InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S. Supreme Court overturns Chevron Doctrine
On June 28, the U.S. Supreme Court entered an opinion overturning the Chevron Deference Doctrine, a test used by federal regulators to interpret ambiguous language in existing law in rulemaking and enforcement actions.
The 6-3 ruling is a result of a combined two cases, Loper Bright Enterprises v. Raimondo and Relentless, Inc. v. U.S. Department of Commerce, that challenged a ruling that leveraged the Chevron Deference Doctrine. The court held that according to the Administrative Procedure Act (APA), courts must “exercise their independent judgment in deciding whether an agency has acted within its statutory authority,” stipulating that courts cannot reference an agency’s interpretation of law they claim is ambiguous. The court decided that “a statutory ambiguity does not necessarily reflect a congressional intent that an agency, as opposed to a court, resolve the resulting interpretive question” and that Chevron’s presumptions were “misguided.” Instead of binding a court, the court held, agencies’ interpretations should provide informative expertise. However, the court emphasized that prior decisions relying on Chevron were unaffected, stating “we do not call into question prior cases that relied on the Chevron framework. The holdings of those cases that specific agency actions are lawful … are still subject to statutory stare decisis despite our change in interpretive methodology
For a more thorough treatment of this important case, please read our recent Orrick Insight here.
U.S. Supreme Court delays 6-year deadline to challenge federal regulations
On July 1, the U.S. Supreme Court entered an opinion delaying a 6-year statute of limitations to legally challenge federal regulations until a plaintiff is injured. In Corner Post Inc., vs. Board of Governors of the Federal Reserve System, 603 U. S. ____ (2024)., the Supreme Court held that the statute of limitations for an Administrative Procedures Act challenge accrues from the date of a plaintiff’s injury, not from the date of final agency action. In general, the APA authorizes parties injured by agency action to obtain judicial review. 5 U.S.C. § 702. In most cases, this review is limited to “final agency action.” 5 U.S.C. § 704. Both elements–injury and final agency action–are necessary, but not sufficient, for an APA claim. In Corner Post, the Court considered whether the absence of one of these elements–injury–prevents the limitations period from starting. The APA’s limitations period is “six years after the right of action first accrues,” the default limitations period for civil actions against the United States. 28 U.S.C. § 2401(a). The Court granted certiorari to resolve a Circuit split over the interpretation of “accrues.” The Eighth Circuit, and others, held that the limitations period accrues from the date of final agency action, regardless of the date of injury. The Sixth Circuit, however, held that the limitations period accrues from the date of injury.
Corner Post is a North Dakota-based truck stop and convenience store, incorporated in 2017 and opened in 2018. In 2021, it brought an APA challenge under 5 U.S.C. §§ 706(2)(A), (C) to the Federal Reserve Board’s Debit Card Interchange Fees and Routing Rule, Regulation II. Corner Post alleged that Regulation II permitted interchange fees above Dodd-Frank’s threshold: “reasonable and proportional to the cost incurred by the issuer with respect to the transaction.” 15 U.S.C. §1693o–2(a)(3)(A). The District Court dismissed the suit as barred by § 2401(a). It held that the six-year limitations period accrued from the date of final agency action–when Regulation II was promulgated, in 2011–not the date Corner Post suffered an injury, in 2018. As such, the limitations period had expired. On appeal, the Eighth Circuit affirmed.
To identify the original meaning of “accrues,” the Court reviewed the term’s meaning in 1948, when Congress passed § 2401(a). At that time, accrue had a “well-settled meaning”–rights accrue when they “come[ ] into existence.” Corner Post Inc., 603 U.S. at 7 (quoting United States v. Lindsay, 346 U.S. 568, 569 (1954)). Legal dictionaries contemporaneous with § 2401(a)’s passage support this definition. Precedent also supports this reading, referring to this interpretation as the “standard” or “traditional” rule. Graham County Soil & Water Conservation Dist. v. United States ex rel. Wilson, 545 U.S. 409, 418 (2005); TRW Inc. v. Andrews, 534 U.S. 19, 37 (2001) (Scalia, J.). Nothing in § 2401(a)’s text indicates that Congress sought to depart from this traditional rule. As such, the limitations period begins accruing when the plaintiff has a complete and present cause of action, which requires injury. There is no distinction, moreover, between facial and as-applied challenges because § 2401(a)’s text lacks finality-focused language such as “promulgation” or “entry.” In addition, Congress’ passage of statutes with finality-based limitations periods contemporaneous with § 2401(a)’s passage does not defeat the text’s ordinary meaning.
