damages Order) at 2 (quoting St. Louis I.M. & S. Ry. Co. v. Williams, 251 U.S. 63, 66–67 (1919)). In so holding, the court rejected the plaintiff’s assertions that aggregate statutory damages do not present due process concerns and that courts have no discretion to reduce an aggregate award of statutory damages. But other aspects of the court’s ruling—including its decision to calculate statutory damages on a per-product basis and its decision to award statutory damages well in excess of actual damages—illustrate that defendants continue to face a very real threat from aggregate statutory damages.


Montera is one of many cases in the Northern District of California challenging the advertising of a glucosamine supplement called “Joint Juice.” Although Premier claimed that Joint Juice was effective at reducing joint pain, the plaintiff alleged that Joint Juice does not relieve joint pain and is worthless. After certifying a class of California consumers in one of the related actions in 2016, the court certified a class of New York consumers in 2019—raising the possibility that these consumers would obtain aggregate statutory damages under Sections 349 and 350 if they prevailed at trial.

Prior to trial, the parties vigorously disputed how the court should address the plaintiff’s claims for statutory damages. The plaintiff argued that statutory damages should be awarded on a per-transaction basis (rather than a per-customer basis), that the class should receive separate awards of statutory damages under Sections 349 and 350, and that Premier should not be allowed to reference the possibility of statutory or enhanced damages to the jury. Premier, in turn, argued that statutory damages should be awarded on a per-customer basis (if at all) and that the class should receive only—at most—an award of $50 per customer under Section 349. Premier argued that these limitations were necessary to vindicate the intent of the New York legislature to forbid statutory damages in class actions and to avoid an unconstitutionally excessive award of statutory damages. Premier also argued that the court should allow it to inform the jury of the possibility of statutory damages, as it had a Seventh Amendment right to have the jury decide whether to award enhanced damages.

The court resolved both disputes in the plaintiff’s favor. It prohibited Premier from referencing statutory damages to the jury, and it rejected Premier’s argument that “the Seventh Amendment requires a jury determination as to statutory damages.” ECF No. 215, at 6. Because Sections 349 and 350 prescribe “specific statutory damages amounts, with no room for variation,” the court concluded that the amount of statutory damages presented a purely “legal question once the jury has determined the number of units sold and the amount of actual damages.” Id. And while the court left open the possibility that a due process inquiry “may be needed in cases in which the amount of statutory damages is immense in comparison to the actual damages,” the court nonetheless found that “the proper time to consider due process implications of the award of statutory damages is at the time of the . . . award.” Id. at 5 n.1. The court also agreed with the plaintiff that Sections 349 and 350 authorize statutory damages on a per-purchase basis, as opposed to a per-person basis. See ECF No. 180, at 10–14. The court acknowledged that there were cases supporting both sides’ reading of the statutes and admitted that this question “does not have a clear answer.” Id. at 14. But the court nonetheless found that the plaintiff’s position was “more compelling” and agreed that a “reading of [S]ections 349 and 350 that recognizes that a plaintiff experiences a violation each time the product is purchased is consistent with the text and intent of the statute.” Id.

After a lengthy jury trial, the jury found in the plaintiff’s favor and concluded that the labeling of Joint Juice was false and misleading. The jury then determined that the class had suffered $1,488,078.49 based on a total of 166,249 units of Joint Juice sold during the putative class period.

The Court’s Statutory Damages Award

Following the jury’s verdict, the plaintiff requested that the court award the class over $91 million in statutory damages—including $8,312,450 in statutory damages under Section 349 and $83,124,500 in statutory damages under Section 350. See ECF No. 273. In requesting this award, the plaintiff argued that Sections 349 and 350 make an award of statutory damages mandatory if they exceed the plaintiff’s actual damages (which they indisputably did here) and that an award of statutory damages did not offend the Due Process Clause.

Relying heavily on Bateman v. American Multi-Cinema, Inc., 623 F.3d 708 (9th Cir. 2013), the plaintiff argued that, in light of the New York Legislature’s judgment that an award of $50 or $500 was an appropriate amount of compensation, any “consideration of proportionality to actual harm [is] improper.” ECF No. 273, at 3. And even if the Due Process Clause requires a court to scrutinize the amount of a statutory damages award, the plaintiff argued that this inquiry is limited to “whether the penalty prescribed is so severe and oppressive as to be wholly disproportionate to the offense and obviously unreasonable.” Id. at 4 (quoting Williams, 251 U.S. at 66–67) (internal quotation marks omitted). In contrast, the plaintiff asserted, “whether statutory damages are proportional to actual damages does not matter to this analysis.” Id. In other words, “even where statutory damages are more than actual damages and sufficient enough to deter misconduct, due process is not violated where the aggregate statutory award simply reflects the number of violations multiplied by the statutory amount intended by Congress or the legislature.” Id. at *5. The plaintiff asserted that this result was consistent not only with Williams and Bateman, but with two recent Telephone Consumer Protection Act (TCPA) cases in which district courts awarded nine-figure aggregate statutory damages to a certified class and refused to reduce the awards on due process grounds. See id. at 5–6.

