Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 11, the U.S. Court of Appeals for the Sixth Circuit affirmed dismissal of a putative class action for lack of subject matter jurisdiction, holding that while a merchant technically violated the Fair and Accurate Credit Transactions Act (FACTA) by including 10 credit card digits on a customer’s receipt, the customer failed to allege any concrete harm sufficient to establish standing. According to the opinion, the named plaintiff filed a class action against the merchant alleging the first six and last four digits of her credit card number were printed on her receipt—a violation of FACTA’s truncation requirement, which only permits the last five digits to be printed on a receipt. The plaintiff argued that this presented “a significant risk of the exact harm that Congress intended to prevent—the display of card information that could be exploited by an identity thief,” and further claimed she did not need to allege any harm beyond the violation of the statute to establish standing. The district court disagreed, ruling that the plaintiff “lacked standing because she alleged merely a threat of future harm that was not certainly impending” and that the merchant’s technical violation demonstrated no material risk of identity theft.
In agreeing with the district court, the 6th Circuit concluded that a “violation of the statute does not automatically create a concrete injury of increased risk of real harm even if Congress designed it so.” Moreover, the appellate court reasoned that the “factual allegations in this complaint do not establish an increased risk of identity theft either because they do not show how, even if [p]laintiff’s receipt fell into the wrong hands, criminals would have a gateway to consumers’ personal and financial data.” The appellate court further concluded, “statutory-injury-for-injury’s sake does not satisfy Article III’s injury in fact requirement” and the court must exercise its constitutional duty to ensure a plaintiff has standing.
On May 10, the U.S. Court of Appeals for the Second Circuit determined that class members have constitutional standing to sue a national bank for allegedly violating New York’s mortgage-satisfaction-recording statutes, which require lenders to record borrowers’ repayments within 30 days. The plaintiffs filed a class action suit alleging the bank’s recordation delay harmed their financial reputations, impaired their credit, and limited their borrowing capacity. The district court agreed, ruling that the plaintiffs had Article III standing to sue because the bank’s alleged violation of the mortgage-satisfaction-recording statutes created a “material risk of harm” to them.
On appeal, the majority opinion first determined, among other things, that “state legislatures may create legally protected interests whose violation supports Article III standing, subject to certain federal limitations.” The alleged state law violations in this matter, the majority wrote, constitute a concrete and particularized harm to the plaintiffs in the form of both reputational injury and limitations in borrowing capacity during the recordation delay period. Moreover, the majority concluded that the bank’s alleged failure to report the plaintiffs’ mortgage discharge “posed a real risk of material harm” because the public record reflected an outstanding debt of over $50,000, which could “reasonably be inferred to have substantially restricted” the plaintiffs’ borrowing capacity. The dissenting judge argued, however, that the plaintiffs “never suffered a cloud on title prohibiting them from selling their property, or adverse effects on their credit, or an inability to finance another property, or even a risk of these harms,” and that the “trivial nature of a recordation delay is reflected in the 30-day delay that is tolerated without penalty, and by the small penalty exacted even after 90 days.”
The 2nd Circuit joined the Third, Seventh, Ninth, and Tenth circuits in holding that state legislatures have the power to “create ‘legally protected interests’” that, when violated, satisfy Article III injury-in-fact requirement, noting that it is “aware of no Circuit holding to the contrary.”
On May 5, the U.S. Court of Appeals for the Ninth Circuit affirmed summary judgment in favor of a mortgage servicer in an action asserting claims arising from a homeowners’ association’s (HOA) nonjudicial foreclosure on real property in Nevada. According to the opinion, Fannie Mae originally purchased the loan on the property (secured by a Deed of Trust), which was eventually assigned to the mortgage servicer. Following the homeowners’ failure to pay their HOA dues, a foreclosure sale was held, and the property was conveyed to a limited liability company. The mortgage servicer filed a quiet title suit against the company, and the district court granted summary judgment in its favor on the basis that the Federal Foreclosure Bar (which prohibits the foreclosure of FHFA property without FHFA’s consent) “prevented the extinguishment of Fannie Mae’s Deed.”
In agreeing with the district court, the 9th Circuit first rejected two threshold challenges raised by the company, holding that the mortgage servicer “properly and timely” raised its claims under the Federal Foreclosure Bar. Specifically, the appellate court determined that the mortgage servicer “presented ample evidence of its servicing relationship with Fannie Mae,” and that this relationship, along with authority delegated to Fannie Mae loan servicers to protect its mortgage loans, “was more than sufficient to establish” that the mortgage servicer was Fannie Mae’s loan servicer and, therefore “had the authority to assert the Federal Foreclosure Bar” in quiet title action. The 9th Circuit also concluded that the mortgage servicer filed the action within the applicable six-year statute of limitations. In holding that the Federal Foreclosure Bar preempted Nevada’s HOA law and prevented the extinguishment of Fannie Mae’s Deed of Trust, the appellate court noted, among other things, that the mortgage servicer demonstrated that Fannie Mae retained an enforceable interest in the loan at the time of the HOA foreclosure sale. The 9th Circuit rejected the company’s argument that the mortgage servicer “failed to produce a ‘signed writing’ evincing such interest as required by the Nevada statute of frauds.” According to the appellate court, given that the company “was not a party to the underlying loan agreement pursuant to which Fannie Mae acquired the loan,” the company could not raise the statute of frauds.
