InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies propose Call Report revisions
On February 22, the FDIC, Federal Reserve Board, and the OCC announced the publication of a joint notice and request for comment proposing changes to three versions of the Call Report (FFIEC 031, FFIEC 041, and FFIEC 051), as well as changes to the Report of Assets and Liabilities of U.S. Branches and Agencies of Foreign Banks (FFIEC 002), as applicable. Section 604 of the Financial Services Regulatory Relief Act of 2006 mandates agency review of information collected in the Call Reports “to reduce or eliminate any requirement to file certain information or schedules if the continued collection of such information or schedules is no longer necessary or appropriate.” The proposed changes would eliminate and consolidate certain items in the Call Reports based on an evaluation of responses to a user survey addressing the Call Report schedules. The agencies are also requesting comments on certain technical clarifications made last year concerning the reporting of certain debt securities issued by Freddie Mac and proposed Call Report process revisions. The proposed changes if approved, will take effect as of the June 30, 2023, report date. Comments are due April 24.
District Court says undated collection letter is misleading
On February 9, the U.S. District Court for the Southern District of Florida partially granted a defendant debt collector’s motion to dismiss an action alleging an undated collection letter violated various provisions of the FDCPA. Plaintiff received a collection letter from the defendant providing information on the amount of outstanding debt and instructions on how to dispute the debt, as well as a timeframe for doing so. However, the letter sent to the plaintiff was undated, and the plaintiff asserted that it was impossible for him to determine what “today” meant when the letter said “‘[b]etween December 31, 2021 and today[,]’” or what “now” referred to in the context of “[t]otal amount of the debt now.” He argued that by withholding this necessary information, the letter appeared to be illegitimate and misleading, and ultimately caused him to spend time and money to mitigate the risk of future financial harm. The defendant moved to dismiss for failure to state a claim, maintaining that the letter “fully and accurately stated the amount of the debt and otherwise complied with all requirements of the [statute].” The defendant further argued that the letter “conforms exactly to” the debt collection model form letter provided by the CFPB, and insisted that, because it complied with 12 C.F.R. § 1006.34(d)(2), it fell within the safe harbor provided by Bureau regulations to debt collectors that use the model form letter. The defendant contended that, even if it did not qualify for the safe harbor provision, it is not a violation of the FDCPA for a debt collection letter to be undated. The plaintiff asked the court to ignore the Bureau’s safe harbor provision and find that the undated letter is sufficient to state a plausible FDCPA claims.
In dismissing one of plaintiff’s claims, the court agreed with the defendant that the plaintiff failed to provide any factual or plausible allegations demonstrating “harass[ment], oppress[ion], or abuse” by the defendant (a requirement for alleging a violation of 15 U.S.C. section 1692d). “An undated letter, with little else, is not ‘the type of coercion and delving into the personal lives of debtors that [section] 1692d in particular[] was designed to address,” the court wrote.
However, the court determined that the plaintiff’s other three claims survive the motion to dismiss. First, the court held that the defendant’s reliance on the model form letter “overstates both the meaning and scope of the regulatory safe harbor provided by the CFPB.” Specifically, the plaintiff did not allege that the defendant violated any CFPB regulations—he alleged violations of the FDCPA, and the court explained that nowhere does the Bureau state that using the model form letter “suffices as compliance with the corresponding statutory requirements of [FDCPA] section 1692g.” Moreover, while use of the model form might provide a safe harbor from some of the statute’s requirements, “a safe harbor for the form of provided information is different from a safe harbor for the substance of that information,” the court said, adding that using the model form letter alone does not bar plaintiff’s claims. Additionally, the court determined that under the “least-sophisticated consumer” standard, the plaintiff alleged plausible claims for relief based on the omission of the date in the letter. Among other things, the undated letter could be interpreted as not stating the full amount of the debt, nor does the letter provide a means for plaintiff to assess how the debt might increase in the future if he did not make a prompt payment. With respect to whether the defendant used “unfair or unconscionable means to collect” the debt, the court determined that the undated letter’s misleading nature as to the full amount of the debt might “be ‘unfair or unconscionable’ to the least-sophisticated consumer.”
OFAC announces sanctions tied to Mexican drug cartel
On February 22, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14059, against six Mexican nationals involved in the methamphetamine and fentanyl trade, along with six related Mexico-based entities. According to OFAC, the sanctioned network’s actions aid a Mexican drug cartel’s facilitation of fentanyl and other drugs trafficked into the United States. OFAC coordinated with the Mexican government, the FBI, and the DEA to take this action. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, and “may face civil or criminal penalties for violations of E.O. 14059.” Additionally, OFAC warned that “persons that engage in certain transactions with the individuals and entities designated today may themselves be exposed to sanctions or subject to an enforcement action.”
