Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court: Failure to investigate duplicate reporting dispute could violate the FCRA
On March 10, the U.S. District Court for the Southern District of Illinois ruled a defendant credit union failed to properly report an individual’s debt to a consumer reporting agency or investigate his dispute. Plaintiff obtained a credit card from the defendant but fell behind on his payments. After his account was later sent to a third-party collection agency, the plaintiff obtained a copy of his credit report where he noticed that his credit card debt was listed twice—once as a “individual” and “revolving” account with a balance of $10,145, and another time as an “open” collections account with a different balance. Plaintiff sent identical dispute letters to the three major credit reporting agencies (CRAs), acknowledging the delinquent credit card but expressing confusion as to why the account was listed twice. He submitted additional similar disputes with the CRAs, claiming that the error caused him to be denied the opportunity to rent an apartment and made it difficult for him to obtain a mortgage. During discovery, two corporate witnesses testified on behalf of the defendant—one of whom is responsible for reviewing consumer credit disputes and verified the information being reported was accurate. A second witness also testified that while the defendant understood that the plaintiff was alleging inaccuracies due to the debt being reported twice, it chose to focus its investigation on verifying that the information in the plaintiff’s credit report matched the information in its internal system.
In denying the defendant’s motion for summary judgment, the court noted that while the U.S. Court of Appeals for the Seventh Circuit “has not decided whether double-reporting of a single debt on a credit report is an FCRA violation, district courts across the country have found that whether the practice is misleading and violates the FCRA is an issue of fact.” The court explained that an issue of fact exists as to whether double reporting the debt created a misleading impression that the plaintiff has two separate debts totaling $22,000 rather than a single debt of roughly $10,000. Moreover, even though the plaintiff’s dispute contained the message “duplicate,” the defendant did not address this issue nor did it request that a change be made to the plaintiff’s credit report. “A jury could reasonably conclude  that [defendant’s] investigation was inadequate under the FCRA,” the court wrote. “[W]hether [defendant’s] investigation or protocol may qualify as a willful violation giving rise to statutory or punitive damages is an issue for a jury as well.”
DOJ, CFPB: Lenders that rely on discriminatory appraisals violate the FHA and ECOA
On March 13, the DOJ and CFPB filed a statement of interest saying that a “lender violates both the [Fair Housing Act (FHA)] and ECOA if it relies on an appraisal that it knows or should know to be discriminatory.” (See also CFPB blog post here.) Pointing out that the case raises important legal questions regarding the issue of appraisal bias, the agencies explained that the DOJ has enforcement authority under both the FHA and ECOA, and the Bureau has authority to interpret and issue rules under ECOA and enforce the statute’s requirements.
The case, which is currently pending in the U.S. District Court for the District of Maryland, concerns whether an appraiser, a real estate appraisal company, and an online mortgage lender (collectively, “defendants”) violated federal and state law by undervaluing plaintiffs’ home on the basis of race and denying a mortgage refinancing application based on the appraisal. Plaintiffs, who are Black, claimed their home was appraised for a lower amount on the basis of race, and maintained that the lender denied their loan even after being told the appraisal was discriminatory. Additionally, plaintiffs claimed that after they replaced family photos with pictures of white people and had a white colleague meet a new appraiser, that appraiser appraised the house for $750,000—a nearly 60 percent increase despite there not being any significant improvements made to the house or meaningful appreciation in the value of comparable homes in the market.
The defendant appraiser filed a counterclaim against the plaintiffs providing technical arguments for why he valued the home at $472,000, including that the property next door was listed for $500,000, but was later reduced to $475,000, only 10 days after he completed the appraisal. He further claimed that the second appraisal failed to include that property as a comparison and relied on home sales that had not happened as of the time of the first appraisal. The lender argued that it should not be held liable because it was relying on a third-party appraiser and that “it can be liable only if it took discriminatory actions that were entirely separate from [the appraiser’s].”
