Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 6, the Indiana Attorney General announced a lawsuit filed against a national credit reporting agency in response to its 2017 data breach, alleging the company “chose increasing revenue over protecting the safety of consumers’ sensitive personal information.” According to the complaint, the state alleges the company violated the Indiana Deceptive Consumer Sales Act by failing to secure 3.9 million residents’ personal data while representing to consumers that its payment systems were compliant with Payment Card Industry (PCI) standards. The complaint alleges among other things that the company “knew the system was storing payment card information in clear text, which was a known violation of the [PCI standard]” and “[d]espite its knowledge, … made a conscious choice to break the rules.” Indiana is seeking civil penalties, consumer restitution, costs and injunctive relief.
On March 5, the U.S. District Court for the Northern District of Ohio denied a debt buyer’s motion to dismiss a consumer action alleging the company violated the FDCPA and the Ohio Consumer Sales Practices Act (OCSPA) by requesting a credit reporting agency account review after the alleged debt had been discharged in bankruptcy. According to the opinion, the consumer’s debts were discharged in November 2017 after a Chapter 7 bankruptcy, and in December 2017, the company requested an account review through a credit reporting agency for collection purposes. The consumer alleges the company violated the FDCPA and the OCSPA because the company could not legally collect on a debt that had already been discharged in bankruptcy. The company moved to dismiss the action arguing it was not a debt collector under the FDCPA nor was it a “supplier” under the OCSPA, but rather is merely a “passive debt purchaser” and only reviewed the report but took no further action, which does not qualify as collection conduct. The court disagreed, noting that it must accept the consumer’s allegations as true at this stage, and determined the allegations plausibly support her claim that the company is a debt collector under the FDCPA. Moreover, the court acknowledged that while the company only sought to receive information from the credit reporting agency, it did convey that the contact was for the purposes of collection. Therefore, the allegations by the consumer that the company violated the FDCPA for representing a debt was for collection when it was previously discharged were sufficient to survive the motion. As for the OCSPA, the court found that the company’s activities may effect consumer transactions, which makes it plausible that the company is a “supplier” under the statute.
On February 21, Maxine Waters released a discussion draft version of the “Comprehensive Consumer Credit Reporting Reform Act of 2019,” which would significantly amend the FCRA. The draft legislative proposal was released as supporting material for the February 26 House Financial Services Committee hearing titled, “Who's Keeping Score? Holding Credit Bureaus Accountable and Repairing a Broken System.” The CEOs of the three major credit reporting agencies and a panel of officials from major consumer groups testified at the hearing.
The draft bill— versions of which Waters has also introduced in previous Congressional sessions—includes (i) significant changes to the dispute process, such as allowing consumers to appeal determinations; (ii) banning the use of credit information for certain employment decisions; (iii) removing adverse information for certain private education loan borrowers who demonstrate positive payment history; (iv) shortening the time period that most adverse credit information stays on a credit report from seven to four years; and (v) establishing federal oversight over the development of credit scoring models.
On February 19, the U.S. District Court for the District of Maryland denied a bank’s renewed motion to dismiss FCRA claims by a consumer alleging the bank accessed his credit report without a permissible purpose. Specifically, the consumer alleged his credit report included two credit inquires by the bank for “promotional” purposes but that he never received any offers of credit from the bank. According to the consumer, a bank representative told him to dispute the “illegitimate” credit inquiry with the credit reporting agency, and so he filed suit. The bank moved to dismiss, arguing the facts allegedly failed to establish the bank obtained the credit report without a permissible purpose. The court, however, held that the consumer’s allegations that he did not receive an offer of credit and that a representative advised him the inquiry was illegitimate were sufficient to establish—at the motion to dismiss stage—that no firm offer of credit was extended. In response to the bank’s argument that the consumer’s alleged emotional distress damages based on “invasion of privacy” were implausible—because they would have occurred whether or not there was a permissible purpose for the credit pull—the court noted that unauthorized credit disclosures have been “long seen as injurious,” and that the bank cannot attack the harm experienced by the consumer simply because the “harm would still have existed if [the bank] had acted lawfully.”
On February 8, the U.S. District Court for the Western District of North Carolina dismissed a consumer’s state law claims under the North Carolina Unfair and Deceptive Trade Practices Act and civil conspiracy claims because they were preempted by the FCRA. According to the opinion, which affirmed and adopted a Magistrate Judge’s recommendation, and also allowed the consumer’s FDCPA claims to proceed, the consumer alleged the furnisher improperly filed delinquencies on his credit report, wrongfully refused to remove the delinquencies, and improperly handled the investigation of his claims. The consumer had objected to the Magistrate’s conclusions with regard to the state law claims, arguing that the FCRA preemption was not applicable because the unfair and deceptive conduct occurred after the furnisher allegedly reported inaccurate information to the credit bureaus. The district court rejected this argument, concluding that the state law claims “run  into the teeth of the FCRA preemption provision” and are “squarely preempted” by the federal statute.
On February 7, the U.S. Court of Appeals for the 7th Circuit held that arithmetic does not affect a debt’s “character” under the FDCPA, reversing the district court’s judgment against a debt collector. A debt collector reported to a credit bureau that the debtor had nine unpaid bills of $60, rather than one aggregate debt of $540. The debtor filed suit, arguing that the debt collector violated the FDCPA’s prohibition on making a “false representation” about “the character, amount, or legal status of any debt.” The district court agreed with the debtor, determining that the debt collector should have reported the amount in the aggregate and imposing a $1,000 penalty for the violation.
