InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
States, Democrats urge card companies to create gun-store MCC
On September 2, the California and New York attorneys general sent a letter to the CEOs of three credit card companies asking for the establishment of a unique merchant category code (MCC) for gun store purchases, writing that a specially-designated MCC would help companies flag suspicious activity. The letter follows recent requests sent by several congressional Democrats to the same companies urging them to establish an MCC code for guns. According to the Democrats’ letter, MCCs are four-digit codes maintained by the International Organization for Standardization (ISO) that classify merchants by their purpose of business and are used “to determine interchange rates, assess transaction risks, and generally categorize payments.” The letter noted that according to ISO’s criteria, “a new MCC may be approved if (a) the merchant category is reasonable and substantially different from all other merchant categories currently represented in the list of code values; (b) the merchant category is separate and distinct from all other industries currently represented in the list of code values; (c) the proposal describes a merchant category or industry, and not a process; (d) the minimum annual sales volume of merchants included in the merchant category, taken as a whole is, US$10 million; and (e) sufficient justification for the addition of a new code is found.” The letter stated that a “new MCC code could make it easier for financial institutions to monitor certain types of suspicious activities including straw purchases and unlawful bulk purchases that could be used in the commission of domestic terrorist acts or gun trafficking schemes,” and could garner coordination between financial institutions and law enforcement to aid efforts across the federal government to identify and prevent illicit activity. The letters requested feedback to better understand the companies’ positions.
District Court says tech company not liable for app in crypto theft
On September 2, the U.S. District Court for the Northern District of California granted a defendant California tech company’s motion to dismiss a putative class action filed by users who claimed their cryptocurrency was stolen after they downloaded a “phishing” program that posed as a legitimate digital wallet. Plaintiffs alleged that the illegitimate app (developed by a third-party and not the defendant) caused them to lose thousands of dollars in cryptocurrency. Claiming that the app was a spoofing and phishing program that obtained consumers’ cryptocurrency account information and routed that information to hackers’ personal accounts, plaintiffs sued, asserting claims under the federal Computer Fraud and Abuse Act, Electronic Communications Privacy Act, California Consumer Privacy Act, California’s Unfair Competition Law, California Consumer Privacy Act, California Consumer Legal Remedies Act, Maryland Wiretap and Electronic Surveillance Act, Maryland Personal Information Protection Act, and Maryland Consumer Protection Act. The defendant moved to dismiss, arguing that it was immune from liability under § 230(c)(1) of the Communications Decency Act. The court agreed with the defendant, ruling that it is granted protection under the Act because it qualifies as an “interactive computer service provider” within the meaning of the statute, is treated as a publisher, and provides information from another information content provider. “Here, plaintiffs’ computer fraud and privacy claims are based on [defendant’s] reproduction of an app [] intended for public consumption, via the App Store,” the court wrote. “But, as [defendant] notes, its review and authorization of the [] app for distribution on the App Store is inherently publishing activity.” Moreover, the court concluded that, among other things, the defendant’s liability provision contained within its terms, which states that it is not liable for conduct of a third party, is valid and enforceable.
Real estate brokerages settle NY’s claims of discriminatory practices
On August 30, the New York attorney general and governor announced a joint action taken against three Long Island real estate brokerage firms for allegedly engaging in illegal and discriminatory housing practices. According to the announcement, the Office of the Attorney General and New York Department of State commenced parallel investigations into the brokerage firms, in which they discovered that agents were allegedly violating the Fair Housing Act and New York state law when they allegedly “steered prospective homebuyers of color away from white neighborhoods and subjected them to different requirements than white homebuyers, and otherwise engaged in biased behavior.” In certain instances, agents were allegedly shown to have given preferential treatment to white homebuyers, disparaged neighborhoods of color, and directed prospective homebuyers of color to homes in neighborhoods predominantly resided by communities of color.