While the statement does not address the issue of vicarious liability, the DOJ and CFPB asserted that lenders can be held liable under the FHA and ECOA for relying on discriminatory appraisals. They explained that it is “well-established that a lender is liable if it relies on an appraisal that it knows or should know to be discriminatory.” The statement also provided that for disparate treatment claims under the FHA and ECOA, “plaintiffs need only plead facts that plausibly allege discriminatory intent.” The agencies also argued that a violation of Section 3617 of the FHA (which includes “a prohibition against retaliating in response to the exercise of fair housing rights”) “does not require a ‘predicate violation’ of the FHA.
District Court approves $1.75 million data breach settlement
On March 3, the U.S. District Court for the Central District of California granted final approval of a $1.75 million class action settlement resolving allegations related to a 2020 data breach that compromised nearly 100,000 individuals’ personally identifiable information, including financial information, social security numbers, health records, and other personal data. The affected individuals are students, parents, and guardians who were enrolled in a system used to manage student data in a California school district. According to class members, by failing to adequately safeguard users’ login credentials and by failing to timely notify individuals of the breach, the company violated, among other things, California’s unfair competition law, the California Customer Records Act, and the California Consumer Privacy Act.
Under the terms of the settlement, the company is required to pay a non-reversionary settlement amount of $1.75 million, which will be used to compensate class members and pay for attorney fees and costs, service awards, and administrative expenses. Additionally, as outlined in the motion for preliminary approval of the class action settlement, class members are eligible to submit claims for “ordinary losses” (capped at $1,000 per person), as well as “extraordinary losses” (capped at $10,000 per person). Ordinary losses include expenses such as bank fees, long distance phone charges, certain cell phone charges, postage, gasoline for local travel, “[f]ees for additional credit reports, credit monitoring, or other identity theft insurance products,” and up to 40 hours of time, at $25/hour, for at least one full hour used to deal with the data breach. Extraordinary losses are described as those “arising from financial fraud or identity theft” where the “loss is an actual, documented, and unreimbursed monetary loss” and is “fairly traceable to the data breach” and not already covered by another reimbursement category. Class members must also show that they made “reasonable efforts to avoid, or seek reimbursement for, the loss.” All class members will be offered 12 months of credit monitoring and identity theft protection at no cost, and the company will implement “information security enhancements” to prevent future occurrences.
Online lender asks Supreme Court to review ALJ ruling
A Delaware-based online payday lender and its founder and CEO (collectively, “petitioners”) recently submitted a petition for a writ of certiorari challenging the U.S. Court of Appeals for the Tenth Circuit’s affirmation of a CFPB administrative ruling related to alleged violations of the Consumer Financial Protection Act (CFPA), TILA, and EFTA. The petitioners asked the Court to first review whether the high court’s ruling in Lucia v. SEC, which “instructed that an agency must hold a ‘new hearing’ before a new and properly appointed official in order to cure an Appointments Clause violation” (covered by InfoBytes here), meant that a CFPB administrative law judge (ALJ) could “conduct a cold review of the paper record of the first, tainted hearing, without any additional discovery or new testimony.” Or, the petitioners asked, did the Court intend for the agency to actually conduct a new hearing. The petitioners also asked the Court to consider whether an agency funding structure that circumvents the Constitution’s Appropriations Clause violates the separation of powers so as to invalidate prior agency actions promulgated at a time when the Bureau was receiving such funding.
The case involves a challenge to a 2015 administrative action that alleged the petitioners engaged in unfair or deceptive acts or practices when making short-term loans (covered by InfoBytes here). The Bureau’s order required the petitioners to pay $38.4 million as both legal and equitable restitution, along with $8.1 million in penalties for the company and $5.4 million in penalties for the CEO. As previously covered by InfoBytes, between 2018 and 2021, the Court issued four decisions, including Lucia, which “bore on the Bureau’s enforcement activity in this case” by “deciding fundamental issues related to the Bureau’s constitutional authority to act” and appoint ALJs. During this time, two different ALJs decided the present case years apart, with their recommendations separately appealed to the Bureau’s director. The director upheld the decision by the second ALJ and ordered the lender and its owner to pay the restitution. A district court issued a final order upholding the award, which the petitioners appealed, arguing, among other things, that the enforcement action violated their due-process rights by denying the CEO additional discovery concerning the statute of limitations. The petitioners claimed that they were entitled to a “new hearing” under Lucia, and that the second administrative hearing did not rise to the level of due process prescribed in that case.