Premier responded that it was improper to award over $90 million in statutory damages when the jury found that the class had suffered less than $1.5 million in actual damages. Leaving aside the fact that awarding damages under both Section 349 and Section 350 would amount to an impermissible double recovery, Premier argued—relying heavily on Williams—that the aggregate statutory damages award violated the due process clause because it was wholly disproportional to the actual harm suffered by the class. It also argued that statutory damages of over $90 million were “so disproportionately large that they amount to de facto punitive damages, but awarded as a matter of strict liability, rather than for the egregious conduct typically necessary to support a punitive damages award.” ECF No. 280, at 1 (citation and internal quotation marks omitted). And Premier argued, as it had before, that these statutory damages were not consistent with the intent of the New York legislature—which rendered this case distinct from the TCPA cases in which courts had declined to reduce aggregate statutory damages because Congress knew that TCPA cases would be brought as class actions. Premier suggested that the statutory damages should be limited to $50 per class member, which it maintained was both the amount authorized by Section 349 and consistent with due process principles.

On August 12, the court largely sided with Premier and awarded statutory damages of only $8,312,450—exactly $50 per unit of Joint Juice sold. The court acknowledged that there was “little guidance” about how to apply Williams in cases seeking an award of statutory damages. Damages Order at 6. But the court found that there was “no question” that “a district court may evaluate whether the statutory damages in a case are ‘wholly disproportioned to the offense and obviously unreasonable,’” and it described this inquiry as “the crux for whether a reduction of statutory damages is appropriate.” Id. And while the court acknowledged that Shady Grove had held that New York’s prohibition on awarding statutory damages in class actions does not apply to federal courts sitting in diversity, it nonetheless found that the New York legislature’s “explicit concern about the punitive nature of aggregate statutory damages differentiates this case from others involving high awards of statutory damages”—such as a recent TCPA case, Wakefield v. ViSalus, Inc., in which the court had awarded over $900 million in statutory damages. Id. at 8.

The court also found that the New York legislature’s view that aggregate statutory damages create “immense punitive consequences” weighed in favor of evaluating an aggregate statutory damages award using the same framework that the Supreme Court had set out to evaluate the constitutionality of a punitive damages award. See Damages Order at 9–10. Under that framework, the court concluded that an aggregate statutory damages award of over $91 million was “grossly excessive.” 10. In so holding, the court noted that there was no evidence that “Joint Juice caused physical harm to any consumer,” emphasized that “the ratio of the statutory damages is immense as compared to the actual damages,” and found that awarding over $91 million in statutory damages “merely depending on the selection of a federal forum rings of arbitrariness.” Id. at 10–11. In light of these factors, the court reduced the statutory damages award to $8,312,450, which was equivalent to the $50 per unit permitted Section 349 and “approximately 5.59 times greater than the amount of actual damages.” Id. at 11–12.

Implications of the Court’s Decision

Both the plaintiff and Premier have indicated that they intend to appeal, and it is not clear whether the Ninth Circuit will agree with the court’s decision to reduce the statutory damages award. Nonetheless, the decision has significant implications for both plaintiffs and defendants in consumer class actions—if for no other reason than the scarcity of decisions awarding aggregate statutory damages under Sections 349 and 350.

On the one hand, the court’s reduction of statutory damages weakens the threat of astronomical statutory damages and reduces the leverage that Sections 349 and 350 give to plaintiffs seeking to exact hefty settlements. Even if damages of $50 per unit sold may face defendants with significant liability in consumer class actions involving low-cost goods like Joint Juice, they do not pose the same existential threat as damages of $500 per unit sold—or $550 per unit sold, as the plaintiff requested here—with which defendants are frequently confronted. And by reducing the damages award on due process grounds, the court made clear—despite the plaintiff’s insistence to the contrary—that the award of aggregate statutory damages under Sections 349 and 350 is not automatic, as many plaintiffs have claimed.

But while an award of $50 per violation may be significantly more palatable for defendants than $500 or $550 per violation, few defendants will relish the possibility that a class member could receive $50 per violation in cases involving low-cost household staples. That is particularly true in cases where the plaintiffs seek “price premium” damages amounting to a fraction of the product’s cost, as opposed to seeking the product’s entire purchase price (as the plaintiff did here). Perhaps most importantly, by declining to evaluate the propriety of an aggregate statutory damages award until after the jury has rendered its verdict, the court’s approach still faces defendants with the potential of catastrophic liability, as there remains a possibility that a court may not reduce the statutory damages at all or that it may apply only a modest reduction. Although the decision is hardly an unmitigated victory for class action plaintiffs, it is equally unlikely to embolden defendants to try Section 349 and 350 claims in lieu of settling them.

California’s Consumer Finance Regulator and Fintech: A Look at the DFPI’s First Year

Creelan_Jeremy_COLOR Poetzel_Megan_COLOR Ross_Jenna_COLOR Bartosik_Karolina_COLOR


By: Jeremy M. Creelan, Megan B. Poetzel, Jenna E. Ross, and Karolina L. Bartosik

The regulation and enforcement of financial technology (Fintech) remains in sharp focus for California’s consumer finance regulator, the Department of Financial Protection and Innovation (DFPI), as it moves into its second year of operation. This Alert provides a short overview of the DFPI’s origins, a comparison of the DFPI’s stated priorities with its regulatory activities in its inaugural year, and an analysis of recent enforcement actions relevant to Fintech.   


In August 2020, the California legislature passed Assembly Bill 1864, which included the California Consumer Financial Protection Law (CCFPL), one of the most expansive consumer protection laws in the country, and replaced the Department of Business Oversight (DBO) with the DFPI. As discussed in a contemporaneous blog post in Jenner & Block’s Consumer Law Round-Up, the CCFPL charges the DFPI with regulating “the provision of various consumer financial products and services” and exercising “nonexclusive oversight and enforcement authority under California and federal (to the extent permissible) consumer financial laws.”

To meet its “dual mission to protect consumers and foster responsible innovation,” the CCFPL expanded the scope of the DFPI’s oversight authority powers to cover entities and products not previously regulated by DBO, although it exempted major financial institutions from its reach. The DFPI now oversees nonbank small business lenders and Fintech companies, along with debt relief companies, consumer credit reporting agencies, among others, and can investigate and sanction unlawful, unfair, deceptive, or abusive acts or practices by any person offering or providing consumer financial products or services in the state. The CCFPL also grants the DFPI “the power to bring administrative and civil actions, issue subpoenas, promulgate regulations, hold hearings, issue publications, conduct investigations, and implement outreach and education programs.”

A Comparison of the DFPI’s Stated Priorities with its 2021 Activities

In its first monthly bulletin after the implementation of the CCFPL, the DFPI announced three notable areas of interest. Over a year later, in March 2022, the DFPI published a report summarizing its 2021 activities. A comparison of the two reveals areas of progress and sustained focus.

First, the DFPI promised to “review and investigate consumer complaints against previously unregulated financial products and services, including debt collectors, credit repair and consumer credit reporting agencies, debt relief companies, rent to own contractors, private school financing, and more.” In its annual report, the DFPI reported that it has collected “close to $1 million in restitution for consumers from enforcement actions” and reviewed 30% more complaints in 2021 than in 2020.  Notably, “[t]he top categories of [consumer] complaints included debt collection, cryptocurrency, and ‘neo banks’ (fintech companies partnering with banks to offer deposit account services).”

Second, the DFPI prepared to open the Office of Financial Technology Innovation, made “to work proactively with entrepreneurs and create a regulatory framework for responsible, emerging financial products.” Almost immediately, the DFPI signaled its interest in regulating earned wage access (EWA), or the ability for employees to access their wages before their scheduled payday. Not long after publication of its monthly bulletin, the DFPI entered into memoranda of understanding (MOU) with five EWA companies. The companies agreed to deliver quarterly reports beginning in April 2021 “on several metrics intended to provide the [DFPI] with a better understanding of the products and services offered and the risk and benefits to California consumers.” Later, the DFPI signed six additional MOU with EWA companies and stated in its annual report that the quarterly reports required in the MOU will “inform future oversight efforts.” The DFPI also indicated potential rulemaking may be forthcoming related to wage-based advances, including the registration of covered persons, record retention, and reporting.

Third, the DFPI stated that it would create the Division of Consumer Financial Protection, which would “feature a market monitoring and research arm to keep up with emerging financial products.” Per its report, the DFPI created a research team in September 2021, which is “in the process of evaluating DFPI’s consumer complaint data to identify broader market trends that may pose risks to consumers.”

Key Areas of DFPI Enforcement Related to Fintech

The Fintech industry has been a focus of DFPI enforcement activity since its inception. In one early action, for instance, the DFPI entered a desist and refrain order against a Fintech platform for allegedly selling securities, including cryptocurrency, without a broker-dealer certificate; misleading consumers in the sale of the securities; and engaging in unlicensed securities transactions.

In the last few months, the DFPI has continued to provide guidance to the industry in a variety of areas, via interpretive opinions and enforcement actions. Companies providing similar financial products and services in California should take note.