Under the terms of the assurance of discontinuance, the brokerage firms agreed to stop the alleged conduct and will offer comprehensive fair housing training to all agents. Agents will also be required to enroll and take state-approved Fair Housing Act compliance courses. Two of the brokerage firms are also required to provide $25,000 to Suffolk County to promote enforcement and compliance with fair housing laws, while the third brokerage firm will pay $30,000 in penalties and costs to the Office of the Attorney General and $35,000 to Nassau County for fair housing testing.
WA Superior Court: Insurance commissioner overstepped in banning credit scoring in underwriting
On August 29, the Washington State Superior Court entered a final order declaring that the Washington Insurance Commissioner exceeded his authority when he issued an emergency rule earlier this year banning the use of credit-based insurance scores in the rating and underwriting of insurance for a three-year period. As previously covered by InfoBytes, several industry groups led by the American Property Casualty Insurance Association (APCIA) sued to stop the rule from taking effect. The rule was intended to prevent discriminatory pricing in private auto, renters, and homeowners insurance in anticipation of the end of the CARES Act, and specifically prohibited insurers from “us[ing] credit history to place insurance coverage with a particular affiliated insurer or insurer within an overall group of affiliated insurance companies.” The rule applied to all new policies effective, and existing policies processed for renewal, on or after June 20, 2021. Industry groups countered that the rule would harm insured consumers in the state who pay less for auto, homeowners, and renters insurance because of the use of credit-based insurance scores to predict risk and set rates.
According to a press release issued by APCIA, earlier this year the superior court issued a bench decision granting the trade group’s petition for a declaratory judgment and invalidating the rule. The superior court “held that the Commissioner could not rely on the more general rating standard statute that prohibited “excessive, inadequate, or unfairly discriminatory” rates to “eliminate all meaning from the more specific credit history statutes by which the legislature had authorized its use.” Calling the final order “an important victory for Washington consumers, particularly lower risk senior policyholders who were forced to pay more to subsidize higher risk policyholders because the rule eliminated the use of credit,” the trade groups said they were pleased that the court agreed with their position that the Commissioner “exceeded his authority when he acted contrary to the longstanding statute that authorized the use of credit in the property and casualty insurance space.”
Temporary exemptions under CCPA/CPRA for human resource and business-to-business data set to expire January 1, 2023
The California legislative session ended on August 31, foreclosing any chance of the legislature extending temporary exemptions under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) related to human resource and business-to-business data, set to expire January 1, 2023. The legislature proposed several bills throughout the legislative session that would have extend the exemptions, but all of them stalled. In a last-ditch effort, a California assembly member proposed amendments to AB 1102 that would have extended the exemptions to January 1, 2025 if adopted during the August 31 floor session.
According to the amendments, the CPRA recognized that various rights afforded to consumers under the CCPA and CPRA are not suited to the employment context, and as such, clarified that the CPRA “does not apply to personal information collected by a business about a natural person in the course of the natural person acting within the employment context, including emergency contact information, information necessary to administer benefits, or information collected in the course of business to business communications or transactions.” The amendments attempted to extend the exemption for “personal information that is collected and used by a business solely within the context of having an emergency contact on file, administering specified benefits, or a person’s role or former role as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or an independent contractor of that business.” The amendments also proposed extending certain exemptions related to “personal information reflecting a communication or a transaction between a business and a company, partnership, sole proprietorship, nonprofit, or government agency that occurs solely within the context of the business conducting due diligence or providing or receiving a product or service.” Although the amendments did not address the reason for the extension for the business exemption, they stated that while the legislature and advocates continue to engage in discussions concerning the enactment of “robust and implementable privacy protections tailored to the employment context,” extending the exemptions would provide temporary protections around worker monitoring while giving businesses more time to enact these protections. However, the amendments were not adopted, and the exemptions will expire as originally intended on January 1, 2023.
As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020 to amend and build on the CCPA. In July, the California Privacy Protection Agency initiated formal rulemaking procedures to adopt proposed regulations implementing the CPRA (covered by InfoBytes here). CPPA Executive Director Ashkan Soltani said he expects the rulemaking process to extend into the second half of the year.
