InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court approves $11 million data breach settlement
On January 4, the U.S. District Court for the Northern District of Texas granted final approval of an $11 million class action settlement resolving allegations related to a February 2021 data breach that compromised more than 4.3 million customers’ personally identifiable information, including names, Social Security numbers, driver’s license numbers, dates of birth, and username/password information. According to plaintiffs’ amended complaint, the defendant insurance software providers failed to notify affected individuals about the data breach until on or after May 10, 2021, despite commencing an investigation in March. Plaintiffs maintained that the defendants’ alleged failure to comply with FTC cybersecurity guidelines and industry data protection standards put at risk their financial and personal records, and said they now face years of constant surveillance to prevent potential identity theft and fraud. Under the terms of the settlement (see also plaintiffs’ memorandum of law in support of the motion for final approval), class members will each receive up to $5,000 for out-of-pocket expenses, including up to eight hours of lost time at $25/hour, as well as 12 months of financial fraud protection. Members of a California subclass will receive additional benefits of between $100 and $300 each. The defendants are also responsible for paying each named plaintiff a $2,000 service award and must pay over $3 million in attorney fees, costs, and expenses.
NY restricts lenders’ ability to reset statute of limitations on foreclosures
In December, the New York governor signed A 7737-B, the “Foreclosure Abuse Prevention Act,” which amends the rights of parties in foreclosure actions. Among other things, the law provides that a lender or servicer’s voluntary discontinuance of a foreclosure action does not reset New York’s 6-year statute of limitations on foreclosures, according to New York CPLR §213. Further, pursuant to the new law, if an action to foreclose a mortgage or recover any part of the mortgage debt is time-barred, any other action seeking to foreclose the mortgage or recover the debt is also time-barred. The amendments are effective immediately and, notably, apply to all pending actions in which a final judgment of foreclosure and sale has not been enforced.
District Court stays stablecoin suit pending arbitration proceedings
On January 6, the U.S. District Court for the Northern District of California granted a defendant cryptocurrency exchange’s motion to compel arbitration in a class action alleging the exchange, along with the issuer of a stablecoin cryptocurrency, misrepresented the stability of the coin when offering it on the exchange’s platform. The defendants filed separate motions to compel arbitration, however, the plaintiffs claimed, among other things, that since they opened their accounts, the exchange’s user agreement, which contains an arbitration agreement, “has been unilaterally modified more than 20 times.” They further maintained that the exchange’s motion to compel arbitration should be denied because the arbitration provision is “unconscionable and thus unenforceable” and “the delegation clause is inapplicable and unconscionable.”
In granting the exchange’s motion to compel arbitration, the court found that the plaintiffs are parties to the exchange’s terms of use, which specify that an arbitrator, not a court, must decide whether any disputes a customer has with the exchange should be resolved via arbitration. “Plaintiffs do not dispute they agreed to [the] User Agreement, nor do they contest that … it contains an arbitration and a delegation clause,” the court said, noting that since arbitrability must be determined first, it has not reached “the issue of whether the arbitration agreement as a whole is unconscionable.” However, the court denied the defendant issuer’s motion to compel arbitration after finding that the user agreement “contains clear-cut language showing an intent to arbitrate disputes between the signatories [i.e., the exchange and its customers] only.” The user agreement does not state that obligations and rights are extended to a nonsignatory, such as the issuer, the court said—additionally staying all other judicial while arbitration proceedings between the exchange and the plaintiffs are pending.
District Court preliminarily approves data breach suit
On January 9, the U.S. District Court for the District of New Mexico granted preliminary approval of a class action settlement in a data breach suit that allegedly compromised approximately 191,000 individuals’ personally identifiable information (PII). According to the plaintiffs’ motion, the class alleged that their PII and personal health information were compromised when cybercriminals breached the defendant’s systems. If granted final approval, the settlement class would consist of four categories of relief: (i) reimbursement for lost time (up to four hours at $15 per hour) and out-of-pocket expenses up to $500; (ii) reimbursement for extraordinary losses up to $3,500; (iii) two years’ free credit monitoring services; and (iv) equitable relief in the form of security improvements to the defendant’s system.
District Court grants $11.9 million settlement in ATM fees suit
In December, the U.S. District Court for the District of New Jersey granted preliminary approval of a $11.9 million settlement in a class action suit resolving allegations pertaining to a defendant national bank’s out-of-network ATM fees. According to the plaintiff’s motion, the plaintiffs challenged a fee assessed by the defendant “when its accountholders check their account balance at a [an out-of-network] ATM, referred to herein as an ‘Out of Network ATM Balance Inquiry Fee’ or ‘OON ATM Balance Inquiry Fee.’” The plaintiffs alleged that such fees on balance inquiries, when combined with fees assessed by the bank and by the out-of-network ATM owner, resulted in three total fees on a single cash withdrawal at an out of network ATM, and violated the terms of the defendant’s account agreement.