  • “True lender” and interest rate caps
    • In December 2021, the DFPI entered a consent order with a California company that had marketed consumer loans to California borrowers with interest rates in excess of the maximum set by California law. In the consent order, the company agreed not to market or service loans of less than $10,000 with interest rates greater than those set by the California Fair Access to Credit Act. The entrance of the consent order reveals that the DFPI viewed the California company as the true finance lender under the California Financing Law and the CCFPL, even though the company did not fund the loans and had provided servicing and marketing services to its banking partner, a Utah bank that is exempt from California’s usury laws.
    • In reaction to the above order, a Fintech platform and nondepository that operates a similar bank partnership program filed suit against the DFPI in March 2022, seeking a declaration that California’s interest rate caps do not apply to its loan program because its Utah bank partner originates and funds the loans. In April 2022, the DFPI filed a cross-complaint, accusing the Fintech platform of deceptive and unlawful business practices, by engaging in a “rent-a-bank” partnership scheme that allows it to evade California interest rate caps and promote predatory lending practices. The cross-complaint alleges that the Fintech platform is the “true lender” of the loans because it has the predominant economic interest in the transaction, as it collects nearly all of the loan profits after purchasing the loans’ receivables within days of their funding, shielding its bank partner from any credit risk. The DFPI also alleges that the Fintech platform performs traditional lender roles in marketing, underwriting, and servicing the loans. The DFPI seeks at least $100 million in penalties, in addition to restitution to the affected borrowers.
  • Wage-based advances and lender licensing
    • In a February 2022 interpretive opinion, the DFPI concluded that certain employer-facilitated advances, for which an EWA provider contracts with an employer to offer its employees early access to wages, were not loans under either the California Financing Law, which regulates consumer credit, or the California Deferred Deposit Transaction Law, which regulates payday loans. In reaching this conclusion, the DFPI found that the source of the funding (the employer), the limit on the funding amount (to the amount an employee earned), and the nominal fees associated with the advance counseled against the application of California’s lending laws. Therefore, the inquiring EWA provider and its employer-partner were not required to obtain lending licenses.
    • By contrast, the DFPI alleged in two recent enforcement actions that a merchant cash agreement (providing funding in exchange for a percentage of a company’s future revenue) and an income share agreement (providing college tuition funding in exchange for a percentage of the student’s income after graduation) qualify as loans, and such providers must be licensed in accordance with applicable California law.
  • Cryptocurrency and digital asset trading
    • In a March 2022 interpretive opinion, the DFPI addressed whether the California Money Transmission Act (MTA), which prohibits unlicensed engagement in the business of money transmission in the state, applies to software that provides retail and institutional investors with the ability to buy, sell, and store cryptocurrency. Of note, the MTA defines “money transmission” to include the selling or issuing of “stored value”; the selling or issuing of payment instruments; and the receipt of money for transmission. The DFPI concluded that closed-loop transactions, where the company does not facilitate the exchange of cryptocurrency transactions with a third party and the customer can only redeem monetary value stored in the account for cryptocurrency sold by the company, do not meet the definition of “money transmission.” However, the DFPI explained that it has not determined whether a “wallet storing cryptocurrency” is a form of “stored value” under the MTA.  Accordingly, the DFPI did not require the inquiring platform to be licensed in order to provide customers with fiat and digital wallets to store and exchange cryptocurrency directly with the platform. The DFPI noted, however, that the licensing requirements remain subject to change.
    • A month earlier, the DFPI concluded in a February 2022 consent order that sales of a cryptocurrency retail lending product qualify as a security under California law. Specifically, the company at issue offered and sold interest-bearing digital asset accounts, “through which investors could lend digital assets to [the company] and in exchange, receive interest” paid in cryptocurrency. The DFPI concluded that these accounts are securities, and that the company had wrongfully engaged in unregistered securities transactions. The DFPI’s decision came shortly after the federal Securities and Exchange Commission charged the company with a similar violation of federal securities laws, finding that the accounts were both “notes” and “investment contracts” because the investors’ digital assets were pooled and packaged as loan products that generated returns for the company and yielded variable monthly interest payments contingent on the company’s deployment and management of the assets.

As this overview makes clear, Fintech remains a top priority for the DFPI’s regulatory and enforcement activity in 2022. Jenner & Block will continue to monitor the DFPI and report on the dynamic regulatory landscape affecting Fintechs.

CFPB Publishes Market Snapshot Report on Consumer Use of State Payday Loan Extended Payment Plans


By: Jenna L. Conwisar

Payday loans are small-dollar cash loans typically due in a single payment on the borrower’s next payday—they are extremely short-term and generally high-interest forms of consumer credit.[1] If the borrower cannot pay off the loan when it’s due, some states allow the borrower to pay a fee to defer full payment on, or “rollover,” their loan. A 2014 Consumer Financial Protection Bureau (CFPB) report found that over 80% of payday loans are rolled over within two weeks.[2]

The CFPB notes that upwards of 12 million borrowers utilize payday loans each year.[3] 16 states now require that payday lenders allow borrowers to repay their payday loans at regular intervals through Extended Payment Plans, or EPPs, typically at no additional cost to the borrower.[4]

On April 6, 2022, the CFPB published a report examining state EPPs.[5] Below are some of the CFPB report’s key findings.

Variation and Commonality Among State EPP Laws

The CFPB report found “substantial variation” among state EPPs, particularly in consumer eligibility requirements.[6] Depending on the state they are borrowing in, consumers may become EPP-eligible after surpassing a set number of rollovers, after they pay a certain percentage of the outstanding balance, or after they enroll in credit counseling.

Most states require EPPs to include at least four equal or substantially equal installments, and consumers are typically limited to one EPP election in a 12-month period. Many states mandate that lenders disclose the availability of an EPP option to consumers at the time they enter into the payday loan agreement or at the time of default.

EPP Usage, Default, and Rollover Rates

According to the CFPB report, extended payment plan usage rates vary drastically across states, with Washington reporting that 13.4% of payday loans converted to EPPs in 2020 compared to Florida’s 0.4%. In California, EPP usage rates doubled from 1.2% in 2019 to 3.0% in 2020. While the COVID-19 pandemic saw payday loan volume decrease by 65%, EPP usage rates tended to rise slightly. The report attributes the decline in overall payday loan volume to the federal Economic Impact Payments.