To complete the analysis, the Court examined the Board’s reliance on Reading Co. v. Koons, 271 U.S. 58 (1926) and Crown Coat Front Co. v. United States, 386 U.S. 503 (1967). Koons considered a Federal Employer’s Liability Act that used “accrued” to describe a limitations period for estate claims that run from the decedent’s death, even though those claims are only available to an estate administrator, who may not be appointed for some period after the decedent’s death. The Court distinguished Koons by noting beneficiaries’ capacity to sue immediately and amend that suit when appointed administrator. Crown Coat applied § 2401(a) to a Government contractor’s claim against the United States. There, the claim did not “mature” until the contractor exhausted all administrative remedies, meaning that § 2401(a)’s limitation period did not begin until the contractor exhausted those administrative remedies. Even if Crown Coat’s dicta supports a more flexible reading of “accrues,” it is not enough to overcome decades of precedent supporting the traditional reading of accrues. In closing, the Court rejected the Board’s policy arguments, finding that later opportunities to challenge agency action will often meet binding (or persuasive) precedent.
Justice Kavanagh concurred, writing separately to emphasize the APA’s authorization of vacatur for unlawful agency action. No other Justices joined the concurrence. Justice Jackson, joined by Justice Sotomayor and Justice Kagan, dissented. Justice Jackson worried about gamesmanship. Corner Post’s procedural history shows Corner Post’s addition to the suit only after the Government moved to dismiss under § 2401(a)’s limitations period. Plaintiffs may manufacture injury for a Regulation II challenge by, for example, purchasing a cash-only business and choosing to accept debit cards. In general, however, the dissent proposed a more flexible meaning for “accrues” based on the cause of action at issue. Plaintiff-specific claims would not accrue until injury, but facial administrative-law claims would accrue when a rule is finalized, regardless of injury.
Fed enters into agreement with bank as part of an OCC enforcement
On June 25, the Fed announced the execution of a written agreement with a registered savings and loan holding company, and its affiliate banks, to oversee its consent order requirements deriving from an OCC consent order from October 2023. Under the agreement, the bank will have 60 days to prepare a written plan to the Fed to strengthen board oversight and must include actions to (i) maintain effective risk management programs, (ii) ensure those risk management programs will be managed appropriately, (iii) monitor adherence to applicable laws and regulations, (iv) improve supervision of, and maintain control over, operations and activities, and (v) improve the comprehensiveness and quality of reports reviewed by the board. The bank will also have 60 days to submit a written strategic plan and budget to the Fed that will outline the firm’s short- and long-term strategic goals, the firm’s financial condition, a budget for the remainder of 2024, and a budget review process. Additionally, the Fed will require the banks to submit a written statement on their planned uses of cash for the remainder of 2024.
5th Circuit keeps CFPB credit card late fee case in Texas
Recently, the U.S. Court of Appeals for the Fifth Circuit issued an opinion directing the lower court to vacate a transfer order, and keeping a challenge to the CFPB’s credit card late fee rule in Texas. In its unanimous ruling, a three-judge panel noted the complex series of procedural events, including two changes of venue ordered by the district court. However, during the first venue transfer (covered by InfoBytes here), a different panel issued a writ of mandamus, reversing the transfer decision because the district court lacked jurisdiction over the case at that time. This was due to the fact that an appeal concerning the preliminary injunction motion was already pending before the 5th Circuit (covered by InfoBytes here). Because the 5th Circuit’s decision to issue the writ of mandamus was based on jurisdictional grounds, they did not have a reason to evaluate whether the district court's decision to transfer venue was appropriate under 28 U.S.C. § 1404(a). Now, the court said, they do. The panel found that the transfer order misapplied the controlling standard for transferring cases and “was a clear abuse of discretion.” Therefore, the 5th Circuit dissolved its administrative stay, granted plaintiffs’ petition for a writ of mandamus, and directed the district court to vacate its transfer order.
Supreme Court holds that defendants are entitled to jury trial if the SEC seeks civil penalties
On June 27, the U.S. Supreme Court decided SEC v. Jarkesy which held that, pursuant to the Seventh Amendment, when the SEC brings an enforcement action seeking civil penalties, it must do so in federal court, where a jury trial is available, rather than through its own in-house proceedings. When the SEC would adjudicate a matter in-house, however, there were no juries — the Commission (or a delegated member or Administrative Law Judge) presided over the action and acts as the factfinder.
