InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
8th Circuit affirms $17 million class settlement for retailer data breach
On June 13, the U.S. Court of Appeals for the 8th Circuit affirmed the district court’s ruling approving a $17 million class settlement to resolve consumer claims related to a 2013 data breach, which resulted in the compromise of at least 40 million credit cards and theft of personal information of up to 110 million people. The settlement, which consists of $10 million in consumer redress and almost $7 million in plaintiffs’ attorney fees, was preliminarily approved in 2015 by the district court (previously covered by InfoBytes here) but was remanded back to the court by the 8th Circuit for failing to conduct the appropriate pre-certification analysis. After the district court recertified the class, two settlement challengers appealed, arguing that the class was not properly certified as there were not separate counsel for the subclasses and that the court erred in approving the settlement because the award of attorney’s fees was not reasonable. The appellate court disagreed, holding that no fundamental conflict of interest required separate representation for named class members and class members who suffered no actual losses. The court also concluded that the 29 percent in total monetary payment to the plaintiffs’ attorneys was “well within the amounts [the court] has deemed reasonable in the past” and therefore, the district court did not error in its discretion.
New York Court of Appeals rules claims under Martin Act governed by three-year statute of limitations
On June 12, the New York Court of Appeals issued a 4 to 1 ruling that claims brought under the state’s Martin Act are governed by a statute of limitations of three years, not six. Former New York Attorney General Eric Schneiderman filed a suit against a bank alleging that in 2006 and 2007, the bank misrepresented the quality of residential mortgage-backed securities it created and sold, bringing its claims under the state’s Martin Act, which grants the Attorney General of New York expanded liability for investigating and enjoining fraudulent practices in the marketing of stocks, bonds and other securities beyond what can be recognized under the common law fraud statute. The bank argued that the action was time-barred because too much time had elapsed to bring claims under the Martin Act, and an argument ensued as to whether the three-year statute of limitations that applies to actions to recover upon a liability or penalty imposed by a statute, or the six-year statute of limitations that applies to an action based upon fraud, applied. In its decision, the majority wrote that the three-year period applied because the Martin Act “expands upon, rather than codifies, the common law of fraud” and “imposes numerous obligations—or ‘liabilities’—that did not exist at common law, justifying the imposition of a three-year statute of limitations.” The court concluded that the broad definition of “fraudulent practices” encompasses wrongs that are not otherwise cognizable under the common law and “dispenses, among other things, with any requirement that the Attorney General prove scienter or justifiable reliance on the part of investors.” The court remanded the case to the New York State Supreme Court for further proceedings concerning the state’s claim against the bank for alleged violations of Executive Law Section 63(12).
District Court denies joint request to stay payday rule but agrees to stay lawsuit
On June 12, the U.S. District Court for the Western District of Texas denied a joint request by the CFPB and two payday loan trade groups to stay the compliance date (August 19, 2019) of the Bureau’s final rule on payday loans, vehicle title loans, and certain other high-cost installment loans (Rule) until 445 days after final judgment in the pending litigation. The court declined to provide an explanation for the denial, but did grant the parties’ joint request to stay the lawsuit pending further court order. As previously covered by InfoBytes, the payday loan trade groups filed a lawsuit in April asking the court to set aside the Rule on the grounds that, among other reasons, the CFPB is unconstitutional and the Bureau’s rulemaking failed to comply with the Administrative Procedure Act. On May 31, the parties filed a joint request to stay the lawsuit and the compliance date for the Rule because of the Bureau’s plans to reconsider the Rule, which may repeal or revise certain provisions rendering the case moot or otherwise resolved.
Court approves $12 million settlement between FTC and student debt relief company
On June 8, the U.S. District Court for the Central District of California approved an order requiring an owner and his multiple student debt relief companies (defendants) to pay almost $12 million to settle allegations that the defendants violated the FTC Act and Telemarketing Sales Rule (TSR) when marketing and selling student debt relief services. As part of a coordinated effort between the FTC and state law enforcement called Operation Game of Loans, the FTC filed a complaint in September 2017 alleging the defendants, among other things, charged upfront and monthly fees to enroll students in free government programs to manage student loan debt, but did not perform any services. Additionally, the FTC alleged that the defendants marketed themselves as associated with the Department of Education and called consumers listed on the Do Not Call Registry. Under the settlement order, in addition to the nearly $12 million fine, the defendants are permanently banned from: (i) advertising, marketing, promoting, offering, or selling debt relief or credit repair products or services, or assisting others in such activities; (ii) misrepresenting or assisting others in misrepresenting information relating to any products or services and, specifically, financial products or services; (iii) making any misleading or unsubstantiated representation or assisting others in making any such representation about the benefits, performance, or result of any financial product or service; and (iv) engaging in any unlawful telemarketing practices. The defendants neither admit nor deny any of the FTC’s allegations.
Court denies attorney’s move for summary judgment against CFPB as premature
On June 4, the U.S. District Court for the District of Maryland issued a Memorandum to Counsel denying defendants’ dispositive motions in a UDAAP action brought by the CFPB alleging the defendants employed abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. As previously covered by InfoBytes, in September 2017, the court allowed the CFPB to move forward with its UDAAP claim against the company, its affiliates, and its officers but dismissed claims related to an attorney, finding that he satisfied the requirements for an exemption under the Maryland Consumer Financial Protection Act (MCFPA) for attorneys engaged in the practice of law. In December 2017, the CFPB filed an amended complaint, arguing that the consumers typically did not know the defendant was an attorney or acting as their attorney. The court agreed, holding that “it is logically impossible for a ‘client’ to form an attorney-client relationship with someone she does not know is an ‘attorney,’” and allowed the CFPB to resume the actions against the attorney.
The attorney again moved to dismiss the amended complaint, or in the alternative for summary judgment on the claims. The court denied the motion to dismiss because it was based on the attorney’s disagreement with the CFPB’s allegation that the consumers were never informed he was an attorney—an inappropriate ground for such a motion. As for the motion for summary judgment, the court agreed with the CFPB that the motion was premature because discovery was ongoing.
District Court grants preliminary injunction in FTC search engine suit
On June 6, the U.S. District Court for the Southern District of Florida granted the FTC’s request for preliminary injunction against an individual defendant and the company he owns and manages (stipulating defendants) for allegedly violating the FTC Act by making robocalls to small business owners claiming they represented a global search engine and could guarantee top search result placements. The stipulating defendants are part of a larger group of Florida-based companies, affiliates, and representatives (defendants) identified in the FTC’s 2018 complaint. According to the FTC’s May 23 press release, the defendants—who allegedly have no relationship with the search engine—threatened to remove companies from the search engine’s results or label them as “permanently closed” unless they accepted the robocall and paid a fee to participate in the defendants’ program. The complaint also claimed that the defendants—who lost the ability to accept payments by credit card after their merchant account was closed due to high chargeback rates—allegedly “took money, usually $100, from at least 250 of their prior or existing customers’ checking accounts without those customers’ advance knowledge, consent, or authorization, and with no apparent reason or justification.”
In granting the preliminary injunction, the court found that there exists “good cause” to believe the FTC’s allegations against the stipulating defendants, and that the FTC is “likely to prevail on the merits of this action.” The injunction, among other things, blocks the stipulating defendants from continuing with their business, freezes their assets and records, and orders the appointment of a receiver to take control over those assets. A temporary restraining order was also issued against all defendants on May 8.
11th Circuit vacates FTC data security cease and desist order issued against medical testing laboratory
On June 6, the U.S. Court of Appeals for the 11th Circuit vacated an FTC cease and desist order (Order) that directed a Georgia-based medical testing laboratory to overhaul its data security program, ruling that the Order was unenforceable because it lacked specifics on how the overhaul should be accomplished. In 2013, the FTC claimed that the laboratory’s violation of Section 5(a) of the FTC Act constituted an “unfair act or practice” by allegedly failing to implement and provide reasonable and appropriate data security for patient information. The now defunct laboratory argued, among other things, that the FTC did not have the authority under Section 5 to regulate how it handled its data security measures. But the three-judge panel chose not to rule on the broader question about the scope of the FTC’s Section 5 data security authority, choosing to focus its decision on the Order. As previously covered in InfoBytes, in 2016 the FTC reversed an Administrative Law Judge’s Initial Decision to dismiss the 2013 FTC complaint, ordering the laboratory to, among other things, employ reasonable security practices that complied with FTC standards.
After the Order was issued, the laboratory asked the 11th Circuit to decide whether the FTC’s Order was “unenforceable because it does not direct it to cease committing an unfair ‘act or practice’ within the meaning of Section 5(a).” The 11th Circuit agreed to stay enforcement of the Order and ultimately permanently vacated it. “In the case at hand, the cease and desist order contains no prohibitions,” the panel wrote. “It does not instruct [the laboratory] to stop committing a specific act or practice. Rather, it commands [the laboratory] to overhaul and replace its data security program to meet an indeterminable standard of reasonableness. This command is unenforceable.” The court concluded that “[t]his is a scheme that Congress could not have envisioned.”
District Court holds that FTC investigation and initiation of enforcement proceedings do not qualify as final agency actions subject to judicial review
On May 29, the U.S. District Court for the Northern District of California granted the FTC’s motion to dismiss a declaratory-judgment action filed by several California-based companies that provide student loan processing services, along with their CEO/primary shareholder (plaintiffs). In August 2017, having allegedly learned that the FTC “was in the final process of gathering information to file a lawsuit against one or more of [the] [p]laintiffs on the purported and factually unsupportable basis that the [c]ompanies made misrepresentations to consumers” and violated the TSR’s debt relief service provision, the plaintiffs filed for instant declaratory relief under the Declaratory Judgment Act, seeking a declaration that the Telemarketing Sales Rule’s (TSR) debt relief provisions did not apply to them or, alternatively, that they were in compliance with the provisions. In February 2018, the FTC filed an enforcement action against the plaintiffs alleging that their collection of fees in advance of providing services violated the FTC Act and the TSR, and seeking injunctive and equitable relief. The FTC also moved to dismiss the plaintiffs’ declaratory judgment for lack of subject-matter jurisdiction.
According to the order granting the FTC’s motion, the court agreed with the FTC that the Administrative Procedure Act (APA)—not the Declaratory Judgment Act—is the exclusive, proper vehicle to obtain judicial review of a federal agency’s action. The court then held that the plaintiffs failed to satisfy the two prerequisites for judicial review under the APA, that (i) the agency’s actions constitute as a “final” agency action, and (ii) there exists no other adequate remedy in court. Specifically, the court found that the plaintiffs failed to demonstrate that the FTC’s “investigation into the lawfulness of the [plaintiffs’] actions and initiation of enforcement proceedings” qualified as a “final” agency action subject, and that the plaintiffs’ alternative “adequate remedy” was to be had in the enforcement action brought against them by the FTC, where they would be able to present all of the same defenses and arguments they sought to advance in their declaratory judgment action.
District Court holds that a debt buyer qualifies as a debt collector under the FDCPA
On May 25, the U.S. District Court for the Eastern District of Pennsylvania held that a debt buyer of time-barred debt qualified as a “debt collector” under the Federal Debt Collection Practices Act (FDCPA). The consumer (plaintiff) sued a debt collector and a debt buyer after receiving collection letters from the collector requesting she contact it to discuss settlement. The plaintiff alleged both companies violated the FDCPA by implying the debts were legally enforceable when, in fact, the statute of limitations had run. In rejecting the defendants’ motion to dismiss, the court found that the debt buyer’s “principal purpose of business is debt collection, either directly or through another collector” and therefore it is a debt collector under the FDCPA. The court also rejected the defendants’ arguments that the consumer did not adequately plead a violation of the FDCPA, holding that the collection letter—even though it did not threaten litigation or include a payoff amount—could mislead “the least sophisticated debtor” into believing she had a legal obligation to pay a time-barred debt because it called on plaintiff to contact it to discuss “settlement options” and specifically noted that the collector was not obligated to accept any payment proposal. The court also found that the letter may leave the least sophisticated debtor “uncertain as to her dispute rights under the [FDCPA]” and should have contained a “reconciling statement.”
District Court rules South Dakota banking regulator exceeded authority in revoking payday lender’s license
On May 29, the U.S. District Court for the District of South Dakota denied a motion to dismiss filed by the director of the South Dakota Division of Banking (defendant), ruling that the defendant exceeded his authority when he revoked a payday lender’s (plaintiff) operating license instead of initiating a cease and desist order, and that he failed to provide sufficient opportunities for the plaintiff to respond. According to the court, the defendant “had good cause to revoke [the plaintiff’s] money lending licenses,” having determined that late fees on the plaintiff’s loan product violated the 36 percent finance charge cap in the state’s 2017 payday lending law. But the court also held that the defendant committed a “procedural error” when he chose to “revoke the licenses rather than afford[] a hearing or [give the plaintiff] an opportunity to bring its practices into compliance. . . .”
The court further granted the plaintiff’s motion for partial summary judgment “on the violation of procedural due process” for a period from September 13 through September 28, 2017—the date that the defendant issued a limited stay on the license revocation allowing the company to collect on loans issued before the South Dakota payday lending law went into effect. “In short, [the defendant’s] Order did not meaningfully advance the interests of the state (and indeed contravened state law), and the ‘substitute procedures’ sought by [the plaintiff] (and required under state law) would have accommodated the competing interests, provided due process, and not needlessly compromised the private interests of [the plaintiff],” the court wrote.