Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
2nd Circuit reverses earlier decision, says class lacks standing to sue bank for mortgage recording delays
On November 17, the U.S. Court of Appeals for the Second Circuit reversed its earlier determination that class members had standing to sue a national bank for allegedly violating New York’s mortgage-satisfaction-recording statutes, which require lenders to record borrowers’ repayments within 30 days. As previously covered by InfoBytes, the plaintiffs filed a class action suit alleging the bank’s recordation delay harmed their financial reputations, impaired their credit, and limited their borrowing capacity. While the bank did not dispute that the discharge was untimely filed, it argued that class members lacked Article III standing because they did not suffer actual damages and failed to plead a concrete harm under the U.S. Supreme Court’s decision in Spokeo Inc. v. Robins. At the time, the majority determined, among other things, that “state legislatures may create legally protected interests whose violation supports Article III standing, subject to certain federal limitations.” The alleged state law violations in this matter, the majority wrote, constituted “a concrete and particularized harm to the plaintiffs in the form of both reputational injury and limitations in borrowing capacity” during the recordation delay period. The majority further concluded that the bank’s alleged failure to report the plaintiffs’ mortgage discharge “posed a real risk of material harm” because the public record reflected an outstanding debt of over $50,000, which could “reasonably be inferred to have substantially restricted” the plaintiffs’ borrowing capacity.
In withdrawing its earlier opinion, the 2nd Circuit found that the Supreme Court’s June decision in TransUnion v. Ramirez (which clarified what constitutes a concrete injury for the purposes of Article III standing in order to recover statutory damages, and was covered by InfoBytes here) “bears directly on our analysis.” The parties filed supplemental briefs addressing the potential impacts of the TransUnion ruling on the 2nd Circuit’s previous decision. The bank argued that while “New York State Legislature may have implicitly recognized that delayed recording can create [certain] harms,” the plaintiffs cannot allege that they suffered these harms. Class members challenged that “the harms that the Legislature aimed to preclude need not have come to fruition for a plaintiff to have suffered a material risk of real harm sufficient to seek the statutory remedy afforded by the Legislature.” Citing the Supreme Court’s conclusion of “no concrete harm; no standing,” the appellate court concluded, among other things, that class members failed to allege that delayed recording caused a cloud on the property’s title, forced them to pay duplicate filing fees, or resulted in reputational harm. Moreover, while publishing false information can be actionable, the appellate court pointed out that the class “may have suffered a nebulous risk of future harm during the period of delayed recordation—i.e., a risk that someone (a creditor, in all likelihood) might access the record and act upon it—but that risk, which was not alleged to have materialized, cannot not form the basis of Article III standing.” The appellate court further stated that in any event class members may recover a statutory penalty in state court for reporting the bank’s delay in recording the mortgage satisfaction.
On November 19, the U.S. District Court for the Northern District of California granted preliminary approval of a $58 million settlement in a class action against a fintech company (defendant) alleged to have accessed the personal banking data of users without first obtaining consent, in violation of California privacy, anti-phishing, and contract laws. The plaintiffs alleged the defendant obtained data from class members’ financial accounts without authorization. The plaintiffs also claimed the defendant collected class members’ bank login information through a user interface that made it appear as if class members were interfacing directly with their financial institution, when they were actually interfacing with the defendant.
In granting preliminary approval of the settlement, the court determined it was unclear whether the plaintiffs would have prevailed on the merits at trial, particularly with regard to the “relatively untested” claim that the defendant practices breached California’s anti-phishing law. Several other claims originally brought by the plaintiffs were dismissed in May, including allegations that the defendant breached the Stored Communications Act, the Computer Fraud and Abuse Act, and California’s Unfair Competition Law. In addition to the $58 million settlement fund, the proposed settlement would also provide for injunctive relief.
On November 19, the SEC announced that an investment company affiliate of a global consulting firm agreed to pay $18 million to settle alleged compliance failures. The affiliate provided investment services to current and former partners and employees of the consulting firm. The SEC alleged that the affiliate failed to maintain adequate policies and procedures to prevent firm partners from misusing material nonpublic information (MNPI) gained from consulting clients to make investment decisions. The SEC alleged that the affiliate invested hundreds of millions of dollars in companies that the firm was advising. According to the SEC, certain firm partners oversaw these investments and had access to MNPI, such as financial results, planned bankruptcy filings, mergers and acquisitions, among other things, as a result of the consulting work they did for the firm.