In the underlying case (covered by InfoBytes here), the SEC initiated an enforcement action and sought, among other remedies, civil penalties. The SEC, as was typical, adjudicated the matter in-house rather than proceed in federal court and imposed a $300,000 civil penalty. The defendant sought review, ultimately raising before the Supreme Court the question of whether the Seventh Amendment entitled a defendant to a jury trial when the SEC seeks civil penalties for securities fraud. The Supreme Court held that it did as the Seventh Amendment guaranteed that “the right of trial by jury shall be preserved” in “suits at common law”; “money damages are the prototypical common law remedy,” and civil penalties — a form of monetary relief — were “a type of remedy at common law that could only be enforced in courts of law.”
For a deeper look at this important case, please read our recent Orrick Insight here.
Nevada approves regulation on earned wage access
On June 20, the Nevada Secretary of State approved Regulation NAC 604D, LCB File No. R096-23 (the Regulation), issued by the Nevada Department of Business and Industry, Financial Institutions Division, which established provisions to implement SB 290 (the Act) relating to earned wage access (covered by InfoBytes here).
The Regulation established the commissioner’s interpretation of the term “indirectly” as used in the definition of “employer-integrated earned wage access services” in the Act. As the Legislative Counsel’s Digest for the Regulation explained, “S.B. 290 defines employer-integrated earned wage access services to mean the delivery to a user of access to earned but unpaid income determined based on employment, income or attendance data obtained directly or indirectly from an employer.” In this context, the Regulation provided that data obtained “indirectly” from an employer means “verified data of the employment, income, or attendance of the user that is:” (i) “Obtained from an integrated system”; (ii) “Not directly obtained from the system of an employer”; and (iii) “Not directly obtained from the user.” The Regulation further provides that an “owner” was “a person who holds an ownership interest of at least 10 percent or more in an applicant for the issuance of a license as a provider that is a business entity.” The Regulation also clarified that providers are prohibited from charging cancellation fees of any kind.
The Regulation set forth $1,000 fees each for (i) the initial application for a license; (ii) the initial issuance of a license as a provider; (iii) the annual renewal of such a license; and (iv) the reinstatement of an expired license. Furthermore, the Regulation provided that each application for licensure by a provider that is a business entity must be accompanied by a list consisting of each person who holds an ownership interest in the applicant.
Pursuant to the Regulation, licensees will be required to report specific activity-based information to the state, including, non-exhaustively, the (i) total number and value of fees and expedited delivery fees paid by users within the prior year; (ii) the number of users with outstanding proceeds at the time of reporting and the value of such outstanding proceeds; (iii) the total number of requests for reimbursement of overdraft or NSF fees in the prior year; and (iv) voluntary tips received. Licensees will also be required to submit audited financial statements by April 15 each year (or, if not available, unaudited financial statements by April 15, followed by audited financial statements by June 30 of that same year). Licensees must retain records for at least six years and must not engage in misleading advertising. With respect to supervision, the Regulation establishes an hourly fee of $75 that the commissioner will charge for any supervision, examination, audit, investigation or hearing conducted pursuant to the provisions of the Act and provided that the commissioner can revoke or suspend licenses for any violations and has broad authority to request information during examinations or investigations.
This Regulation will go into effect on July 1.
DFPI proposes amendments to regulations under the California Debt Collection Licensing Act
On June 17, the California DFPI proposed to amend the California Code of Regulations relating to requirements under the Debt Collection Licensing Act (DCLA) and will be accepting comments through July 3. The proposed amendments would define the phrase "net proceeds generated by California debtor accounts" and also clarify annual reporting requirements for DCLA licensees.
Specifically, “net proceeds generated by California debtor accounts” will mean the amount retained by a debt collector from its California debt collection activity, and depending on the business activities of the licensee, will be further defined as follows: (i) for debt buyers, net proceeds are the amount collected minus the prorated purchase price paid for the debt, before deducting costs and expenses; (ii) for purchasers of non-charged-off or non-defaulted debt, net proceeds are calculated in the same fashion as debt buyers; and (iii) for all other debt collectors, net proceeds are the amount the collector receives from its clients, before deducting costs and expenses (where “client” means the company on whose behalf the debt collector has been contracted to collect on an account).
The proposed regulations also clarified annual reporting requirements and defined terms used within the report for DCLA licensees. Specifically, the regulations confirmed that licensees must submit an annual report, signed by a principal officer attesting to its accuracy and completeness, and that the report must be submitted electronically. Additionally, when completing the data requested in the report, licensees must count each California debtor account separately and the number of California debtor accounts collected in the preceding year (which is defined as the calendar year – January 1 through December 31) shall be the sum of (i) the total number of accounts collected in full; (ii) the total number of accounts resolved for less than the full amount; and (iii) the total number of accounts where partial payments were made but a balance remains due. The report must also include the total number and dollar amount of accounts for which collection was attempted but no payments were collected or resolved within the year.