Meanwhile, rollover and default rates still remain higher than EPP usage rates. For example, 27% of Washington payday borrowers defaulted on their loan in 2020 and 47.1% of Idaho borrowers rolled over their loan in 2016. The CFPB attributes these high rates to lenders implementing practices that discourage EPP use. In the report’s press release, CFPB Director Rohit Chopra acknowledged that “[p]ayday lenders have a powerful incentive to protect their revenue by steering borrowers into costly re-borrowing” causing “state laws that require payday lenders to offer no-cost extended repayment plans [to] not work[] as intended.”[7]

*          *          *

Imbedded throughout the report is the CFPB’s clear preference for expanded EPP opportunities in order to prevent consumers from amassing repeat rollover fees. In 2014, the CFPB reported that most borrowers rollover their payday loans enough times that the accumulated rollover fees exceed the original loan amount.[8] Lenders should take note that the CFPB “will continue to monitor lender practices that discourage consumers from taking extended payment plans and take action as necessary.”[9]


[1] Payday loans are legal in only 26 states: Alabama, Alaska, California, Delaware, Florida, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Michigan, Minnesota, Mississippi, Missouri, Nevada, North Dakota, Rhode Island, South Carolina, Tennessee, Texas, Utah, Washington, Wisconsin, and Wyoming.

[2] CFPB Finds Four Out Of Five Payday Loans Are Rolled Over Or Renewed, CFPB (Mar 25, 2014).

[3] CFPB Finds Payday Borrowers Continue to Pay Significant Rollover Fees Despite State-Level Protections and Payment Plans, CFPB (Apr 6, 2022).

[4] Alabama, Alaska, California, Delaware, Florida, Idaho, Indiana, Louisiana, Michigan, Nevada, South Carolina, Utah, Washington, Wisconsin, and Wyoming.

[5] Market Snapshot: Consumer Use of State Payday Loan Extended Payment Plans, Consumer Financial Protection Bureau (April 2022).

[6] Id. at 5, 7.

[7] CFPB Finds Payday Borrowers Continue to Pay Significant Rollover Fees Despite State-Level Protections and Payment Plans, supra note 3.

[8] CFPB Data Point: Payday Lending, CFPB (March 2014).

[9] Market Snapshot, supra note 5, at 14.

US Supreme Court Issues Significant Ruling Limiting the “Look-Through” Jurisdiction of Federal Courts Under the Federal Arbitration Act

By: Laura P. MacDonald, Elizabeth A. Edmondson, and Adina Hemley-Bronstein

On March 31, 2022, the US Supreme Court issued a significant decision in Badgerow v. Walters, No. 20-1143, ending a circuit split about when federal courts have subject matter jurisdiction to review domestic arbitration awards under the Federal Arbitration Act (FAA). In an 8-1 opinion, the Court ruled that federal courts cannot “look through” to the underlying controversy to establish subject matter jurisdiction to confirm or vacate an arbitral award under the FAA. As a result, absent diversity of citizenship, petitioners seeking to confirm or vacate domestic arbitration awards under the FAA must now bring those petitions in state court.

The FAA governs the enforcement of most arbitration agreements in the United States. The statute dictates the standards for compelling arbitration (under Section 4) and for the confirmation or vacatur of an arbitration award (under Sections 9 and 10). But, although the FAA authorizes a party to make these petitions, the statute does not automatically authorize federal courts to hear them. This is because the FAA, unlike almost all federal statutes, does not itself confer federal subject matter jurisdiction, at least for domestic arbitration agreements. Instead, for a federal court to decide a petition under the FAA, the court must have an “independent jurisdictional basis.” Hall Street Associates, L.L.C. v. Mattel, Inc., 552 U.S. 576, 582 (2008). (Section 2 of the FAA confers federal subject matter jurisdiction over “non-domestic arbitrations,” i.e., those that have at least one foreign party or a substantial international nexus.)

The issue before the Court in Badgerow was whether a federal court may determine its jurisdiction to confirm or vacate an arbitration award only by looking at the face of the petition for judicial review, or whether it may “look through” the petition and examine whether federal jurisdiction would exist over the underlying dispute. The Court had previously authorized look-through jurisdiction in the context of petitions to compel arbitration under Section 4 of the FAA, see Vaden v. Discover Bank, 556 U.S. 49 (2009), but a circuit split had emerged regarding whether the same approach applied to petitions to confirm or vacate under Sections 9 and 10. Whereas the Third and Seventh Circuits maintained that Vaden should be confined to petitions to compel under Section 4, the Second Circuit, along with the First and Fourth, applied look-through jurisdiction to other petitions brought under the FAA. This means that until now, the Second Circuit has permitted federal court access for many petitioners seeking review of arbitration awards in New York, where a significant number of the nation’s arbitrations take place.