However, the 10th Circuit affirmed the district court’s $38.4 million restitution award, rejecting the petitioners’ various challenges and affirming the director’s order. The 10th Circuit determined that there was “no support for a bright-line rule against de novo review of a previous administrative hearing,” nor did it see a reason for a more extensive hearing. Moreover, the petitioners “had a full opportunity to present their case in the first proceeding,” the 10th Circuit wrote.
The petitioners maintained that “[d]espite the Court’s clear instruction to hold a ‘new hearing,’ ALJs and courts have reached divergent conclusions as to what Lucia requires, expressing confusion and frustration regarding the lack of guidance.” What it means to hold a “new hearing” runs “the gamut,” the petitioners wrote, pointing out that while some ALJs perform a full redo of the proceedings, others merely accept a prior decision based on a cold review of the paper record. The petitioners argued that they should have been provided a true de novo hearing with an opportunity for new testimony, evidence, discovery, and legal arguments. The rehearing from the new ALJ was little more than a perfunctory “paper review,” the petitioners wrote.
Petitioners asked the Court to grant the petition for three reasons: (i) “the scope of Lucia’s ‘new hearing’ remedy is an important and apparently unsettled question of federal law”; (ii) “the notion Lucia does not require a genuinely ‘new’ de novo proceeding is necessarily wrong because a sham ‘remedy’ provides parties no incentive to litigate Appointments Clause challenges”; and (iii) the case “is an ideal vehicle to provide guidance on Lucia’s ‘new hearing’ remedy.” The petitioners further argued that “Lucia’s remedy should provide parties an incentive to raise separation of powers arguments by providing them actual and meaningful relief.”
The petitioners’ second question involves whether Appropriations Clause violations that render an agency’s funding structure unconstitutional, if upheld, invalidate agency actions taken under such a structure. The petitioners called this “an important, unsettled question of federal law meriting the Court’s review,” citing splits between the Circuits over the constitutionality of the Bureau’s funding structure which has resulted in uncertainty for both regulators and regulated parties. Recently, the Court granted the Bureau’s request to review the 5th Circuit’s decision in CFSAA v. CFPB, which held that Congress violated the Appropriations Clause when it created what the 5th Circuit described as a “perpetual self-directed, double-insulated funding structure” for the agency (covered by InfoBytes here).
6th Circuit: Each alleged FDCPA violation carries its own statute of limitations
On March 1, the U.S. Court of Appeals for the Sixth Circuit reversed the dismissal of a debt collection action, holding that every alleged violation of the FDCPA has its own statute of limitations. According to the opinion, the plaintiff financed a furniture purchase through a retail installment contract. While making payments on the contract, the company purportedly sold the debt to a third party. After the plaintiff defaulted on the debt, the third party—through the defendant attorney—sued the plaintiff in state court to recover the unpaid debt and attorney’s fees. After the third party eventually voluntarily dismissed the suit due to questions of whether the debt transfer was valid, the plaintiff sued the attorney for violating the FDCPA, alleging the defendant doctored the retail installment contract (RIC) to make it appear as if the debt assignment was legal. The defendant moved to dismiss the complaint as time-barred by the FDCPA’s one-year statute of limitations. The district court dismissed the case citing the complaint was filed more than a year after the third party filed the state court complaint and later denied both the plaintiff’s motion for reconsideration and the defendant’s motion for attorney’s fees. Both parties appealed.
On appeal, the 6th Circuit agreed that the plaintiff made a timely claim. Plaintiff argued that at least one of her claims fell within the one-year statute of limitations—the attorney’s filing of the updated RIC that allegedly showed the “contrived transfer” of debt—and maintained that she filed within one year of that alleged violation. The defendant countered, among other things, that the plaintiff’s claim was time-barred because it was a continuing effect of the third party’s initial filing of the state court complaint. The 6th Circuit reviewed caselaw on the “continuing-violation doctrine” and determined that the doctrine was not relevant to the case, stating that the plaintiff never invoked it because she was not “trying to sweep in acts that would otherwise be outside of the filing period,” but rather sought “redress for a single claim that is not time-barred.” The 6th Circuit emphasized that the plaintiff’s “single claim is independent of [the third party’s] initial filing of the lawsuit—not a continuing effect of it—because it is a standalone FDCPA violation.” The opinion further stated that the only date considered for the statute of limitations is the date a lawsuit is filed when subsequent FDCPA violations within that lawsuit occurred, and wrote that “[i]f we were to only consider the date [the third party] filed suit . . . we would create a rule that disregards the fact that §1629k(d) creates an independent statute of limitations for each violation of the FDCPA . . . . And if we adopted [the defendant’s] approach, we’d be saying that ‘so long as a debtor does not initiate suit within one year of the first violation, a debt collector [is] permitted to violate the FDCPA with regard to that debt indefinitely and with impunity.’”