On July 19, 2023 the court granted final approval to the settlement.
FDIC announces Florida disaster relief
On January 9, the FDIC issued FIL-02-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Florida affected by Hurricane Nicole from November 7 to November 30. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and encouraged institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
DOJ, HUD say Fair Housing Act extends to algorithm-based tenant screening
On January 9, the DOJ and HUD announced they filed a joint statement of interest in a pending action alleging discrimination under the Fair Housing Act (FHA) against Black and Hispanic rental applicants based on the use of an algorithm-based tenant screening system. The lawsuit, filed in the U.S. District Court for the District of Massachusetts, alleged that Black and Hispanic rental applications who use housing vouchers to pay part of their rent were denied rental housing due to their “SafeRent Score,” which is derived from the defendants’ algorithm-based screening software. The plaintiffs claimed that the algorithm relies on factors that disproportionately disadvantage Black and Hispanic applicants, such as credit history and non-tenancy related debts, and fails to consider that the use of HUD-funded housing vouchers makes such tenants more likely to pay their rents. Through the statement of interest, the agencies seek to clarify two questions of law they claim the defendants erroneously represented in their motions to dismiss: (i) the appropriate standard for pleading disparate impact claims under the FHA; and (ii) the type of companies that fall under the FHA’s application.
The agencies first challenged that the defendants did not apply the proper pleading standard for a claim of disparate impact under the FHA. Explaining that in order to establish an FHA disparate impact claim, “plaintiffs must show ‘the occurrence of certain outwardly neutral practices’ and ‘a significantly adverse or disproportionate impact on persons of a particular type produced by the defendant’s facially neutral acts or practices,’” The agencies disagreed with the defendants’ assertion that the plaintiffs “must also allege specific facts establishing that the policy is ‘artificial, arbitrary, and unnecessary.” This contention, the agencies said, “conflates the burden-shifting framework for proving disparate impact claims with the pleading burden.” The agencies also rejected arguments that the plaintiffs must challenge the entire “formula” of the scoring system and not just one element in order to allege a statistical disparity, in addition to providing “statistical findings specific to the disparate impact of the scoring system.” According to the agencies, the plaintiffs adequately identified an “essential nexus” between the algorithm’s scoring system and the disproportionate effect on certain rental applicants based on race.
The agencies also explained that residential screening companies, including the defendants, fall under the FHA’s purview. While the defendants argued that the FHA does not apply to companies “that are not landlords and do not make housing decisions, but only offer services to assist those that do make housing decisions,” the agencies contended that this misconstrues the clear statutory language of the FHA and presented case law affirming that FHA liability reaches “a broad array of entities providing housing-related services.”
“Housing providers and tenant screening companies that use algorithms and data to screen tenants are not absolved from liability when their practices disproportionately deny people of color access to fair housing opportunities,” Assistant Attorney General Kristen Clarke of the DOJ’s Civil Rights Division stressed. “This filing demonstrates the Justice Department’s commitment to ensuring that the Fair Housing Act is appropriately applied in cases involving algorithms and tenant screening software.”
FCC chair asks Congress to act on robocalls
In December, FCC Chair Jessica Rosenworcel sent a letter to twelve senators in response to their June 2022 letter inquiring about combating robocalls. In the letter, Rosenworcel highlighted the FCC’s efforts to combat robocalls by discussing the agency’s “important” proposed rules, adopted in May, to ensure gateway providers that channel international call traffic comply with STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out robocalls (covered by InfoBytes here). She also highlighted the FCC’s enforcement efforts, such as a December action where the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations—“largest robocall operation the FCC has ever investigated” (covered by InfoBytes here).
Rosenworcel requested additional authority from Congress to combat robocalls and robotexts more effectively. Specifically, Rosenworcel asked the senators to “fix the definition of autodialer” – since robotexts are neither prerecorded nor artificial voice calls, the TCPA only provides consumers protection from robotexts if they are sent from autodialers. She further noted that the Supreme Court's decision in Facebook v. Duguid (covered by a Buckley Special Alert) narrowed the definition of autodialer under the TCPA, resulting in the law only covering equipment that generates numbers randomly and sequentially. She wrote that as a result, “equipment that simply uses lists to generate robotexts means that fewer robotexts may be subject to TCPA protections, and as a result, this decision may be responsible for the rise in robotexts.” Among other things, she also requested that Congress update the TCPA to permit for administrative subpoenas for all types of non-content customer records, and for Congress to grant the FCC the authority and resources to increase court enforcement of fines.