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.
Montana amends mortgage servicing laws
On February 16, the Montana governor signed HB 30, which amends certain provisions of the state’s mortgage laws. Among other things, the act outlines provisions related to financial condition requirements, model state regulatory prudential standards for nonbank mortgage servicers, risk assessments, and licensee reporting requirements. The act also permits remote work provided certain conditions are met, including that a licensee’s employees and independent contractors do not meet with the public in an unlicensed personal residence, business records are not stored at the remote locations, appropriate security measures are put in place to ensure the confidentiality of customer information, and the NMLS record reflects the designation of a properly licensed location as the mortgage loan originator’s official workstation. In addition, the act amends provisions related to the denial of a licensee’s application or renewal, and updates designated manager and branch office licensing requirements to account for the remote location allowance. The act further provides the Department of Administration (acting through the Division of Banking and Financial Institutions) with rulemaking authority for addressing the revocation or suspension of licenses for cause, investigations into alleged violations, and fees, among other things. Additional amendments address the sharing of confidential supervisory information with state and federal financial regulators. Exempt from the act’s requirements are not-for-profit servicers and housing financing agencies, while servicers solely involved in reverse mortgage servicing are exempt from certain portions of the act. Similarly, servicers with 25 or fewer loans, or servicers wholly owned and controlled by one or more state- or federally-regulated depository institutions are also exempt from certain portions of the act. A servicer that is also licensed as an escrow business may apply to waive or adjust certain financial condition requirements. The act is effective July 1.
FTC, DOJ sue telemarketers of fake debt relief services
On February 16, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for alleged violations of the FTC Act and the Telemarketing Sales Rule (TSR) in connection with debt relief telemarketing campaigns that delivered millions of unwanted robocalls to consumers. (See also FTC press release here.) According to the complaint, filed in the U.S. District Court for the Southern District of California, the defendants are interconnected platform providers, lead generators, telemarketers, and debt relief service sellers. Alleged violations include: (i) making misrepresentations about their debt relief services; (ii) initiating telemarketing calls to numbers on the FTC’s Do Not Call Registry, as well as calls in which telemarketers failed to disclose the identity of the seller and services being offered; (iii) initiating illegal robocalls without first obtaining consent; (iv) failing to make oral disclosures required by the TSR, including clearly and truthfully identifying the seller of the debt relief services; (v) misrepresenting material aspects of their debt relief services; and (vi) requesting and receiving payments from customers before renegotiating or otherwise altering the terms of those customers’ debts. The complaint seeks permanent injunctive relief, civil penalties, and monetary damages. Two of the defendants (a debt relief lead generator and its owner) have agreed to a stipulated order that, if approved, would prohibit them from further violations and impose a monetary judgment of $3.38 million, partially suspended to $7,500 to go towards consumer redress due to their inability to pay.
DFPI launches crypto scam tracker
On February 16, the California Department of Financial Protection and Innovation (DFPI) launched a database to help consumers in the state spot and avoid crypto scams. The Crypto Scam Tracker compiles details about apparent crypto scams identified through a review of public complaints submitted to the DFPI, and is searchable by company name, scam type, or keywords. “Through the new Crypto Scam Tracker, combined with rigorous enforcement efforts, the DFPI is committed to shining a light on these ruthless predators and protecting consumers and investors,” DFPI Commissioner Clothilde Hewlett said in the announcement.
NYDFS adds enhancements for detecting virtual currency fraud
On February 21, NYDFS Superintendent Adrienne A. Harris announced enhancements to the Department’s ability to detect fraud in the virtual currency industry. The new enhancements will improve NYDFS’s ability to combat financial crime and detect illegal activity among state-regulated entities engaged in virtual currency activity through new insider trading and market manipulation risk monitoring tools. Specifically, the enhancements will strengthen NYDFS’s virtual currency supervision and aid the Department in detecting potential insider trading, market manipulation, and front-running activity associated with regulated entities’ and applicants’ exposure or potential exposure to listed virtual currency wallet addresses. The announcement builds upon recently issued guidance related to the use of blockchain analytics tools, the issuance of U.S. dollar-backed stablecoins, and custodial guidance on crypto insolvency, as well as guidance for addressing measures for preventing market manipulation. (Covered by InfoBytes here, here, here, and here.)