The case arose from an employment arbitration. The petitioner Denise Badgerow brought state and federal claims against her former employer for unlawful termination. After the arbitrators dismissed her claims, Badgerow filed suit in Louisiana state court to vacate the decision, arguing that fraud had taken place during the arbitration proceeding. In response, Badgerow’s employer removed the action to federal district court and petitioned the court to confirm the arbitration award. Badgerow then moved to remand, arguing that the federal district court lacked the subject matter jurisdiction needed to confirm or vacate the award under Sections 9 and 10 of the FAA. The district court applied Vaden’s look-through approach and held that, because the underlying employment dispute involved federal-law claims, it could therefore exercise jurisdiction over the employer’s petition to review and confirm the award. The Fifth Circuit affirmed, joining the First, Second, and Fourth Circuits in extending the look-through approach to additional petitions under the FAA.

On appeal, the Supreme Court reversed. Resolving the existing circuit split, it held that the look-through approach applicable under Section 4 does not apply to petitions to confirm or vacate arbitration awards under Sections 9 and 10. Thus, jurisdiction to confirm or vacate an arbitration award must be apparent on the face of the petition itself and independent of the underlying dispute. The Court reasoned that Sections 9 and 10 “contain none of the statutory language on which Vaden relied” and “[m]ost notably” lacked “Section 4’s ‘save for’ clause.” Unlike Section 4, Sections 9 and 10 “do not instruct a court to imagine a world without an arbitration agreement, and to ask whether it would then have jurisdiction over the parties dispute.” In fact, the Court pointed out, “Sections 9 and 10 do not mention the court’s subject-matter jurisdiction at all.” Applying standard principles of statutory interpretation, the Court reasoned that while “Congress could have replicated Section 4’s look-through instructions in Sections 9 and 10,” it did not, leading to the Court’s conclusion that federal courts may determine their jurisdiction only by assessing the parties’ petitions to confirm or vacate and not by looking through to the underlying controversy.

Following Badgerow, parties seeking to confirm or challenge arbitration awards in federal court will need to show that a federal question exists on the face of the petition itself. In practice, parties will have to show that either (a) the arbitration agreement is “non-domestic” and thus eligible for federal jurisdiction under Section 2, (b) federal diversity jurisdiction exists over the dispute, or (c) the confirmation action receives pendent jurisdiction due to the presence of a separate and independent federal claim.

The Court’s decision in Badgerow will likely shift a substantial number of confirmation and vacatur actions to state courts. While the FAA will remain the governing law, the shift to state court will require practitioners to follow state procedural rules and will potentially introduce questions about how state arbitration law can fill any gaps in the FAA itself.

CFPB Adds “Discrimination” to its “Unfair, Deceptive, or Abusive Acts and Practices” (UDAAP) Examination Guidance

Ross_Michael_COLOR Arain_Ali_COLOR Steinberg_Jonathan_COLOR


By: Michael W. Ross, Ali M. Arain, and Jonathan S. Steinberg

On March 16, 2022, the Consumer Financial Protection Bureau (CFPB) announced its intent to address discrimination as an “unfair practice” under the Consumer Financial Protection Act (commonly known as Dodd-Frank). Specifically, by indicating that discrimination falls within “unfair practices” in its Exam Manual, the CFPB has authorized its examiners to look “beyond discrimination directly connected to fair lending laws” and ask companies to “review any policies or practices that exclude individuals from products and services, or offer products or services with different terms, in an unfairly discriminatory manner.”[1]

Utilizing the Bureau’s manual, CFPB Examiners play a critical role in evaluating companies’ compliance with Dodd-Frank and other federal consumer protection laws in addition to aiding in the determination of whether “supervisory or enforcement actions are appropriate.”[2]

In its efforts to combat discrimination, the CFPB is particularly concerned with the growing use of artificial intelligence and machine learning, and how consumers from protected classes may be uniquely harmed by biased algorithms. For example, “data harvesting and consumer surveillance fuel complex algorithms that can target highly specific demographics of consumers to exploit perceived vulnerabilities and strengthen structural inequities.”[3]

Dodd-Frank prohibits “any provider of consumer financial products or services” from engaging in unfair, deceptive and abusive acts and practices (UDAAP).[4] It further provides the CFPB with “enforcement authority to prevent unfair, deceptive, or abusive acts or practices in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service.”[5] In addition, Dodd-Frank provides the CFPB with “supervisory authority for detecting and assessing risks to consumers and to markets for consumer financial products and services.”[6] In this capacity, the CFPB maintains “supervisory authority over banks, thrifts, and credit unions with assets over $10 billion, as well as their affiliates [and] . . . nonbank mortgage originators and servicers, payday lenders, and private student lenders of all sizes.”[7]

Under Dodd-Frank, “an act or practice is unfair when:

  • It causes or is likely to cause substantial injury to consumers;
  • The injury is not reasonably avoidable by consumers; and
  • The injury is not outweighed by countervailing benefits to consumers or to competition.”[8]

The CFPB, in its updated manual, details how it contends discrimination satisfies this definition. First, regarding the likelihood of “substantial injury,” the manual points to “[f]oregone monetary benefits or denial of access to products or services” that can result from discrimination.[9] Critically, the CFPB notes that “[c]onsumers can be harmed by discrimination regardless of whether it is intentional.”[10] Next, concerning reasonable avoidability, the CFPB states that the question is not “whether a consumer could have made a better choice[,]” but rather “whether an act or practice hinders a consumer’s decision-making.”[11] To that end, the CFPB contends that “[c]onsumers cannot reasonably avoid discrimination.”[12] Finally, the CFPB’s press release notes that “discrimination may meet the criteria for ‘unfairness’ . . . where that harm is not outweighed by countervailing benefits to consumers or competition.”[13]

While the manual’s updated language does not create legal duties, such as those imposed by fair lending laws, it establishes the CFPB’s expectations for covered entities. For this reason, these changes to the manual will likely have a substantial real-world impact on companies that engage in consumer-related financial transactions.