11th Circuit says one-year statutory notice period cannot be varied
On August 26, the U.S. Court of Appeals for the Eleventh Circuit vacated and remanded a district court’s summary judgment in favor of a bank after determining that the plaintiff-appellants’ claim for statutory repayment is not time-barred. Plaintiffs (Venezuelan citizens residing in Venezuela) maintained personal and commercial bank accounts at a Florida branch of the bank. According to the plaintiffs, a bank employee changed the email account associated with the bank accounts to a new fraudulent email. Identity thieves were later able to bypass security measures on the account, gave correct answers to security questions, and sent documents with signatures that matched ones the bank had on file, resulting in roughly $850,000 being transferred out of one of the accounts. Plaintiffs contended they were locked out of their accounts and struggled to contact the bank for months without success. After eventually regaining access to their accounts, plaintiffs discovered the stolen money and sued for a variety of claims, including fraud, negligence, and breach of contract. They also claimed that the bank was required to refund them for the fraudulent wire transfers under Florida Statutes § 670.202. The bank argued, among other things, that the plaintiffs’ claims were time-barred because they failed to notify the bank about the alleged fraud within 30 days of receiving a bank statement. Plaintiffs responded that the Florida Statutes provide a one-year time period to notify a bank of an unauthorized wire transfer and stated that the time-period could not be modified by agreement. The district court entered summary judgment for the bank, concluding “that the one-year period was modifiable and that the parties had modified it.” The district court also determined that because the bank’s procedures were “commercially reasonable” and followed “in good faith” it was not liable to the plaintiffs to repay the wire transfers.
On appeal, the 11th Circuit held that the plaintiffs were still within their statutory one-year notification period when they notified the bank of the fraudulent wire transfers, and rejected the bank’s argument that it could shorten the notification period to 30 days. The 11th Circuit, in rejecting the bank’s argument determined that it cannot “shift the loss of an unauthorized order to the customer during the statutorily determined period,” adding that “if the one-year statutory notice period could be varied, then banks could insist that customers sign contracts that make the time to demand a refund of a fraudulent payment a day (or even less). That would impair the account holder’s right to a refund and defeat Florida’s intent that banks—not account holders— bear the risk of a fraudulent transfer for the first year following the transfer. And there’s no limiting principle in the text for how short banks could make the statutory refund period.” Pointing out that the bank was unable to identify a limiting principal at oral argument, the appellate court concluded that “if banks could modify the one-year period, there’s no principled way to draw the line as to how short of a refund period is too short.” On remand, the 11th Circuit also instructed the district court to review whether the bank’s security procedures are “commercially reasonable.”
District Court denies request to reverse summary judgment in FDIA suit
On August 29, the U.S. District Court for the Eastern District of Pennsylvania denied a consumer plaintiff’s request to reconsider its summary judgment order against him in a Federal Deposit Insurance Act (FDIA) suit. According to the opinion, the plaintiff accrued debt to a federally-insured, state-chartered bank, which had then assigned that debt to defendants, who were not state-chartered, federally-insured banks. The plaintiff’s debt included interest charges that had accrued at an annual rate between 24.99 percent and 25.99 percent, which the plaintiff argued could not be collected by defendants because the interest exceeded the six percent allowed under Pennsylvania's usury law. The court ruled in favor of the defendants, relying on a recently promulgated FDIC rule that determined that state usury laws are preempted by section 27 of the FDIA in cases where state usury law interferes with state-chartered, federally-insured banks' ability to make loans or when they interfere with a state-chartered, federally-insured bank’s assignee’s efforts to collect on those loans. The plaintiff requested the reconsideration of the district court's summary judgment decision and filed a notice of appeal to the U.S. Court of Appeals for the Third Circuit. In his motion for reconsideration, the plaintiff argued that the court’s previous summary judgment decision was “erroneous” because: (i) the 3rd Circuit held in In re: Community Bank of Northern Virginia that “the FDIA unambiguously excludes non-bank purchasers of debt from its coverage and that deference to the FDIC’s contrary interpretation would, therefore, be inappropriate”; (ii) the FDIC’s rule cannot apply to his debts because such an application would be impermissibly retroactive; and (iii) LIPL fits within the FDIC rule’s exception for “licensing or regulatory requirements.”