Illinois Supreme Court says BIPA claims accrue with every transmission
On February 17, the Illinois Supreme Court issued a split decision holding that under the state’s Biometric Information Privacy Act (BIPA), claims accrue “with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” The plaintiff filed a proposed class action alleging a defendant fast food chain violated BIPA sections 15(b) and (d) by unlawfully collecting her biometric data and disclosing the data to a third-party vendor without first obtaining her consent. According to the plaintiff, the defendant introduced a biometric-collection system that required employees to scan their fingerprints in order to access pay stubs and computers shortly after she began her employment in 2004. Under BIPA (which became effective in 2008), section 15(b) prohibits private entities from collecting, capturing, purchasing, receiving through trade, or otherwise obtaining “a person’s biometric data without first providing notice to and receiving consent from the person,” whereas Section 15(d) provides that private entities “may not ‘disclose, redisclose, or otherwise disseminate’ biometric data without consent.” While the plaintiff asserted that the defendant did not seek her consent until 2018, the defendant argued, among other things, that the action was untimely because the plaintiff’s claim accrued the first time defendant obtained her biometric data. In this case, defendant argued that plaintiff’s claim accrued in 2008 after BIPA’s effective date. Plaintiff challenged that “a new claim accrued each time she scanned her fingerprints” and her data was sent to a third-party authenticator, thus “rendering her action timely with respect to the unlawful scans and transmissions that occurred within the applicable limitations period.” The U.S. District Court for the Northern District of Illinois agreed with the plaintiff but certified its order for immediate interlocutory appeal after “finding that its decision involved a controlling question of law on which there is substantial ground for disagreement.”
The U.S. Court of Appeals for the Seventh Circuit ultimately found that the parties’ competing interpretations of claim accrual were reasonable under Illinois law, and agreed that “the novelty and uncertainty of the claim-accrual question” warranted certification to the Illinois Supreme Court. The question certified to the high court asked whether “section 15(b) and (d) claims accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission[.]”
The majority held that the plain language of the statute supports the plaintiff’s interpretation. “With the subsequent scans, the fingerprint is compared to the stored copy of the fingerprint. Defendant fails to explain how such a system could work without collecting or capturing the fingerprint every time the employee needs to access his or her computer or pay stub,” the high court said. The majority rejected the defendant’s argument that a BIPA claim is limited to the initial scan or transmission of biometric information since that is when the individual loses the right to control their biometric information “[b]ecause a person cannot keep information secret from another entity that already has it.” This interpretation, the majority wrote, wrongfully assumes that BIPA limits claims under section 15 to the first time a party’s biometric identifier or biometric information is scanned or transmitted. The Illinois Supreme Court further held that “[a]s the district court observed, this court has repeatedly held that, where statutory language is clear, it must be given effect, ‘even though the consequences may be harsh, unjust, absurd or unwise.’” However, the majority emphasized that BIPA does not contain language “suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business,” adding that because “we continue to believe that policy-based concerns about potentially excessive damage awards under [BIPA] are best addressed by the legislature, . . . [w]e respectfully suggest that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under [BIPA].”
The dissenting judges countered that “[i]mposing punitive, crippling liability on businesses could not have been a goal of [BIPA], nor did the legislature intend to impose damages wildly exceeding any remotely reasonable estimate of harm.” “Indeed, the statute’s provision of liquidated damages of between $1000 and $5000 is itself evidence that the legislature did not intend to impose ruinous liability on businesses,” the dissenting judges wrote, cautioning that plaintiffs may be incentivized to delay bringing claims for as long as possible in an effort to increase actionable violations. Under BIPA, individuals have five years to assert violations of section 15—the statute of limitations recently established by a ruling issued by the Illinois Supreme Court earlier this month (covered by InfoBytes here).
OFAC issues sanctions compliance guidance for transactions related to Syrian earthquake disaster relief
On February 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions compliance guidance for authorized transactions related to Syrian earthquake disaster relief. The OFAC Compliance Communique: Guidance on Authorized Transactions Related to Earthquake Relief Efforts in Syria responds to questions from nongovernmental organizations and the general public on how to provide assistance and funding to earthquake relief efforts in Syria that would otherwise be prohibited by the Syrian Sanctions Regulations. As previously covered by InfoBytes, earlier in February, OFAC issued Syria General License (GL) 23 to authorize certain transactions ordinarily prohibited by OFAC sanctions. Among other things, GL 23 informed U.S. financial institutions and U.S. registered money transmitters that they “may rely on the originator of a funds transfer with regard to compliance” for transactions related to earthquake relief efforts in Syria, provided that the financial institution does not know or have reason to know that the funds transfer is not related to such efforts.