District Court says EFTA applies to cryptocurrency
On February 22, the U.S. District Court for the Southern District of New York partially granted a cryptocurrency exchange’s motion to dismiss allegations that its inadequate security practices allowed unauthorized users to drain customers’ cryptocurrency savings. Plaintiffs claimed the exchange and its former CEO (collectively, “defendants”) failed to correctly implement a two-factor authentication system for their accounts and misrepresented the scope of the exchange’s security protocols and responsiveness. Plaintiffs filed a putative class action alleging violations of the EFTA and New York General Business Law, along with claims of negligence, negligent misrepresentation, breach of contract, breach of warranty, and unjust enrichment. The defendants moved to dismiss, in part, by arguing that the EFTA claim failed because cryptocurrency does not constitute “funds” under the statute. The court denied the motion as to the plaintiffs’ EFTA claim, stating that the EFTA does not define the term “funds.” According to the court, the ordinary meaning of “cryptocurrency” is “a digital form of liquid, monetary assets” that can be used to pay for things or “used as a medium of exchange that is subsequently converted to currency to pay for things.” In allowing the claim to proceed, the court referred to a final rule issued by the CFPB in 2016, in which the agency, according to the court’s opinion, “expressly stated that it was taking no position with respect to the application of existing statutes, like the EFTA, to virtual currencies and services.” In the final rule, the Bureau stated that it “continues to analyze the nature of products or services tied to virtual currencies.” The court dismissed all of the remaining claims, citing various pleading deficiencies, and finding, among other things, that the “deceptive acts or practices” claim under New York law failed because plaintiffs did not identify specific deceptive statements the defendants made or deceptive omissions for which the defendants were responsible.
4th Circuit remands privacy suit to state court
On February 21, the U.S. Court of Appeals for the Fourth Circuit held that a proposed class action over website login procedures belongs in state court. Plaintiff alleged that after a nonparty credit reporting agency experienced a data breach, it used the defendant subsidiary’s website to inform customers whether their personal data had been compromised. Because the defendant’s website required the plaintiff to enter six digits of his Social Security number to access the information, the plaintiff alleged violations of South Carolina’s Financial Identity Fraud and Identity Theft Protection Act and the state’s common-law right to privacy. Under the state statute, companies are prohibited from requiring consumers to use six digits or more of their Social Security number to access a website unless a password, a unique personal identification number, or another form of authentication is also required. According to the plaintiff, the defendant’s website did not include this requirement.
The defendant moved the case to federal court under the Class Action Fairness Act and requested that the case be dismissed. Plaintiff filed an amended complaint in federal court, as well as a motion asking the district court to first determine whether it had subject matter jurisdiction, given the U.S. Supreme Court’s ruling in TransUnion LLC v. Ramirez, which clarified the type of concrete injury necessary to establish Article III standing (covered by InfoBytes here). Although the district court held that the plaintiff had alleged “an intangible concrete harm in the manner of an invasion of privacy,” which it said was enough to give it subject-matter jurisdiction “at this early stage of the case,” it dismissed the case after determining the plaintiff had not plausibly stated a claim.