[1] Eric Halperin & Lorelei Salas, Cracking Down on Discrimination in the Financial Sector, Consumer Fin. Prot. Bureau (Mar. 16, 2022),

[2] Consumer Fin. Prot. Bureau, CFPB Supervision and Examination Manual, 11 (March 2022) (Examination Manual).

[3] Halperin & Salas, supra note 1.

[4] Press Release, Consumer Fin. Prot. Bureau, CFPB Targets Unfair Discrimination in Consumer Finance (Mar. 16, 2022),

[5] Examination Manual, supra note 2, at 1.

[6] Id. at 1.

[7] Consumer Fin. Prot. Bureau, Institutions Subject to CFPB Supervisory Authority, (last visited Mar. 28, 2022).

[8] Examination Manual, supra note 2, at 1–2. This is the same test applied by the FTC under the FTC Act.

[9] Examination Manual, supra note 2, at 2.

[10] Press Release, Consumer Fin. Prot. Bureau, supra note 4.

[11] Examination Manual, supra note 2, at 2.

[12] Id. at 2.

[13] Press Release, Consumer Fin. Prot. Bureau, supra note 4.

Ninth Circuit Decision Foreshadows Major Blow to Prop 65 Acrylamide Claims


By Matthew G. Lawson

On Thursday, March 17, 2022, the Ninth Circuit issued a critical decision in California Chamber of Commerce v. CERT, No. 21-15745 (9th Cir. 2022), reinstating a preliminary injunction against the filing or prosecuting of any new lawsuits to enforce Proposition 65’s warning requirements as applied to acrylamide in food and beverage products.  The decision reinstalls a roadblock against future lawsuits and may offer a light at the end of the tunnel for the regulated community by signaling the existence of a valid defense against Proposition 65 claims where the health risks of a chemical remain subject to ongoing debate and disagreement from scientific experts.  The decision is a blow against Proposition 65 plaintiffs who had recently succeeded in petitioning the court to grant an emergency stay of the district court’s preliminary injunction pending appeal.

Proposition 65 provides that “[n]o person in the course of doing business shall knowingly and intentionally expose any individual to a chemical known to the state to cause cancer . . . without first giving clear and reasonable warning to such individual…”  A chemical is deemed to be “known to the state to cause cancer” if it meets one of three statutory criteria: (1) the state’s qualified experts believe “it has been clearly shown through scientifically valid testing according to generally accepted principals to cause cancer”; (2) “a body considered to be authoritative by such experts has formally identified it as causing cancer”; or (3) “an agency of the state or federal government has formally required it to be labeled or identified as causing cancer.”  See Cal. Health & Safety Code § 25249.8(b).  Where a consumer product contains such a chemical, the manufacturer / distributor of the product must provide a warning to consumers, unless they can affirmatively show that quantities of the chemical within the product are below certain “safe harbor” levels.  Manufacturers that fail to provide a warning notice may be subject to significant civil penalties, often pursuant to claims brought by private plaintiff enforcers.

A particularly controversial chemical on Proposition 65’s list is acrylamide. Unlike many Proposition 65 chemicals, which are often additives or ingredients within a consumer product or food, acrylamide is a substance that forms through a natural chemical reaction between sugars and asparagine, an amino acid, in plant-based foods – including potato and certain grain-based foods.  Acrylamide often forms during high-temperature cooking, such as frying, roasting and baking.  Acrylamide was added to the Proposition 65 list in 1990 “because studies showed it produced cancer in laboratory rats and mice.”  However, this conclusion is not shared by other experts—including the American Cancer Society and National Cancer Institute—who has stated that “a large number of epidemiologic studies . . . have found no consistent evidence that dietary acrylamide exposure is associated with the risk of any type of cancer.”  Between 2015 and October 2020, the State of California reported that it received almost 1,000 notices of alleged acrylamide violations sent by private enforcers to businesses selling food products in California.

