InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Payment processor fined $75k, partner owes $243M in CFPB suit
On July 31, the District Court for the Central District of California entered judgment in favor of the court-appointed receiver for defendants against the non-party provider of payment processing and escrow services to defendants and its managing member in the amount of $75,000, following a July 10 order requiring defendant to pay $243 million in redress and civil penalties. These judgments were entered in connection with the lawsuit filed by the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, against a student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees (covered by InfoBytes here).
The defendant companies and one of the controlling business partners settled in 2020, but the court ordered the remaining controlling business partner to pay $243 million in redress and civil penalties earlier in July based on his involvement in violating various laws through the operation, including the TSR and the CFPA. Of the $243 million, the CFPB is entitled to over $95 million as redress for unlawful fees paid by consumers affected by the student loan debt relief operation and nearly $148 million of civil money penalties, and Minnesota, North Carolina, and California are each entitled to $5,000 of civil money penalties. The recent judgment of $75,000 entered against the non-party payment processing service provider resulted from the settlement of a separate lawsuit alleging that the service provider facilitated the fraud perpetuated by the defendants in the student loan debt relief operation and later attempted to deceptively transfer consumer funds held by defendants to avoid their transfer to the receiver.
Judge grants MSJ in class action over disputed debt investigation
On July 28, the U.S. District Court for the Southern District of Alabama granted summary judgment in favor of a defendant third-party debt collector in an FCRA and FDCPA putative class action, holding that the defendant carried out a reasonable investigation following plaintiff’s dispute of the debt it had reported to credit reporting agencies (CRAs) and that the plaintiff failed to establish that the defendant knew or should have known that the debt was inaccurate or invalid. Defendant entered into an asset purchase agreement with another third-party debt collector and reported debts to credit reporting agencies under the name of the non-defendant third-party debt collector, including an account erroneously associated with plaintiff. When defendant received notice that plaintiff disputed the erroneous account information, defendant verified the account information in its system and provided by the CRA, asked the creditor to provide account documentation, and then requested that the CRAs delete their reporting of the account once the creditor failed to provide account documentation within the requested thirty-day period.
In relation to the FCRA claim, the court found that the defendant “did everything required by the FCRA in response to Plaintiff’s dispute” such that the plaintiff “failed to establish how this investigation was not reasonable” or in violation of the FCRA. The court also found that plaintiff “failed to show that any different result would have occurred had [defendant] conducted any part of its investigation differently.” Finally, plaintiff’s claim failed as a matter of law concerning defendant’s initial report of the debt to the CRAs because the defendant was not required under the FCRA to “investigate the validity of a debt before commencing to report on that account to the CRAs.” While the defendant was prohibited from reporting inaccurate consumer information, no private cause of action exists for violations of this initial reporting provision of the FCRA.
For the FDCPA claim, the court held that the plaintiff failed to establish that the defendant had knowledge that the debt it reported was not accurate or was otherwise disputed or invalid. Because the CFPB passed Regulation F in November 2021, after the events at question in this litigation, furnishing information regarding a debt to a CRA before communication with plaintiff was not unlawful at that time. Finally, the court found that plaintiff failed to timely assert that defendant violated the FDCPA provision prohibiting false, deceptive, or misleading representation by using the non-defendant third-party debt collector’s name when reporting the account to the CRAs because this allegation was not present in plaintiff’s complaint.
Tenant screening company subject to FHA
On July 26, a federal judge in the U.S. District Court for the District of Massachusetts ruled that a tenant screening algorithm is subject to the Fair Housing Act, including the FHA's ban on racial discrimination in housing. The court held that even though the company is not itself is not a landlord, as property owners allegedly relied solely on the company's decisions to deny prospective renters' applications, the company was effectively granting it authority to make housing decisions.
Plaintiffs alleged in an amended complaint that a tenant-screening service operated by the defendants violated the Fair Housing Act, 42 U.S.C. § 3604 and Massachusetts anti-discrimination and consumer protection laws. The Plaintiffs claimed that the services discriminate against holders of rental vouchers and applicants of certain races and income classes, in violation of the FHA, resulting in less housing availability, less favorable terms and conditions in rental agreements, and discriminatory provision of services in connection with housing, in each case based on race and national origin.
Defendants, in their respective motions to dismiss, argued that the FHA does not apply to a tenant-screening service, such as the defendant, because the service does not “make housing decisions.” In denying the motion to dismiss on this count, the court reasoned that the FHA provisions do not limit liability to people or entities that “make housing decisions” but rather “focuses on prohibited acts,” and reiterated that the Supreme Court has already held that “language of the Act is broad and inclusive.” The court observed that while housing providers are the typical target of FHA claims, other entities are often held liable under the Act. The court reasoned that the application of the FHA “beyond direct housing providers” is a “logical extension[] which effectuate[s] the purpose of the FHA,” as “a housing provider could simply use an intermediary to take discriminatory and prohibited actions on its behalf and defeat the purpose of the FHA.”