In reversing and remanding the action, the 4th Circuit found that the plaintiff alleged only a bare statutory violation and had not pled a concrete injury sufficient to confer Article III standing in federal court. The appellate court vacated the district court’s decision to dismiss the case and ordered the district court to remand the case to state court. The 4th Circuit took the position that an intangible harm, such as a plaintiff “enduring a statutory violation” is insufficient to confer standing unless there is a separate harm “or a materially increased risk of another harm” associated with the violation. “[Plaintiff] hasn’t alleged—even in a speculative or conclusory fashion—that entering six digits of his SSN on [defendant’s] website has somehow raised his risk of identity theft,” the 4th Circuit said. In conclusion, the 4th Circuit wrote: “We offer no opinion about whether the alleged facts state a claim under the Act. Absent Article III jurisdiction, that’s a question for [plaintiff] to take up in state court.”
9th Circuit concludes district attorneys can sue national banks in state court
On February 27, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s decision to abstain from enjoining a state action brought by a California county district attorney (DA) against a national bank, concluding that the enforcement action was not an exercise of “visitorial powers.” According to the opinion, the DA launched an investigation into the bank’s vendor and issued the bank an investigative subpoena seeking records of its banking activities. The bank objected, claiming the request “improperly infringes on the exclusive visitorial powers of the [OCC]” because it sought to inspect the bank’s books and records. The bank subsequently filed a complaint in the U.S. District Court for the Central District of California asking the court to enjoin the state action and requesting injunctive relief to prevent the DA from taking any action to enforce federal and state lending, debt collection, and consumer laws against the bank, or from exercising visitorial powers in violation of the National Bank Act (NBA). The DA withdrew his investigative subpoena and moved to dismiss for lack of subject matter jurisdiction on the ground that the case was now moot. The motion to dismiss was denied on the premise that the DA had not demonstrated that a “renewed investigative subpoena against [the bank] ‘could not be reasonably be expected.’”
The DA then filed a complaint in state court claiming the bank violated California law by hiring a third-party vendor to place “extensive harassing” debt collection phone calls to residents in the state. The complaint alleged violations of California’s Unfair Competition Law, the Rosenthal Fair Debt Collections Practices Act, and the right to privacy under the California Constitution. In federal court, the bank moved for summary judgment, arguing that the state action was an improper exercise of visitorial powers. The district court, however, ruled that the Younger v. Harris abstention (in which a federal court refrains from staying or enjoining pending state criminal prosecutions absent extraordinary circumstances or state civil enforcement actions when certain conditions are met) applied. The bank appealed.
The 9th Circuit considered two questions: (i) whether the Younger abstention was correctly applied, and (ii) whether the DA’s state court action “was an impermissible exercise of visitorial powers vested exclusively with the OCC.” The 9th Circuit held that the district court was correct in applying the Younger abstention doctrine because (i) “the state action qualified as an ‘ongoing’ judicial proceeding because no proceedings of substance on the merits had taken place in the federal action”; (ii) the state court action implicated an important state interest in consumer protection and nothing in federal law bars a DA from suing a national bank; (iii) the bank had the option to raise a federal defense under the NBA in the state court action; and (iv) the injunction the bank requested in the federal action would interfere with the state court proceeding. The 9th Circuit also rejected the bank’s arguments that the state action constituted an illegal exercise of visitorial powers that only belongs to the OCC or state attorneys general. The 9th Circuit cited the U.S. Supreme Court’s decision in Cuomo v. Clearing House Ass’n, L.L.C., in which the high court “held that bringing a civil lawsuit to enforce a non-preempted state law is not an exercise of visitorial powers,” and that “a sovereign’s ‘visitorial powers’ and its power to enforce the law are two different things.” Relying on the Cuomo holding, the 9th Circuit found that accepting the bank’s position “would mean that actions brought against national banks by federal or state agencies or, for that matter, individuals would be forbidden as unlawful exercises of visitorial powers.” “Such a result is wrong. It contradicts established law and is unsupported by any legal authority cited by [the bank]” and would additionally “raise serious anti-commandeering concerns under the Tenth Amendment.”
8th Circuit reverses debt collection action for lack of standing
On February 24, the U.S. Court of Appeals for the Eighth Circuit vacated and remanded the dismissal of a class action lawsuit concerning a medical collection letter that listed amounts due but did not distinguish between the principal and the interest that the debt collectors were attempting to charge. Plaintiff, who never paid any part of the interest or principal, filed a class action against the defendant debt collectors alleging violations of the FDCPA and the Nebraska Consumer Practices Act (NCPA). The defendants moved for summary judgment, arguing that the plaintiff lacked Article III standing. The district court denied the motion and the jury found for the defendants on all counts except for the NCPA claim, which was not tried before a jury. After trial, the district court determined it had provided improper jury instructions, and sua sponte, entered judgment for the plaintiff as a matter of law on both the NCPA and FDCPA claims. The district court specifically ruled that the NCPA does not allow collection of prejudgment interest by a debt collector without an actual judgment. The defendants appealed.