The court denied the plaintiff’s motion for reconsideration, holding that the plaintiff “failed to identify an appropriate basis for reconsideration,” as the consumer’s arguments are “either a new argument that could have been presented before judgment was entered or a reprisal of an argument that the Court addressed in its original decision.” The court further noted that it would be “inappropriate for the Court to grant a motion to reconsider under either of those circumstances.” The court went on to determine that the new arguments advanced by the plaintiff were unpersuasive in any event, finding that the 3rd Circuit had not held section 27 of the FDIA to be unambiguous in its meaning and that application of the FDIC’s rule did not create an impermissible retroactive effect.
California bankruptcy court says a forbearance that modifies the original loan is subject to state usury laws in certain instances
Earlier this year, the United States Bankruptcy Court for the Northern District of California granted in part and denied in part cross-motions for summary judgment in an action concerning “piecemeal exemptions” to California’s usury law. Plaintiffs entered into a loan agreement secured by their residence carrying an interest rate of 11.3 percent and a default interest rate of 17.3 percent (plus late fees) with a then-unlicensed lender. They also signed a promissory note, which stated that should they fail to make a monthly payment within 10 days of the due date they would be assessed a late charge equal to 10 percent of the monthly payment. After plaintiffs struggled to make payments, the parties entered into an extension agreement to supplement and amend the original loan (but not replace it), which slightly lowered the initial interest rate but increased the monthly payments and default interest rate. The extension also included language adding a charge on the final balloon payment that was not part of the original loan. Plaintiffs again began to miss loan payments and sought to refinance the loan with a different lender. A payoff quote provided by the defendant included what was originally called a “prepayment penalty” but was later changed to represent a late charge on the principal balance in line with the extension.
Plaintiffs sued the defendant and related parties in state court, seeking damages and alleging claims related to breach of contract, fraud, and intentional interference. After the court denied plaintiffs’ motion for preliminary injunction, plaintiffs filed an appeal on the same day one of the plaintiffs filed for bankruptcy. The defendant eventually filed a motion for summary judgment on the claims in the amended complaint, whereas plaintiffs sought partial summary judgment on several new claims, including that (i) the extension violated state usury law; (ii) the defendant “demanded an illegal acceleration penalty” from plaintiffs; and (iii) the defendant illegally charged multiple late fees on a single loan payment.
In a case of first impression, the court held that under California law, a loan extension that modifies the original loan, including by extending the maturity date, is considered a forbearance subject to state usury laws because there was no other sale, lease, or other transaction involved. The court noted that the statute “provides a restricted definition of the term ‘arranged’ in relation to a forbearance,” and that it also “painstakingly sets forth the instances in which a forbearance negotiated by a real estate broker would be exempt under usury law: when that broker was previously involved in arranging the original loan and that loan was in connection with a sale, lease, or other transaction, or when that broker had previously arranged for the sale, lease or other transaction for compensation.” The court further stated that “[c]onspicuously absent from those instances is a scenario in which a forbearance is arranged on a simple loan of money secured by real estate, with no other sale, lease, or other transaction involved,” adding that it “cannot create an exemption here to save [the defendant].” In the subject transaction, the real estate broker involved when the original loan was made was not involved in the extension, the court said.
The court also held that the loan forbearance violated California usury laws although the original loan was exempt from usury laws, disagreeing with the defendant’s position that “an originally non-usurious transaction cannot be transformed into a usurious transaction at a later point.” The court pointed out the distinction in this case from others cited by the defendant, stating that the “difference between a non-usurious loan and a loan subject to an exemption is slight but distinct. . . . Once the exemption (no real estate broker involved) ceased to apply, the exemption disappeared, and the transaction became subject to the full consequences of the usury law.” Because the extension’s interest rate and default interest rate both violated state usury law, the defendant is entitled only to the principal balance of the extension minus the amount of usurious interest paid.