Massachusetts antidiscrimination laws, among other things, make it unlawful to discriminate in the “terms, conditions, or privileges” of the sale or rental of housing or provision of such services “to aid, abet, incite, compel or coerce the doing of any of the acts forbidden under this chapter,” which includes Sections 4(6) and 4(10). Plaintiffs allege that the discriminatory rental application process was facilitated by the tenant score produced by the defendants. The court held that the chapter is construed broadly and reiterated the Massachusetts Supreme Court finding that defendants who play a role in the tenant selection process may be held liable under certain sections even if they only “aid[ed] or abet[ted]” a violation of Section 4(10). As such, the court held that the plaintiff’s claims for disparate impact discrimination for race or source of income under both FHA and Massachusetts antidiscrimination laws were sufficient to survive the motion to dismiss.
Agencies update guidance on liquidity risks and contingency planning
On July 28, the OCC, FDIC, NCUA and Fed issued an addendum to the Interagency Policy Statement on Funding and Liquidity Risk Management, issued in 2010. The update on liquidity risks and contingency planning emphasizes that depository institutions should regularly evaluate and update their contingency funding plans, referencing the unprecedented deposit outflows resulting from the early 2023 bank failures. According to the addendum, depository institutions should assess the stability of their funding, keep a range of funding sources, and regularly test any contingency borrowing lines in order to prepare staff in the case of adverse circumstances. Additionally, the addendum states that if contingency funding arrangements include discount windows, the depository institutions should ensure they can borrow from the discount window by (i) establishing borrowing arrangements; (ii) confirming that collateral is available to borrow in an appropriate amount; (iii) conduct small value transactions regularly to create familiarity with discount window operations; (iv) establish familiarity with the pledging process for collateral types; and (v) be aware that pre-pledging collateral can be useful in case liquidity needs arise quickly. The agencies also state that federal and state-chartered credit unions can access the Central Liquidity Facility, which provides a contingent federally sourced backup liquidity where a credit union’s liquidity and market funding sources prove inadequate.
Biden Administration to improve small business loan program
On August 1, the SBA announced implementation of additional policies aimed at expanding small business’ access to capital by modernizing SBA’s signature 7(a) and 504 Loan Programs. The new simplified guidelines for lenders include updated origination policies and procedures, lender participation requirements, and 7(a) loan servicing and liquidation requirements. SBA has also clarified affiliation standards to effectively communicate who qualifies for SBA loans, will use technology updates to bring eligibility determinations in-house, and will also use advanced data analytics and third-party data checks for fraud review on all loan programs before approval.
The following three SBA SOPs took effect on August 1, bringing many of the new policies into practice:
- SOP 50 10 7: Lender and Development Company Loan Programs: Contains SBA’s policies and procedures governing the 7(a) and 504 loan programs.
- SOP 50 56: Lender participation requirements: Contains the criteria for becoming an SBA Lender.
- SOP 50 57: 7(a) Loan Servicing and Liquidation: Contains the policies and procedures for 7(a) loan servicing and liquidation.
Finally, the SBA will begin accepting the Universal Purchase Package, a new feature that is expected to streamline the process for lenders to request SBA honor its loan guaranty. SBA will also introduce new features in E-TRAN, SBA’s online platform used by lenders to upload loan applications.
Biden Administration, agencies take action to protect renters
On July 27, the Biden administration released a fact sheet detailing new actions to develop the Blueprint for a Renters Bill of Rights, which was rolled out early this year (covered by InfoBytes here). The three new actions aim to support renters by (i) “ensuring all renters have an opportunity to address incorrect tenant screening reports”; (ii) “providing new funding to support tenant organizing efforts”; and (iii) “ensuring that renters are given fair notice in advance of eviction.” Additionally, the CFPB, USDA, FHFA, and HUD concurrently released statements aimed at landlords, reminding them of “best practices” and their obligation to inform tenants of their rights.
FHFA published Director Sandra L. Thompson’s statement on “best practices” for the delivery of adverse action notices to renters by GSE-backed multifamily housing borrowers. Referencing research showing that tenant screening reports often contain imprecise or inaccurate information, Director Thompson “strongly encouraged” borrowers who deny a rental application to provide written adverse action notices to the applicants and a copy of any consumer screening report that was relied upon. FHFA’s guidance is based on the FCRA’s requirement that landlords and property managers inform rental applicants of negative information from a consumer screening report that resulted in their rental application being rejected or another unfavorable outcome.
The CFPB posted a blog entry that emphasized landlords’ obligation under the FCRA adverse action notice requirement, which mandates that landlords who take any action against a current or prospective tenant based on a consumer report notify the tenant of the decision and how they can contact the company that created the report. The Bureau advised that renters have the right to review their rental background check report and to dispute information they believe to be inaccurate and encouraged tenants to obtain a free copy of the report from the company that compiled it and dispute any errors (covered by InfoBytes here).
In conjunction with the White House press release, HUD announced it is taking multiple actions to improve rental screening transparency and support renters. It is sending reminders to public housing agencies and property owners about their obligation to inform rejected applicants about reasons for their denial, which provides renters with the opportunity to correct any errors. Additionally, HUD is providing $10 million for tenant education and outreach in Section 8 program properties to assist tenants with “capacity building efforts” for engagement with property management. Furthermore, HUD will issue a proposed rule requiring a 30-day written notification for evictions due to nonpayment of rent in certain subsidized housing.