According to the cease-and-desist order, allowing active firm partners, “individuals who had access to MNPI about issuers in which [affiliate] funds were invested, to oversee and monitor [the affiliate’s] investment decisions presented an ongoing risk of misuse of MNPI.” The SEC claimed that the affiliate allegedly violated Sections 204A and 206(4) of the Investment Advisers Act of 1940 (related to the prevention and misuse of MNPI and prohibited investment adviser transactions), as well as Rule 206(4)-7 (concerning compliance policies and procedures). Without admitting or denying the findings, the affiliate consented to the entry of the cease-and-desist order, a censure, and the $18 million penalty.
District Court partially grants SEC’s motion for summary judgment in confidentiality agreements case
On November 17, the U.S. District Court for the Southern District of New York partially granted the SEC’s (plaintiff) motion for summary judgment in a case questioning the extent to which confidentiality agreements can prevent communication with the SEC regarding potential violations of securities laws. The court found that the Commission did not exceed its authority on a count of impeding SEC rules that is connected to a broader civil suit accusing an online store and its CEO (collectively, “defendants”) of stealing nearly $6 million from investors. The plaintiff alleged that the defendants impeded “individuals’ communication with the SEC regarding potential securities laws violations by enforcing or threatening to enforce confidentiality agreements that would prevent individuals’ communications thereof,” in violation of Rule 21F-17 of the Exchange Act. According to the order, in its stock purchase agreements, the defendants allegedly required investors to reject communication with “governmental or administrative agencies or enforcement bodies for the purpose of commencing or otherwise prompting investigation or other action.” The defendants allegedly used lawsuits to prevent communications that would violate its confidentiality agreements, and advertised these suits “to chill further communication,” which the court ruled were “undoubtedly ‘action[s] to impede’ communications, especially where the Rule explicitly prohibits ‘enforcing, or threatening to enforce’ such agreements.” The district court also denied the defendants' cross-motion for summary judgment stating that “the Court is still not persuaded that Rule 21F-17 exceeds the SEC’s rulemaking nor that it violates the First Amendment,” and concluded that the defendants’ conduct violated Rule 21F-17.
On November 22, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13224, as amended, against an individual it claims is acting as a financial facilitator for the Islamic State’s Khorasan Province (ISIS-K). According to OFAC, ISIS-K was previously designated as a Specially Designated Global Terrorist under E.O. 13224, and as a Foreign Terrorist Organization by the Department of State in 2016. The designated individual, OFAC stated, has provided support to ISIS-K’s Afghani operations “by facilitating international financial transactions that fund human trafficking networks and facilitating the movement of foreign fighters who seek to escalate tensions in Afghanistan and the region.” According to OFAC Director Andrea Gacki, this designation “underscores the United States’ determination to prevent ISIS-K and its members from exploiting the international financial system to support terrorist acts in Afghanistan and beyond.” OFAC’s action was handled in coordination with the Department of State, which designated three individuals as Specially Designated Global Terrorists for their roles as leaders of ISIS-K.
As a result, all property and interests in property belonging to the designated individual subject to U.S. jurisdiction are blocked, and any “entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons must be blocked and report to OFAC.” U.S. persons are generally prohibited from engaging in transactions with the designated individual unless authorized by a general or specific OFAC license or otherwise exempt. OFAC warned that the agency “can prohibit or impose strict conditions on the opening or maintaining in the United State[s] of a correspondent account or a payable-through account by a foreign financial institution that either knowingly conducted or facilitated any significant transaction on behalf of a Specially Designated Global Terrorist.” OFAC further noted that that engaging in certain transactions with the designated individual “entails risk of secondary sanctions pursuant to E.O. 13224, as amended.”