Additionally, the court determined that under California law, the liquidated damages provision of the loan extension was separate from the interest charged by the extension, and a late charge on top of a balloon payment under extension was an unenforceable penalty provision instead of a valid provision for liquidated damages. The court also declined to consider punitive or other damages and said it will make a determination in the future as to what the defendant is entitled to by way of reimbursements or costs, as well as any interest accrued and owed after the extension’s maturity date.
FTC, states sue rental listing platform for fraud
On August 30, the FTC announced a lawsuit, together with the attorneys general from New York, California, Colorado, Florida, Illinois, and Massachusetts, against a rental listing platform and its owners for allegedly charging consumers for false endorsements and fake listings. The complaint, which alleges violations of the FTC Act and various state laws, claims that the defendants used both fake reviews and fake listings to lure consumers to its platform and pay for access to so-called “verified and authentic living arrangement listings.” In particular, one of the individual defendants is alleged to have deceptively promoted the platform “by providing tens of thousands of fake four- and five-star reviews” to app stores. That individual defendant stipulated to the entry of a proposed stipulated final order on the same day, which requires the following: (i) cooperation with the FTC’s ongoing action; (ii) informing the app stores that he was paid to post reviews and identify the fake reviews and when they were posted; (iii) a permanent ban from selling or misrepresenting consumer reviews or endorsements; and (iv) payment of a total of $100,000 to the state AGs.
The action is part of the FTC’s on-going efforts to address fake and deceptive reviews, which include a $4.2 million action taken against an online fashion retailer accused of suppressing negative reviews, and warnings issued in 2021 to more than 700 companies announcing that they may face fines over misleading online endorsements (covered by InfoBytes here and here).
California broadens DFPI commissioner’s enforcement authority
On August 26, the California governor signed AB 2433, which broadens DFPI’s unlawful practices oversight and enforcement power over any person currently engaging in or having engaged in the past, in unlicensed activity. Among other things, the bill amends the DFPI commissioner’s enforcement of various laws, such as the California Commodity Law, Escrow Law, California Financing Law (CFL), Property Assessed Clean Energy (PACE), Student Loan Servicing Act, and California Residential Mortgage Lending Act. The bill establishes that the commissioner may act “upon having reasonable grounds to believe that a broker-dealer or investment advisor has conducted business in an unsafe or injurious manner.” The bill also permits the DFPI to “act upon having cause to believe that a licensee or other person has violated the CFL.” The CFL provides for the licensure and regulation of finance lenders, brokers, and specified program administrators by the Commissioner of Financial Protection and Innovation to issue a citation to the licensee or person and to assess an administrative fine, as specified, among other things. The CFL also regulates certain persons acting under the PACE program, including PACE solicitors and PACE solicitor agents. The new bill establishes that “if the commissioner, upon inspection, examination, or investigation, has cause to believe that a PACE solicitor or PACE solicitor agent is violating any provision of that law, or rule or order thereunder, the commissioner or their designee is required to exhaust a specified procedure before bringing an action.” Additionally, bill specifies that certain “procedures apply when the commissioner has cause to believe that a PACE solicitor or solicitor agent has violated any provision of that law or rule or order thereunder.” The bill also mentions the Student Loan Servicing Act, which “provides for the licensure, regulation, and oversight of student loan servicers by the commissioner,” and establishes that the commissioner is required, upon having reasonable grounds after investigation to believe that a licensee is conducting business in an unsafe or injurious manner, to direct, by written order, the discontinuance of the unsafe or injurious practices. This bill specifies “that these procedures also apply if, after investigation, the commissioner has reasonable grounds to believe that a licensee has conducted business in an unsafe or injurious manner.” The bill is effective immediately.