Also mentioned was the recent White House announcement of actions it is taking to combat “unfair and hidden fees” concerning rental housing (covered by InfoBytes here).
FCC fines companies $20M for insufficient consumer data security measures
On July 28, the FCC announced a proposed fine of $20 million for two affiliated mobile carrier companies over alleged violations of FCC rules. The Commission alleged that the companies failed to protect the privacy and security of subscribers’ personal data by violating three provisions of section 64.2010 of FCC rules, which requires carriers to authenticate customers’ identity before providing online access to their network information. The alleged violations included relying on readily available information to control access to the network information, failing to establish “reasonable” data security standards. FCC Chairwoman Jessica Rosenworcel cited such failures to protect consumers’ privacy to underpin the importance of the FCC’s newly established Privacy and Data Protection Task Force (covered by InfoBytes here). The proposed sanctions are not final, and the companies will have an opportunity to respond.
CSBS announces Nonbank Model Data Security Law
The Conference of State Bank Supervisors (CSBS) recently released a comprehensive framework for safeguarding sensitive information held at nonbank financial institutions. CSBS’s Nonbank Model Data Security Law is largely based on the FTC’s updated Safeguards Rule, which added specific criteria for financial institutions and other entities, such as mortgage brokers, motor vehicle dealers, and payday lenders, to undertake when conducting risk assessments and implementing information security programs. (Covered by InfoBytes here.) Adopting the Nonbank Model Data Security Law allows for a streamlined and efficient approach to data security regulations for nonbank financial institutions, CSBS explained, adding that by leveraging the existing Safeguards Rule’s applicability to state covered nonbanks, the model law imposes minimal additional compliance burdens and ensures smoother implementation for financial institutions. States can also choose an alternative approach by requiring nonbank financial institutions to conform to the Safeguards Rule, CSBS said.
The Nonbank Model Data Security Law outlines numerous provisions, which are intended to protect customer information, mitigate cyber threats, and foster a secure financial ecosystem. These include standards for safeguarding customer information, required elements that must be included in a nonbank financial institution’s information security program, and an optional section that requires entities to notify the commissioner in the wake of a security event. CSBS noted that because “the proposed rule on notification requirements for the FTC Safeguards Rule is still pending, the model law allows each state to establish their own customer threshold number, providing flexibility in determining the extent of impact that triggers the notification obligation.” CSBS also provided a list of resources for adopting the Nonbank Model Data Security Law.
California AG warns against unlawful employer-driven debt arrangements
On July 25, California Attorney General Rob Bonta issued a Legal Alert to remind all employers of state-law restrictions on employer-driven debt. Bonta highlighted concerns about employers engaging in exploitative practices that lead to employees accumulating debts as a result of their employment. (Also covered by InfoBytes here). Such practices may include employers withholding wages, failing to reimburse necessary expenses, or charging fees that are unlawful under California labor laws.
The alert outlines that employer-driven debt arrangements may violate California Labor Code section 2802, “which mandates that employers ‘indemnify employees for all necessary expenditures or losses incurred by the employee in direct consequence of the discharge of his or her duties.’” Regarding job training, the alert mentions that California law forbids employers from making workers repay training costs, except in two cases: (i) when the training is necessary for legally practicing the profession, and (ii) when the worker voluntarily undertakes the training, not due to employer mandate. The alert warns companies that engage in exploitative practices that the protections established in the Labor Code cannot be waived by contract. The alert also states that such practices risk violating the state’s Rosenthal Fair Debt Collection Practices Act, which “prohibits an employer or its agent from engaging in unfair or deceptive acts or practices when attempting to collect on employer-driven debt.” Finally, the alert notes that if an employer takes advantage of a worker’s lack of information or knowledge about the risks or costs of the debt, they may violate the California Consumer Financial Protection Law.
Supreme Court of New York: FDCPA does not require collectors to explain how debt is acquired
On July 19, the Supreme Court of the State of New York filed an order granting defendants’ motion for summary judgment, ruling that the FDCPA does not require debt collectors to provide debtors with proof of how they came to acquire the debt from the original creditor. One of the defendants purchased plaintiff’s defaulted credit card debt, which was placed with the second defendant for collection. The second defendant sent plaintiff a collection letter that identified the original creditor, along with the last four digits of the account number and identified the current creditor by name. Plaintiff sued, alleging violations of several sections of the FDCPA, claiming the letter was “false, deceptive, and misleading” because he never entered into a transaction with the current creditor and that the defendants reported the alleged debt to the credit reporting agencies. Plaintiff also maintained that prior to filing the lawsuit, he sought to validate the alleged debt but that neither defendant provided information sufficient to establish the current creditor’s ownership of the debt. Defendants filed for summary judgment seeking dismissal of plaintiff’s claims. In granting the motion, the court held that nothing in the FDCPA requires debt collectors “to educate the debtor ‘with proof, or at least a narrative, as to how it came to acquire the debt from [the] original creditor,’” and that the statute does not require plaintiffs to be notified when their debt is sold.