In an effort to strike back against enforcement of Proposition 65’s warning requirements, CalChamber—a nonprofit business association with over 13,000 members, many of whom sell or produce food products that contain acrylamide—filed litigation in California federal district court seeking to vindicate its members’ First Amendment right to not be compelled to place false and misleading acrylamide warnings on their food products. CalChamber’s preliminary injunction motion sought to prohibit parties from “filing and/or prosecuting new lawsuits to enforce the Proposition 65 warning requirement for cancer as applied to acrylamide in food and beverage products.”  The Council for Education and Research on Toxics (“CERT”) intervened as a defendant and argued that, as a private enforcer of Prop. 65, an injunction would impose an unconstitutional prior restraint on its First Amendment rights. In Cal. Chamber of Com. v. Becerra, 529 F. Supp. 3d 1099, 1123 (E.D. Cal. 2021), the district court granted CalChamber’s request for preliminary injunction finding that CalChamber was likely to succeed on the merits of its First Amendment Claim. Citing Zauderer v. Office of Disciplinary Counsel, 471 U.S. 626 (1985), the district court held that to pass constitutional  muster, the warnings compelled by Prop 65 must “(1) require the disclosure of purely factual and uncontroversial information only, (2) [be] justified and not unduly burdensome, and (3) [be] reasonably related to a substantial government interest.” Because the Attorney General and CERT did not meet their burden to show the warning requirement was lawful under Zauderer, the district court concluded that CalChamber was likely to succeed on the merits of its First Amendment claim and granted the preliminary injunction against new Proposition 65 lawsuits regarding acrylamide.  While CERT appealed the preliminary injunction order, the Attorney General did not, and a divided motions panel of the Ninth Circuit granted in part CERT’s motion for an emergency stay of the preliminary injunction pending appeal.

On Thursday, the Ninth Circuit issued its final decision on the merits of the preliminary injunction, and affirmed the district court’s original decision.  Citing to the existence of “robust disagreement by reputable scientific sources,” the Ninth Circuit held that the district court did not abuse its discretion by concluding that the acrylamide warning was “controversial.”  Similarly, the Ninth Circuit agreed with the district court’s conclusions that a Proposition 65 warning for acrylamide would mislead consumers because “[a] reasonable person might think that they would consume a product that California knows will increase their risk for cancer…Such a consumer would be misled by the warning because the State of California does not know if acrylamide causes cancer in humans.”  Finally, the appellate court found that the record supported the conclusion that Proposition 65’s “enforcement regime creates a heavy litigation burden on manufacturers who use alternative warnings.” Specifically, the appellate court reasoned that upon receipt of a Proposition 65 notice of violation, “a business must communicate to consumers a disparaging health warning about food containing acrylamide that is unsupported by science, or face the significant risk of an enforcement action under Proposition 65.”  For these reasons, the Ninth Circuit found that the preliminary injunction was warranted and removed the emergency stay against its enforcement.

While the immediate impact of the Ninth Circuit’s decision is limited to new lawsuits regarding Proposition 65 warning requirements for acrylamide, the Ninth Circuit’s holding could be viewed as its own warning sign to plaintiffs who seek to enforce Proposition 65 requirements where the science supporting the harmful effects of a chemical remains in dispute.  It remains to be seen whether the Ninth Circuit’s holding will spur the CalChamber or other similarly situated groups to raise similar defenses in future cases.

CFPB and other Federal Regulators Eye Regulation Aimed at Curbing Algorithmic Bias in Automated Home Valuations

By: Michael W. Ross, Ali M. Arain, and Jonathan Steinberg

Late last month, the Consumer Financial Protection Bureau (CFPB) took another step toward adopting rules governing the use of artificial intelligence (AI) and algorithms in appraising home values. Specifically, the CFPB issued a detailed outline and questionnaire soliciting feedback from small business entities on a proposed rulemaking proceeding for using Automated Valuation Models (AVMs).

The CFPB and other federal regulators[1] intend to adopt rules designed to: (1) ensure a high level of confidence in the estimates produced by AVMs; (2) protect against the manipulation of data; (3) avoid conflicts of interest; and (4) require random sample testing and reviews.[2] In addition, federal regulators are now considering whether to include express nondiscrimination quality control requirements for AVMs as a ”fifth factor.” Once adopted, the new rules will apply to banks, mortgage lenders who use AVMs to make underwriting decisions, and mortgage-backed securities issuers, and are intended to protect homebuyers and homeowners who may be negatively impacted by inaccurate appraisals.

Continue reading "CFPB and other Federal Regulators Eye Regulation Aimed at Curbing Algorithmic Bias in Automated Home Valuations" »

Potential Bias in AI Consumer Decision Tools Eyed by FTC, CFPB

Arain_Ali_COLOR Ross_Michael_COLOR Steinberg_Jonathan_COLOR


By Ali M. Arain, Michael W. Ross, and Jonathan Steinberg

Potential discrimination and bias resulting from consumer tools based on artificial intelligence and automated data will be an enforcement focus of regulators this year, Jenner & Block attorneys predict. Accuracy and transparency are also on the table, they say.

Given the growing use of artificial intelligence (AI) and automated decision-making tools in consumer-facing decisions, we expect federal regulators in 2022 to continue their recent track record of interest in potential discrimination and unfairness, as well as data accuracy and transparency.

Significant technological developments in these areas and the increasing use of data analytics to make automated decisions will likely result in further regulatory action this year in three key areas: (1) assessing whether AI and algorithms are excluding particular consumer groups in an unfair and discriminatory manner, whether intentionally or not; (2) evaluating whether collected data accurately reflects real-world facts and whether companies are giving consumers an opportunity to correct mistakes; and (3) assessing whether automated decisionmaking tools are being used in a transparent manner.

Continue reading "Potential Bias in AI Consumer Decision Tools Eyed by FTC, CFPB" »