On appeal, the 7th Circuit noted a lack of authoritative or persuasive guidance discussing whether aggregation of all amounts owed to a creditor “concerns the ‘character’ of a debt” under the FDCPA. The appeals court concluded that the number of specific transactions between a debtor and a creditor “does not affect the genesis, nature, or priority of the debt” and, therefore, does not concern its character. Moreover, the court noted that “‘amount’ rather than the word ‘character’ is what governs reporting the debt’s size”; otherwise, there would be no distinction in the FDCPA’s prohibition on false representations about the “character, amount, or legal status” of a debt. Because it was undisputed that the debtor incurred nine debts of $60 each to a single creditor, the debt collector did not misstate the “character” of the debt under the FDCPA.
Regulators encourage financial institutions to work with borrowers impacted by government shutdown; FHA also issues shutdown guidance
On January 11, the Federal Reserve Board, CSBS, CFPB, FDIC, NCUA, and OCC (together, the “Agencies”) released a joint statement (see also FDIC FIL-1-2019) to encourage financial institutions to work with consumers impacted by the federal government shutdown. According to the Agencies, borrowers may face temporary hardships when making payments on mortgages, student loans, auto loans, business loans, or credit cards. FDIC FIL-1-2019 states that prudent workout arrangements, such as extending new credit, waiving fees, easing limits on credit cards, allowing deferred or skipped payments, modifying existing loan terms, and delaying delinquency notice submissions to credit bureaus, will not be subject to examiner criticism provided the efforts are “consistent with safe-and-sound lending practices.”
Separately, on January 8, Federal Housing Administration (FHA) Commissioner Brian Montgomery issued a letter regarding the shutdown reminding FHA-approved lenders and mortgagees of their ongoing obligation to offer special forbearance to borrowers experiencing loss of income and to evaluate borrowers for available loss mitigation options to prevent foreclosures. In addition, FHA also encourages mortgagees and lenders to waive late fees and suspend credit reporting on affected borrowers.
On January 8, the U.S. District Court for the Northern District of Illinois denied a bank’s motion to dismiss claims that it had obtained a credit report without a permissible purpose, ruling that the allegations rise above a mere procedural violation of the FCRA. According to the opinion, the consumer alleged that the bank accessed her credit report and obtained personal information, including current and past addresses, birth date, employment history, and telephone numbers, without having a personal business relationship, information to suggest the consumer owed the debt, or receiving consent for the release of the report. The bank argued that the consumer’s claim was only a “bare procedural violation” and not a concrete injury in fact as required under the U.S. Supreme Court’s 2016 ruling in Spokeo v. Robins (covered by a Buckley Sandler Special Alert). However, the court determined that the consumer’s allegation that the invasion of privacy, which occurred when the bank accessed her credit report from a consumer reporting agency without receiving consent and with no legitimate business reason to do so, “adequately alleges a concrete injury sufficient to confer standing.”
On November 21, the CFPB released the latest quarterly consumer credit trends report, which examines how natural disasters affect consumers’ credit reports based on a sample of approximately 5 million credit records. The report notes that while financial institutions are not required to report natural disaster assistance information, in 2017, about 8.3 percent of consumer credit reports included information in a special comment code labeled “affected by natural or declared disasters,” which the CFPB states is similar to the Federal Emergency Management Agency’s estimate that roughly 8 percent of U.S. residents were affected by natural disasters in 2017. Additionally, the report summarizes the natural disaster reporting trends for consumers in the Greater Houston area affected by Hurricane Harvey. Highlights of the report include (i) almost 40 percent of consumers with a credit report in the Greater Houston area received a comment code regarding the hurricane after it hit; (ii) the most common type of tradeline to receive a natural disaster comment code are mortgage loans; and (iii) accounts that received the natural disaster comment code are associated with higher rates of delinquency prior to Hurricane Harvey.
On September 19, Freddie Mac released Guide Bulletin 2018-15, which announces selling updates, including revisions to requirements for authorized user accounts and super conforming mortgages. Specifically, when reviewing a borrower’s credit report for tradelines where a borrower is listed as an authorized user but is not the primary account holder, sellers only have to meet additional documentation requirements if they receive a feedback message containing further instructions. These changes are effective for submissions and resubmissions made on or after October 4. The Bulletin also states that effective for mortgages settled on or after December 19, Freddie Mac will no longer require the manual underwriting of super conforming mortgages with original loan amounts greater than $1 million.
Additionally, starting October 15, enhancements to the automated cash specified payups process will take effect, which will, among other things, “include cash payups for fixed-rate [m]ortgages with certain specified loan attributes.” The Bulletin also eliminates the requirement for sellers to obtain additional documentation or evaluate the income or loss from secondary self-employment when none of this income is used for mortgage qualification purposes. Furthermore, as of September 9, as previously covered in InfoBytes, Bulletin 2018-13 updated the required time frame for evaluating credit report inquiries; it has been reduced from 120 days to 90 days.
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: The CFPB’s proposed debt collection rule
- Buckley Webcast: Trends in e-discovery technology and case law
- Brandy A. Hood to discuss "What the flood? Don’t get washed away by a flood of changes" at the American Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Mitigating the risks of banking high risk customers" at the American Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano, Kari K. Hall, Brandy A. Hood, and H Joshua Kotin to discuss "Regulations that matter in a deregulatory environment" at the American Bankers Association Regulatory Compliance Conference Power Hour
- Buckley Webcast: Data breach litigation and biometric legislation
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium