InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court preliminarily approves $2.7 million FCRA settlement
On June 1, the U.S. District Court for the Eastern District of California preliminarily approved a class action settlement, which would require a corporate defendant to pay $2.7 million to resolve allegations that it provided false information on credit reports to auto dealers. The defendant sells credit reports to auto dealers to help dealers manage their regulatory compliance obligations, the order explained, noting that one of these obligations prohibits dealers from engaging in business with anyone designated on the U.S. Treasury Department’s Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals (SDN) list. The SDN list is comprised of persons and entities owned or controlled by (or acting for or on behalf of) a targeted company, or non-country specific persons, who are prohibited from conducting business in the U.S. The defendant would flag a consumer as an “OFAC Hit” if it matched a name on the SDN list.
The order explained that when using a “similar name” algorithm script to run the consumer’s name against the SDN list to check for a match, the defendant only ran first and last names and did not input other available information such as birth dates and addresses. The lead plaintiff filed a putative class action pleading claims under the FCRA and California’s Consumer Credit Reporting Agencies Act, alleging his name inaccurately came up as an OFAC hit on a credit report sold to an auto dealer. In turn, the plaintiff was denied credit and suffered emotionally, later learning that the defendant incorrectly matched him with an SDN. According to class members, the defendant failed to follow reasonable procedures to assure maximum possible accuracy when matching consumer information and failed to provide, upon request, all information listed in a consumer’s file. Moreover, the lead plaintiff claimed the defendant failed to investigate the disputed OFAC-related information sold to the dealer. The defendant moved for summary judgment on the premise that it was not acting as a consumer reporting agency and that OFAC check documents were not consumer reports, but the court denied the motion and later certified the class. If finalized, the settlement would provide $1,000 to each of the class members, attorneys fees and costs, and a service award to the lead plaintiff.
Bank to pay $1 billion to settle investors’ compliance claims
Last month, the U.S. District Court for the Southern District of New York preliminarily approved a securities litigation settlement that would require a national bank to pay $1 billion to resolve class claims that it misrepresented its progress in overhauling its internal controls and compliance processes. The required overhauls relate to consent orders entered between the bank and its regulators in 2018 concerning alleged improper banking practices and corporate oversight deficiencies. The settlement would resolve investors’ claims that the bank’s allegedly misleading statements artificially inflated the price of the bank’s common stock, which declined when additional information was revealed. The bank expressly denies that the lead plaintiffs “have asserted any valid claims,” and denies “any and all allegations of fault, liability, wrongdoing, or damages.” If granted final approval, the bank would be required to pay $1 billion into a fund to be distributed to certain affected investors.
FTC says COPPA does not preempt state privacy claims
The FTC recently filed an amicus brief in a case on appeal before the U.S. Court of Appeals for the Ninth Circuit, arguing that the Children’s Online Privacy Protection Act (COPPA) does not preempt state laws that are consistent with the federal statute’s treatment of regulated activities. The full 9th Circuit is currently reviewing a case brought against a multinational technology company accused of using persistent identifiers to collect children’s data and track their online behavior surreptitiously and without their consent in violation of COPPA and various state laws.
As previously covered by InfoBytes, last December the 9th Circuit reversed and remanded a district court’s decision to dismiss the suit after reviewing whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulation. At the time, the 9th Circuit examined the language of COPPA’s preemption clause, which states that state and local governments cannot impose liability for interstate commercial activities that is “inconsistent with the treatment of those activities or actions” under COPPA. The opinion noted that the 9th Circuit has long held “that a state law damages remedy for conduct already proscribed by federal regulations is not preempted,” and that the statutory term “inconsistent” in the preemption context refers to contradictory state law requirements, or to requirements that stand as obstacles to federal objectives. The opinion further stated that because “the bar on ‘inconsistent’ state laws implicitly preserves ‘consistent’ state substantive laws, it would be nonsensical to assume Congress intended to simultaneously preclude all state remedies for violations of those laws.” As such, the appellate court held that “COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe the same conduct forbidden by, COPPA. Express preemption therefore does not apply to the children’s claims.” The defendant asked the full 9th Circuit to review the ruling. The appellate court in turn asked the FTC for its views on the COPPA preemption issue, specifically with respect to “whether the [COPPA] preemption clause preempts fully stand-alone state-law causes of action by private citizens that concern data-collection activities that also violate COPPA but are not predicated on a claim under COPPA.”
In agreeing with the 9th Circuit that plaintiffs’ claims are not preempted in this case, the FTC argued that nothing in COPPA’s text, purpose, or legislative history supports the sweeping preemption that the defendant claimed. According to the defendant, plaintiffs’ state law claims are inconsistent with COPPA and are therefore preempted “because the claims were brought by plaintiffs who were not authorized to directly enforce COPPA, and would result in monetary remedies under state law that COPPA did not make available through direct enforcement.” Moreover, all state law claims relating to children’s online privacy are inconsistent with COPPA’s framework, including those brought by state enforcers, the defendant maintained. The FTC disagreed, writing that the 9th Circuit properly rejected defendant’s interpretation, which would preempt a wide swath of traditional state laws. Moreover, COPPA’s preemption clause only applies to state laws that are “inconsistent” with COPPA so as not to create “field preemption,” the FTC said, adding that plaintiffs’ claims in this case are consistent with the statute.
District Court approves $4.3 million data breach settlement
Earlier this month, the International Organization of Securities Commissions (IOSCO) released draft policy recommendations to support greater regulatory and oversight consistency within the crypto and digital assets markets. According to the global securities watchdog, regulators must strive for consistency in their oversight of crypto-asset activities given the cross-border nature of these markets and the varying approaches taken by individual jurisdictions. Seeking to optimize consistency in the way crypto-asset and securities markets are regulated, the IOSCO advised regulators to enhance cooperation efforts and attempt “to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets in order to facilitate a level-playing field between crypto-assets and traditional financial markets and help reduce the risk of regulatory arbitrage.” Encouraging regulators to engage in rulemaking and information sharing, the IOSCO presented a comprehensive strategy for harmonizing the oversight of crypto companies, including standards on conflicts of interest and governance, fraud and market abuse, cross-border cooperation, custody of client monies and assets, and operational and technological risks. The IOSCO also suggested measures for reducing money laundering risks, explaining that crypto assets may be more appealing to criminals who want to avoid traditional financial system oversight. The IOSCO noted that its goal is to finalize its policy recommendations in early Q4 2023. Comments will be received through July 31.
CFPB announces $9 million settlement with bank on credit card servicing
On May 23, the CFPB announced a settlement to resolve allegations that a national bank violated TILA and its implementing Regulation Z, along with the Consumer Financial Protection Act. The Bureau sued the bank in 2020 (covered by InfoBytes here) claiming that, among other things, when servicing credit card accounts, the bank did not properly manage consumer billing disputes for unauthorized card use and billing errors, and did not properly credit refunds to consumer accounts resulting from such disputes. At the time, the bank issued a response stating that it self-identified the issues to the Bureau five years ago while simultaneously correcting any flawed processes.
The bank neither admitted nor denied the allegations but agreed under the terms of the stipulated final judgment and order filed in the U.S. District Court for the District of Rhode Island to pay a $9 million civil penalty. In addition to amending its credit card practices, the bank is prohibited from automatically denying billing error notices and claims of unauthorized use of cards should the customer fail to provide a fraud affidavit signed under penalty of perjury. The bank must also (i) credit reimbursable fees and finance charges to a customer’s account when unauthorized use and billing errors occur; (ii) provide required acknowledgement and denial notices to customers upon receipt or resolution of billion error notices; and (iii) provide customers who call its credit counseling hotline with at least three credit counseling referrals within the caller’s state. The bank must also maintain procedures to ensure customers are properly refunded any fees or finance charges identified by valid error notices and unauthorized use claims. The bank issued a statement following the announcement saying that while it “continues to disagree with the CFPB’s stance with respect to these long-resolved issues, which were self-identified and voluntarily addressed years ago,” it is pleased to resolve the matter.
Default judgment entered against provider of immigration bonds
The U.S. District Court for the Western District of Virginia recently entered default judgment against defendants accused of misrepresenting the cost of immigration bond services and deceiving migrants to keep them paying monthly fees by making false threats of deportation for failure to pay. As previously covered by InfoBytes, the defendants—a group of companies providing immigration bond products or services for non-English speaking U.S. Immigration and Customs Enforcement detainees—were sued by the CFPB and state attorneys general from Massachusetts, New York, and Virginia in 2021 for allegedly engaging in deceptive and abusive acts and practices in violation of the Consumer Financial Protection Act (CFPA). The defendants argued that the court lacked subject matter jurisdiction because the Bureau did not have authority to enforce the CFPA since the defendants are regulated by state insurance regulators and are merchants, retailors, or sellers of nonfinancial goods or services. However, the court disagreed, explaining that “limitations on the CFPB’s regulatory authority do not equate to limitations on this court’s jurisdiction.” (Covered by InfoBytes here.)
As explained in the court’s opinion, last year the plaintiffs filed a motion for sanctions and for an order to show cause why the court should not hold the defendants in contempt for actions relating to several ongoing discovery disputes. The court determined that the defendants failed to demonstrate that “factors other than obduracy and willfulness” led to their failure to comply with multiple discovery orders and that the defendants engaged in a “pattern of knowing noncompliance with numerous orders of the court.” These delays, the court said, have significantly harmed the plaintiffs in their ability to prepare their case. Finding each defendant in civil contempt of court, the court also entered a default judgment against the defendants, citing them for discovery violations in other cases. The court set June deadlines for briefs on remedies and damages.
CFPB brief defends funding structure
On May 8, petitioner CFPB filed its brief with the U.S. Supreme Court, criticizing the U.S. Court of Appeals for the Fifth Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the appellate court found that the Bureau’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here). The 5th Circuit’s decision also vacated the agency’s Payday Lending Rule on the premise that it was promulgated at a time when the Bureau was receiving unconstitutional funding.
Earlier this year, the Bureau filed a petition for a writ of certiorari, which the Court granted (covered by InfoBytes here). The Bureau explained in its petition that the 5th Circuit’s decision would negatively impact its “critical work administering and enforcing consumer financial protection laws” and “threatens the validity of all past CFPB actions as well” as the decision vacates a past agency action based on the purported Appropriations Clause violation. Community Financial Services Association of America (CFSA) filed a conditional cross-petition, seeking review on other aspects of the 5th Circuit’s decision, including that the 5th Circuit’s decision does not warrant review because the appellate court correctly vacated the Payday Lending Rule, which, according to the respondents, has “multiple legal defects, including but not limited to the Appropriations Clause issue.” (Covered by InfoBytes here.)
In its opening brief, the Bureau expanded on why it believes the 5th Circuit erred in its holding. The Bureau argued that the text of the Appropriations Clause “does not limit Congress’ authority to determine the specificity, duration, and source of its appropriations.” The agency further explained that Congress has chosen similar funding mechanisms for many other financial regulatory agencies, including the FDIC, NCUA, FHFA, and the Farm Credit Administration (and agencies outside of the financial regulatory sector), where they are all funded in part through the collection of fees, assessments, and investments. The Bureau emphasized that the 5th Circuit and the CFSA failed “to grapple with the Appropriation Clause’s text, Congress’ historical practice, or [Supreme] Court precedent,” but instead asserted only that the funding mechanism was “unprecedented.” “Congress enacted a statute explicitly authorizing the CFPB to use a specified amount of funds from a specified source for specified purposes,” the Bureau emphasized. “The Appropriations Clause requires nothing more.” The 5th Circuit’s “novel and ill-defined limits on Congress’s appropriations authority contradict the Constitution’s text and congressional practice dating to the Founding.”
The Bureau also addressed the now-vacated Payday Lending Rule. Arguing that even if there were some constitutional flaw in 12 U.S.C. § 5497 (the statute creating the Bureau’s funding mechanism), the 5th Circuit should have looked for some cure to allow the remainder of the funding mechanism to stand independently instead of “adopting an unjustified and profoundly disruptive retrospective remedy” and presuming the funding mechanism created under Section 5497(a)-(c) was entirely invalid. The Bureau also stressed that vacatur of the agency’s past actions was not an appropriate remedy and is inconsistent with historical practice. Adopting a remedial approach, the Bureau warned, would inflict significant disruption by calling into question 12 years of past agency actions.
The Bureau urged the Court to at most grant only “prospective relief preventing the CFPB from enforcing the Payday Lending Rule against [CFSA] or their members until Congress provides the Bureau with funding from another source.” While such an approach could still “upend” the Bureau’s activities, “it would at least avoid the profoundly disruptive effect of unwinding already completed and concededly authorized agency actions like the Payday Lending Rule,” the Bureau wrote, adding that “[v]acatur of the CFPB’s past actions would be inappropriate in light of the significant disruption that such vacatur would produce.”
District Court denies servicer’s claims that it never received QWR
The U.S. District Court for the Eastern District of Missouri recently considered whether a mortgage servicer received a borrower’s qualified written request (QWR) relating to a missed mortgage payment. The borrower sent a money order to cover two monthly mortgage payments, but the payments were not properly credited to her account. The borrower made several attempts to contact the mortgage servicer about the improperly credited payment. After receiving a formal notice of default, the borrower sent a “Request for Information and Notice of Error” (NOE) to the servicer explaining the situation and asking that her account be updated to reflect that all payments had been made and requesting the removal of late fees and charges. She also asked that her loan be removed from default status and sent letters to the credit reporting agencies formally disputing the delinquent payment reports. According to the court’s opinion, the borrower claimed that the servicer violated RESPA by failing to respond and violated the FCRA by failing to conduct a reasonable investigation into her credit disputes and verifying inaccurately furnished information.
In considering both parties’ motions for summary judgment, the court granted the borrower’s motion on liability with respect to her RESPA claim and denied the servicer’s motion for summary judgment on the FCRA claims on the basis that the borrower provided evidence of actual damages resulting from the servicer’s alleged FCRA violation. The court explained that RESPA requires mortgage servicers to respond to a QWR within five days to acknowledge receipt, and again within 30 days by either correcting the account, providing a written explanation as to why it believes the account is correct, or providing the information requested by the borrower or an explanation of why the information requested is unavailable. Failure to do so entitles a borrower to any actual damages suffered as result of the failure. Claiming the NOE was a QWR, the borrower presented evidence, including a certified mail receipt allegedly showing the NOE was signed for by one of the servicer’s representatives. The servicer countered that because it had no record of the correspondence, its RESPA duties were not triggered. The servicer further argued that the NOE did not qualify as a QWR because it failed to provide sufficient information for it to investigate or respond to the request, and that even if it was a QWR, the borrower had failed to show actual damages.
The court disagreed, determining (i) that the servicer failed to prove it did not receive the NOE, and (ii) that the NOE constituted a QWR. “The information in the letter alone is sufficient to qualify as a QWR,” the court wrote. “The letter quite specifically states the error [the borrower] believed to have occurred…. This is not an ‘overbroad’ and generalized statement of ‘bad servicing.’ It identifies an error specifically contemplated by RESPA’s regulations.” The court further added that “RESPA does not require that a lender’s violations be the sole cause of a borrower’s emotional distress. It merely requires that damages be causally related to a violation of the statute.” However, the court noted that the borrower still needs to prove at trial the extent of damages caused by the servicer's alleged violation.
France fines facial recognition company additional €5.2 million for noncompliance
On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply with an October order. As previously covered by InfoBytes, last fall CNIL imposed a €20 million penalty against the company for allegedly violating the EU’s General Data Protection Regulation (GDPR) after investigations found that the company allegedly processed personal biometric data without a legal basis (a breach of article 6 of the GDPR), and failed to take into account an individual’s rights in an “effective and satisfactory way”—particularly with respect to requests for access to their data (a breach of articles 12, 15 and 17 of the GDPR). CNIL reported that the company had two months after receiving the October order to stop collecting and processing data on individuals located in France “without any legal basis, and to delete the data of these individuals, after responding to requests for access it received.” Because the company did not submit proof of compliance within this time frame, CNIL imposed an additional fine on top of the original penalty.
6th Circuit: Tennessee judicial foreclosure time-barred
On May 4, the U.S. Court of Appeals for the Sixth Circuit affirmed a lower court’s decision in a judicial foreclosure action, holding that a bank’s lawsuit was barred by Tennessee’s 10-year statute of limitations for actions to enforce liens on real property. The appellate court also refused to establish an equitable lien on the property in favor of the bank. According to the opinion, the home equity line of credit at issue in the case matured in 2007, requiring a final balloon payment, but the bank did not demand this payment, refinance the loan, or foreclose on the property. Instead, the bank continued to accept monthly interest payments totaling around $100,000 until 2017. The opinion reflected that the bank did not contend there to be a written instrument showing an extension of the loan or that such an extension was recorded. Rather, the bank raised several arguments, including that there was an oral modification to the loan and that it had the unilateral right to extend the loan based on “a future advances provision that could extend the maturity date for up to twenty years.” The bank further argued that the defendants’ monthly interest payments excused any writing requirement and evidenced an agreement to extend the loan’s maturity date. The appellate court disagreed, concluding that because the bank could not show, as a matter of law, that the loan’s maturity date was extended, its suit is untimely. The appellate court stated that the bank was aware that the loan “was in default as early as 2011 (well within the statute of limitations period) but took no action to foreclose or refinance.” The 6th Circuit further noted that if the bank had “simply memorialized an extension to the [l]oan’s maturity date in writing as required by Tenn. Code Ann. § 28-2-111(c), it would not be in this situation.”