The “total dollar amount of California debtor accounts purchased in the preceding year” and the “face value dollar amount of California debtor accounts in the licensee’s portfolio in the preceding year” were defined and must also be reported, excluding any added fees or charges. Additional information required includes the number of California debtor accounts and the number of California debtors in the licensee's portfolio as of the end of the year.
FTC refers ROSCA case against software company and executives to DOJ
On June 17, the FTC announced an enforcement action against a software company and two of its executives for its practices related to its subscription model. According to the redacted complaint filed by the DOJ (upon referral from the FTC), defendant allegedly failed to adequately disclose to consumers the terms associated with its year-long subscription, and allegedly failed to obtain the consumer’s express informed consent before charging them. Defendant’s “Annual, Paid Monthly” subscription plan allegedly included early termination fees (ETF) that were not clearly disclosed to consumers upon enrollment. In particular, the ETF disclosures were buried on the company’s website in small print or required consumers to hover over small icons to find the disclosures. The DOJ also alleged defendant used the early termination fees to discourage consumers from canceling their plans, which was also difficult for consumers to do. Defendant’s practices allegedly violated the Restore Online Shoppers’ Confidence Act (ROSCA). The DOJ will be seeking injunctive relief, civil penalties, equitable monetary relief, as well as other relief.
New York Attorney General issues judgment against crypto-asset firm
On June 14, the New York Attorney General, Letitia James, announced a stipulation and consent to judgment against a crypto-asset company for allegedly misleading investors on the risks of its program. Under the order, the defendants agreed to distribute all digital assets through its platform as restitution on an in-kind, “coin-for-coin” basis, with distributions to be made in the same amount and types of crypto-assets loaned by the investors. The stipulation followed a May 20 settlement with the company worth $2 billion.
The defendants were permanently restrained and enjoined from engaging in any conduct under the Martin Act and Executive Law § 63(12), as well as offering a cryptocurrency lending product in New York State. However, the order specified that if future state or federal legislation permitted crypto lending in the state, the defendant may seek permission from the New York AG to lift the ban. The defendants further agreed to fully cooperate with the New York AG as it continued to investigate the matter. The order also required the defendants to disclose to consumers within thirty days of its execution that the defendant is not registered with the SEC or the CFTC, along with detailing risk factors, among other disclosure requirements. The defendants neither admitted nor denied the allegations in the complaint, aside from admitting to personal and subject matter jurisdiction.
SEC charges communications company with accounting control failure
On June 18, the SEC issued a cease-and-desist order (order) against a Delaware-based business communication and marketing service provider (respondent) to settle allegations of cybersecurity controls violations related to a 2021 ransomware attack.
According to the order, the SEC alleged respondent did not have adequate controls to ensure cybersecurity incidents were reported to its management and did not respond to alerts indicating unusual network activity in a timely manner. Among other allegations, the order contended that respondent relied on a third-party vendor to review and escalate the large volume of alerts issued by its cybersecurity detection systems but did not implement procedures or controls to effectively confirm that the vendor’s review and escalation of alerts were consistent with the respondent’s expectations. The order noted that respondent cooperated with the investigation, reported the cybersecurity incident promptly, and took steps to enhance its cybersecurity technology and controls. Without admitting the SEC’s allegations, respondent agreed to a $2,125,000 civil money penalty.
Notably, in addition to alleged violation of Exchange Act Rule 13a-15(a) requiring public companies to maintain disclosure controls and procedures designed to ensure timely disclosure of incidents in compliance with the Commission’s rules, the order also alleged that respondent’s failure to design effective procedures to ensure escalation and timely decisions regarding potential security incidents violated Section 13(b)(2)(B) of the Securities Exchange Act of 1934. Section 13(b)(2)(B) required covered companies to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances, among other things, that access to company assets was permitted only in accordance with management’s general or specific authorization.”
In a statement responding to the order, SEC Commissioners Pierce and Uyeda took issue with the Commission’s application Section 13(b)(2)(B). Specifically, the commissioners argued that the requirement to maintain internal accounting controls ensuring “that access to company assets” must be authorized by management and was intended to protect the accuracy of corporate transactions for the use and disposition of assets in transactions. They noted that “[w]hile [respondent’s] computer systems constitute an asset in the sense of being corporate property, computer systems are not the subject of corporate transactions,” and that faulting respondent’s internal accounting controls in the context of a ransomware attack “breaks new ground with its expansive interpretation of what constitutes an asset under Section 13(b)(2)(B)(iii).”