CFPB says exam manual and general supervisory findings are nonbinding
On January 9, the CFPB released a blog post, What new supervised institutions need to know about working with the CFPB, discussing what institutions can expect from a supervisory relationship with the Bureau. Among other things, the Bureau noted that it relies on a “prioritization” process that includes analyzing risk to consumers to determine which consumer financial markets and which entities to include in its supervisory work. Specifically, the Bureau noted that when conducting an examination, CFPB examiners generally, among other things: (i) collect and review available information from within the CFPB, other agencies, and public sources, consistent with statutory requirements; (ii) review documents and information obtained through information requests sent to supervised entities; and (iii) conduct portions of exams to observe, conduct interviews, review additional documents and information, transaction test, and assess compliance management.
The Bureau emphasized that examiners use the Supervision and Examination Manual as a resource when conducting exams and other supervisory activities. While supervised institutions are bound by statutes and regulations, and not by the manual, the CFPB makes its manual publicly available. The Bureau highlighted the disclaimer attached to the manual, which notes that it “should not be relied on as a legal reference.” The Bureau also stressed that legal discussions in the exam manual are not binding on examiners or other CFPB staff, and noted that at the end of an exam or other supervisory activities, examiners provide the supervised institution with their findings, which may include “matters requiring attention” (MRA). Examiners use MRAs to communicate specific goals to address violations of law, risk of such violations, or compliance management deficiencies.
DFPI modifies Student Loan Servicing Act proposal
On January 6, the California Department of Financial Protection and Innovation issued modified proposed regulations under the Student Loan Servicing Act (Act), which provides for the licensure, regulation, and oversight of student loan servicers by DFPI (covered by InfoBytes here). Last September, DFPI issued proposed rules to clarify, among other things, that income share agreements (ISAs) and installment contracts, which use terminology and documentation distinct from traditional loans, serve the same purpose as traditional loans (i.e., “help pay the cost of a student’s higher education”), and are therefore student loans subject to the Act. As such, servicers of these products must be licensed and comply with all applicable laws, DFPI said. (Covered by InfoBytes here.) The initial proposed rules also (i) defined the term “education financing products” (which now fall under the purview of the Act) along with other related terms; (ii) amended various license application requirements, including financial requirements for startup applicants; (iii) outlined provisions related to non-licensee filing requirements (e.g., requirements for servicers that do not require a license but that are subject to the Student Loans: Borrower Rights Law, which was enacted in 2020 (effective January 1, 2021)); (iv) specified that servicers of all education financing products must submit annual aggregate student loan servicing reports to DFPI; and (v) outlined new clarifications to the Student Loans: Borrower Rights Law to provide new requirements for student loan servicers (covered by InfoBytes here).
Following its consideration of public comments on the initial proposed rulemaking, DFPI is proposing the following changes:
- Amendments to definitions. The modified regulations revise the definition of “education financing products” by changing “private loans” to “private education loans,” which are not traditional loans. DFPI explained that changing the term to what is used in TILA will provide consistency for servicers and eliminate operational burdens. While the definition of “education financing products” also no longer includes “income share agreements and installment contracts” in order to align it with TILA, both of these terms were separately defined in the initial proposed rulemaking. The definition of “traditional student loan” has also been revised to distinguish which private student loans are traditional loans and which are education financing products (in order to help servicers determine the applicable aggregate reporting and records maintenance rules). The modifications also revise the definitions of “federal student loan,” “income,” “income share agreement,” “installment contract,” “payment cap,” “payment term,” and “qualifying payments,” remove unnecessary alternative terms for “income share,” and add “maximum payments” as a new defined term.
- Time zone requirement revisions. The modified regulations revise the time zone in which a payment must be received to be considered on-time to Pacific Time in order to protect California borrowers.
- Additional borrower protections. The modified regulations specify that servicers are required to send written acknowledgement of receipt and responses to qualified written requests via a borrower’s preferred method of communication. For borrowers who do not specify a preferred method, servicers must send acknowledgments and responses through both postal mail to the last known address and to all email addresses on record.
- Examinations, books, and records requirement updates. The modified regulations revise the information that servicers must provide in their aggregate reports for traditional student loans, including with respect to: (i) loan balance and status; (ii) cumulative balances and amounts paid; and (iii) aggregate information specific to ISAs, installment contracts, and other education financing products. Additionally, DFPI clarified that while the amount a borrower will be required to pay to an ISA provider in the future is unknown, many ISAs contain an “early completion” provision to allow a borrower to extinguish future obligations, and ISA providers must give this information to borrowers. DFPI further clarified that while servicers may choose to maintain records electronically, they must also be able to produce paper records for inspection at a DFPI-designated servicer location to allow an examination to be conducted in one place.
Comments on the modified regulations are due January 26.