On May 10, the U.S. District Court for the Southern District of Texas ordered a defendant hospitality company to reimburse a national bank and its payment processor (collectively, “plaintiffs”) for $20 million in assessments levied against the plaintiffs by two payment brands following a data breach announced by the defendant in 2015. An investigation into the data breach determined that the defendant failed to require two-factor authentication on its remote access software, which contributed to the data breach and violated the payment brands’ security guidelines. The bank paid roughly $20 million to the payment brands and asked the defendant to indemnify it for the assessments. The defendant refused, arguing that its agreement with the bank was not breached because the payment brands’ rules “distinguish between actual and potential data comprises.” Moreover, the defendant stressed that “[b]ecause no evidence indicates that the attackers used the cardholder information” it was not obligated to indemnify the bank. However, the plaintiffs claimed that under the agreement, the defendant agreed to indemnify the bank “if its failure to comply with the brands’ security guidelines, or the compromise of any payment instrument, results in assessments, fines, and penalties by the payment brands.” The plaintiffs filed suit and moved for partial summary judgment on a breach of contract claim. In granting the plaintiffs’ motion for partial summary judgment, the court determined that the hospitality company is contractually obligated to cover the costs, ruling that actual data compromise is not necessary to trigger the agreement’s indemnification guidelines and that the bank does not need to show that the attackers used the payment information.
On May 7, the U.S. District Court for the Southern District of New York granted a Missouri-based accounts receivable management company’s (defendant) motion for judgment on the pleadings concerning alleged FDCPA violations. The defendant stated in a collection letter that the plaintiff’s account would be placed with an attorney “for possible legal action” if repayment could not be arranged. The letter also listed two addresses—a physical office address at the top left of the letter and a P.O. Box at the top left of a detachable payment coupon at the bottom of the letter. The plaintiff alleged the letter violated Sections 1692e and 1692g of the FDCPA, claiming that the least sophisticated consumer could read the letter and think that legal action was “imminent,” which would ultimately overshadow the 30-day period to dispute the validity of the debt. The court disagreed, however, concluding that even the least sophisticated consumer would not think the use of the words “if” and “possible” in the letter in question meant that legal action was imminent. Moreover, the court ruled that the inclusion of two different addresses in the letter would not confuse anyone about where to send a dispute notification. Specifically, the validation notice in the letter informed the plaintiff that the defendant would assume the debt to be valid unless its office was notified of a dispute and the letter provided only one office address.
On May 6, the U.S. District Court for the Central District of California preliminarily approved a revised class action settlement concerning allegations that a mortgage servicer charged borrowers a $15 convenience fee for making mortgage payments over the phone. The plaintiff filed a class action complaint in 2019 against the servicer alleging, among other things, that the servicer’s assessment of the convenience fee breached her mortgage agreement and violated the FDCPA, California’s Rosenthal Fair Debt Collection Practices Act, and California’s Unfair Competition Law. The parties reached a settlement in 2020, but the court denied approval, expressing concerns with several aspects of the settlement, including the adequacy of the settlement fund, anticipated attorneys’ fees and incentive award requests, and proposed notice to potential class members. Under the terms of the revised settlement, the servicer will be required to pay approximately $3.3 million into a settlement fund, which will be distributed to class members according to the proportional amount of the pay-to-pay fees charged to each borrower within the class period. Additionally, the named plaintiff agreed to seek an incentive award not to exceed $5,000, and attorneys’ fees and expenses will be capped at 25 percent of the settlement fund.
On May 6, the U.S. District Court for the Eastern District of Pennsylvania ruled that a defendant nationwide convenience store chain must face certain claims filed by a group of financial institutions as a result of a 2019 data security incident that allegedly compromised consumers’ credit and debit card information. The financial institutions, in bringing claims for negligence, negligence per se, and declaratory and injunctive relief, asserted, among other things, that the defendant’s “deficient security measures and vulnerable point-of-sale systems led to a data breach that went undetected for almost nine months.” The court ruled that the negligence and declaratory and injunctive relief claims can proceed, but dismissed without prejudice the financial institution’s negligence per se claim so that it can be repleaded under a claim for general negligence. In allowing the negligence claim to survive, the court dismissed the defendant’s argument that the claim should be dismissed under the economic loss doctrine, which bars recovery in tort resulting from an alleged breach of duty under a contract between the parties. The court pointed out that the financial institutions’ claims are protected by a narrow exception to the economic loss doctrine under Pennsylvania law for breach of a common law duty “independent of any potential contractual relationship,” including “the duty to maintain and protect sensitive data with reasonable care.” The court wrote that “the [i]nstitutions have set forth a plausible negligence claim based on the argument that [the defendant] owed them an independent duty in light of” the Pennsylvania Supreme Court’s 2018 ruling in Dittman v. UPMC, which held that the duty “exists independently from any contractual obligations between the parties.” The court further stated that dismissing the declaratory and injunctive relief claims at this stage would curtail the court’s “broad equity powers to fashion the most complete relief possible.”