On appeal, the 8th Circuit focused on whether the plaintiff had standing. The appellate court held that the collection letter did not cause the plaintiff concrete harm, and concluded (quoting TransUnion LLC v. Ramirez, citing Spokeo, Inc. v. Robins) that without a concrete injury in fact, she “is ‘not seeking to remedy any harm to herself but instead is merely seeking to ensure a defendant’s compliance with regulatory law (and, of course, to obtain some money via the statutory damages).’” Without suffering a tangible harm, the appellate court said it could only recognize injuries with “a ‘close relationship’ to harm ‘traditionally’ recognized as providing a basis for a lawsuit in American courts.” The plaintiff pointed to fraudulent misrepresentation and conversion as analogous to her alleged injury, but the appellate court disagreed and determined that the consumer could not establish injury sufficient to satisfy Article III standing. In vacating and remanding the district court’s ruling, the 8th Circuit pointed out that, absent standing, it lacked jurisdiction to decide any other issues raised on appeal.
Supreme Court agrees to review constitutionality of CFPB’s funding, but not on an expedited basis
The Supreme Court granted the CFPB's request to review the U.S. Court of Appeals for the Fifth Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau but so far has not expedited consideration of the case. Without quick action to expediate consideration by the Court, all CFPB actions will be open to challenge until the Supreme Court issues a decision. At the current pace, the CFPB could remain in this limbo until June of 2024.
In this case, the 5th Circuit held that Congress violated the Constitution’s Appropriations Clause when it created what that Court described as a “perpetual self-directed, double-insulated funding structure” for the agency. As a result, the CFPB’s 2017 Payday Lending Rule is invalid because the CFPB would not have been able to issue it “without its unconstitutional funding.” The implication, as the CFPB itself pointed out in its petition for certiorari, is that all past and future actions that relied on the same funding mechanism—basically everything the agency has ever done or will ever do—are invalid as well.
Although the CFPB had ninety days to seek review of the 5th Circuit’s decision, it took the unusual step of filing the petition in less than 30 days, and specifically urged the Supreme Court to “set this case for argument this Term,” to guarantee a decision by June or early July of this year. The Court’s order issued Monday simply states that the CFPB’s petition is granted, without setting an expediated briefing schedule. As a result, without the Court taking some immediate steps to speed up consideration, the case will be decided under the Court’s standard briefing schedule. This means the matter will be briefed over the next several months with oral argument likely next fall, as part of the Supreme Court’s October 2023 Term. Although a decision could come out any time after oral argument, cases as significant as this case often come out towards the end of the term, i.e., by June 2024.
The Supreme Court’s unwillingness to expedite consideration of the case to date has serious practical implications for the CFPB’s ability to push forward its ambitious agenda. As the CFPB has itself acknowledged, the 5th Circuit’s decision binds lower courts in that circuit unless and until it is overturned. It will likely encourage challenges to CFPB rulemakings and potentially other actions in that circuit. Even outside of the 5th Circuit, lower courts adjudicating CFPB enforcement actions may be unwilling to move those cases forward until the Supreme Court provides direction on this fundamental funding issue. Thus, for the time being, we can expect more challenges and more delays in CFPB enforcement actions.
For financial institutions, our advice remains the same as when the 5th Circuit’s decision was issued. Generally, companies should maintain their day-to-day focus on compliance, as the CFPB may weather this latest constitutional challenge with its full authority, including its enforcement power, intact. In addition, other Federal agencies—for example, the Federal banking agencies, the National Credit Union Administration, the Federal Trade Commission—and state attorneys general and/or state regulators often have overlapping authority to enforce Federal consumer financial law. Finally, companies should continue to assume that rules issued by the Bureau are valid and that they will not be penalized for good-faith reliance on such rules.