This month's unusually busy report features activity from the Consumer Financial Protection Bureau, the Department of Justice, the Office of the Comptroller of the Currency, and the Federal Trade Commission. Several of the items we mention this month are expressly auto finance-related, and the rest might be of interest to those in the auto sales, finance, or leasing business.

FTC Moves on Spot Deliveries. On September 29, the FTC charged nine Los Angeles-area auto dealerships and their owners with a wide range of deceptive and unfair sales and financing practices. The FTC's complaint challenged the dealerships' "yo-yo financing" tactics, described as abusive spot deliveries. The FTC alleged that the dealerships packed extra, unauthorized charges for "add-ons," or aftermarket products and services, into car deals financed by consumers, used deceptive advertising practices, and used phony online reviews to tout the dealerships and combat negative consumer reviews. The FTC's complaint also charged the defendants with violating the Truth in Lending Act and Regulation Z, and the Consumer Leasing Act and Regulation M, for failing to clearly disclose required credit information and lease information in their advertising. For more information on this development, see Joel Winston's article on page 8.

Repossessing Vehicles from Servicemembers. On September 29, the Justice Department announced a settlement with Wells Fargo Bank, N.A., d/b/a Wells Fargo Dealer Services, for allegedly violating the Servicemembers Civil Relief Act by repossessing vehicles of protected servicemembers without court orders. The settlement, subject to court approval, covers repossessions between January 1, 2008, and July 1, 2015. Wells Fargo agreed to modify its policies and pay over $4.1 million, including $10,000 to each affected servicemember, plus any lost equity in the vehicle, with interest, and a $60,000 civil penalty to the United States. Wells Fargo will also delete the repossessions from the affected servicemembers' consumer reports. Erica Kramer's article on our front cover page provides more information on this settlement, as well as the OCC's settlement discussed below.

(More) Protecting Servicemembers. On September 29, the OCC also assessed a $20 million civil penalty against Wells Fargo and ordered the bank to make restitution to servicemembers harmed by the bank's alleged violations of the SCRA. The OCC alleged that between approxi-mately 2006 and 2016, the bank failed to: (1) provide the 6 percent interest rate limit to active duty servicemember obligations or liabilities incurred before military service; (2) accurately disclose servicemembers' active duty status to the court via affidavits before evicting them; and (3) obtain court orders before repossessing servicemembers' automobiles. The $20 million penalty reflects a number of factors, including the duration and frequency of alleged violations, the alleged financial harm to servicemembers, alleged deficiencies and weaknesses in the bank's SCRA compliance program, and allegedly ineffective compliance risk management. The OCC's order also requires the bank to take corrective action to establish an enterprise-wide SCRA compliance program to detect and prevent SCRA violations.

Military Lending Act Exam Procedures. On September 30, the CFPB issued the procedures its examiners will use to identify violations of the Military Lending Act rule. For most forms of credit subject to the updated MLA rule, the compliance date for the amended regulation is October 3, 2016. Congress passed the MLA to address a perceived problem of high-cost credit as a threat to military personnel and readiness. In July 2015, the Department of Defense issued a final rule expanding the types of credit covered by the MLA. The MLA protections extend to active duty servicemembers (including those on active Guard or active Reserve duty) and covered dependents. Under the rule, creditors:

(1) cannot charge servicemembers or covered dependents more than a 36 percent "Military Annual Percentage Rate," which generally includes the following costs (with some exceptions): finance charges, credit insurance premiums or fees, credit-related add-on products sold in connection with the credit extended, and other fees such as application or participation fees;

(2) cannot require servicemembers or covered dependents to submit to mandatory arbitration or give up certain rights under state or federal law, such as the SCRA; and

(3) cannot require servicemembers or covered dependents to create a voluntary military allotment in order to qualify for credit.

Federal Appeals Court Curbs the CFPB. On October 11, in a case involving PHH Corporation, a mortgage lending company, the U.S. Court of Appeals for the District of Columbia Circuit declared that the CFPB's structure violates the federal Constitution. The court also rejected the Bureau's interpretation of the Real Estate Settlement Procedures Act and the applicability of statutes of limitations to CFPB administrative actions. Tom Hudson provides more information on this case in his article on page 7.

Protecting Servicemembers. On October 11, the CFPB announced a consent order against Navy Federal Credit Union for its allegedly unfair and deceptive debt collection practices to collect from its members, including military servicemembers, DoD civilian employees and contractors, and government employees assigned to DoD installations, and their immediate family members. The CFPB alleged that the credit union falsely threatened legal action and wage garnishment, falsely threatened to contact commanding officers if borrowers did not make a payment, misrepresented the effect of default on a borrower's credit score, misrepresented its ability to raise or lower a credit score and to affect a borrower's access to credit, and illegally froze electronic account access after borrowers defaulted. The credit union agreed to pay approximately $23 million in compensation to affected consumers, modify its debt collection practices, and pay a $5.5 million civil penalty.

Data Breach Guide. On October 25, the FTC released a guide - "Data Breach Response: A Guide for Business" - and an accompanying video describing steps a business should take after a data breach. For related guidance on implementing a plan to protect consumers' personal information and to prevent breaches and unauthorized access, the FTC has previously released "Protecting Personal Information: A Guide for Business" and "Start with Security: A Guide for Business."

Guidance on Service Providers. On October 26, the CFPB reissued a compliance bulletin providing guidance on service providers to clarify that the depth and formality of the risk management program for service providers may vary depending on the service being performed - its size, scope, complexity, importance, and potential for consumer harm - and the performance of the service provider in carrying out its activities in compliance with federal consumer financial laws and regulations. The new compliance bulletin, 2016-02, states that while due diligence is not a shield against liability for the service provider's actions, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable.

So, there's this month's report. See you next month.