On November 16, the New York attorney general announced a settlement with an illegal debt collection scheme operation and its operator (collectively, “respondents”) to resolve allegations that the respondents used illegal tactics to collect consumer debt, which included false threats of criminal action, wage garnishment, driver’s license suspension, and lawsuits. According to the AG, the operator started his debt collection career collecting debts with a network of New York-based debt collectors that settled with the CFPB and New York AG in 2019 to resolve allegations that the defendants engaged in improper debt collection tactics in violation of the CFPA, the FDCPA, and various New York laws. (Covered by InfoBytes here.) Using different names, the operator allegedly continued to use deceptive and illegal threats to collect on consumer debts. In addition, the AG claimed the operator was a debt broker, “selling debts to and placing debts for collection with other collectors that engaged in egregious violations of the law.”
Under the terms of the settlement agreement, the respondents, among other things, must pay $1.2 million to the office of the AG in restitution and penalties and must dissolve all of the associated debt collection companies. The respondents are also permanently banned from engaging in consumer debt collection, consumer debt brokering, consumer lending, debt settlement, credit repair services, and payment processing.
On November 23, the FDIC, OCC, and Federal Reserve Board issued a joint statement summarizing a recent series of interagency “policy sprints” focused on crypto-assets. During the policy sprints, the agencies conducted preliminary analysis on issues related to banking organizations’ potential involvement in crypto-asset-related activities, and identified and assessed key risks related to safety and soundness, consumer protection and compliance. The agencies also, among other things, analyzed the applicability of existing regulations and guidance on this space and identified several areas where additional public clarity is needed. Throughout 2022, the agencies intend to provide greater clarity on whether certain crypto-asset-related activities conducted by banking organizations are legally permissible. The agencies also plan to expand upon their safety and soundness expectations related to: (i) crypto-asset safekeeping and traditional custody services; (ii) ancillary custody services; (iii) facilitation of customer purchases and the sale of crypto-assets; (iv) loans collateralized by crypto-assets; (v) issuance and distribution of “stablecoins”; and (vi) activities involving a bank’s holding of crypto-assets on its balance sheet. The joint statement, which does not alter any current regulations, also states that the agencies plan to “evaluate the application of bank capital and liquidity standards to crypto-assets for activities involving U.S. banking organizations” and that the agencies will continue to monitor developments in this space as the market evolves.
On November 23, the OCC sent banks a reminder that they are generally prohibited from making most equity investments in venture capital funds. The bulletin warned that simply because an investment in a fund qualifies for the venture capital fund exclusion under the Volcker Rule, it does not mean the fund is a permissible investment for a national bank, federal savings association, or federal branch and agency of a foreign bank. Prior to investing in a venture capital fund, banks must make a determination as to whether the investment is permissible and appropriate for the bank. The OCC reminded banks that engaging in impermissible and inappropriate investments may expose a bank and its institution-affiliated parties to enforcement actions and civil money penalties. Additionally, national bank directors may be held personally liable for losses attributed to impermissible investments. The OCC noted, however, that equity investments in venture capital funds may be allowed provided they are public welfare investments or investments in small business investment companies.
On November 22, the CFPB filed its seventh status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February 2020 with a group of plaintiffs, including the California Reinvestment Coalition, related to the collection of small business lending data. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The newest status report states that the Bureau has met its deadlines under the stipulated settlement, which included issuing its long-awaited proposed rule (NPRM) in September. As covered by a Buckley Special Alert, the NPRM would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. This information would be reported annually to the Bureau and published by the Bureau on its website. Comments on the NPRM are due January 6, 2022. Among other things, the Bureau notes in its status report that once the Section 1071 NPRM comment period concludes, it will meet and confer with plaintiffs to discuss an “appropriate deadline” for issuing the final rule, consistent with the stipulated settlement.
Find continuing Section 1071 coverage here.
On November 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC issued three orders consisting of “one Order to Pay Civil Money Penalty, one Consent Order, and one Section 19 Order.” Among the orders is a civil money penalty imposed against an Arkansas-based bank based on allegations of deceptive practices related to misrepresenting the availability of Veterans Administration refinance loan terms. The bank, which did not admit or deny the violations, agreed to pay a $129,800 civil money penalty.