As previously covered by InfoBytes, in February, consolidated class members filed an unopposed motion for preliminary approval of a settlement agreement with the defendant, which would provide monetary relief to class members totaling up to $9 million, plus $3.2 million for attorneys’ fees and expenses and class representative service awards. The defendant would also be required take additional measures for a period of two years to prevent future unauthorized intrusions.
On May 11, the CFPB urged the U.S. District Court for the Middle District of Tennessee to deny a request for a temporary injunction of a CFPB rule that would require all landlords to disclose to tenants federal protections put in place as a result of the ongoing Covid-19 pandemic, arguing that the rule does not require false speech and is justified by the First Amendment. As previously covered by InfoBytes, the plaintiffs, including members of the National Association of Residential Property Managers, sued the CFPB asserting the Bureau’s recently issued interim final rule (IFR) violates their First Amendment rights. The IFR amended Regulation F to require debt collectors to provide tenants clear and conspicuous written notice alerting them of their rights under the CDC’s moratorium on evictions in response to the Covid-19 pandemic (covered by InfoBytes here). The plaintiffs alleged that the IFR violates the First Amendment because it “mandates untrue speech and encourages plainly misleading speech” by requiring disclosures about a moratorium that has been challenged or invalidated by several federal courts, including the U.S. Court of Appeals for the Sixth Circuit. The CFPB asked the court not to grant the plaintiffs’ request for the temporary injunction, pointing out that the “plaintiffs fail to demonstrate that they are entitled to the extraordinary relief they seek.” The brief also notes that “requiring debt collectors to provide routine, factual notification of rights or legal protections that consumers ‘may’ have, in jurisdictions where the CDC Order applies, does not compel false speech and plainly passes First Amendment muster.”
On April 26, the U.S. District Court for the Northern District of Alabama partially granted a defendant debt collector’s motion for summary judgment concerning alleged FCRA and FDCPA violations. According to the opinion, the defendant sent a dunning letter to the plaintiff’s son seeking to recover unpaid debt. The plaintiff disputed the amount of debt owed and asked that the debt not be reported to the CRAs. However, two years later the son noticed the debt was included on his credit report and wrote to a CRA to dispute the debt. The defendant conducted an investigation to verify the debt and asserted that it told the CRAs that the son continued to dispute the debt. The credit reports the son obtained after the investigation, however, did not include a notation on his credit report showing the debt as disputed. The plaintiff brought suit on behalf of his son alleging the defendant violated the FCRA by failing to investigate the disputed debt, and the FDCPA by failing to communicate with the CRAs and misrepresenting the amount of the debt. The court granted summary judgment on the FCRA claim, finding that the dispute as to the debt owed was based on a legal defense not a factual inaccuracy, and that “the FCRA makes a furnisher liable for failing to report a dispute only if the dispute is meritorious.” The court, however, permitted the FDCPA claim predicated on the alleged failure to communicate with the CRA to proceed to trial because there is no analogous requirement that the dispute be meritorious to state a claim. The court dismissed the FDCPA claim predicated on the dunning letter for lack of standing.
On May 5, the U.S. District Court for the Northern District of New York certified a class of student loan borrowers who claimed a defendant student loan servicer and other associated entities interfered with their rights to prepay or consolidate their Federal Family Education Loan Program student loans in accordance with certain guarantees under federal law. Specifically, the class alleged that they suffered harm when their applications seeking loan forgiveness were denied because the defendant failed to complete and return required loan verification certifications (LVCs) within 10 days. According to the class, the defendant allegedly “admitted that it failed to return LVCs within the time period mandated by law,” and in 2019 had entered into consent orders with the CFPB and NYDFS, “in which it conceded that it had failed to do so.” (Covered by InfoBytes here and here.) The complaint alleges several claims, including violations of New York General Business Law, breach of contract, and breach of the implied covenant of good faith and fair dealing.
- Jonice Gray Tucker to discuss “How the new administration sets the tone for 2021” at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems
- Sherry-Maria Safchuk to discuss UDAAP in consumer finance at an American Bar Association webinar
- Jeffrey P. Naimon to discuss "What to expect: The new administration and regulatory changes" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Steven R. vonBerg to discuss "LO comp challenges" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss “The False Claims Act today” at the Federal Bar Association Qui Tam Section Roundtable