InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB reports on extended payment plans for payday loans
On April 6, the CFPB released a report on consumer use of state payday loan extended payment plans, which is believed to be the first study to compare state extended payment plans and usage rates. The report examines state payday loan extended payment plans, an intervention which permits payday borrowers to repay their loan in no-cost installments. The report analyzed laws in states that authorize payday loans and determined that 16 of the 26 payday-authorizing jurisdictions address extended payment plans. According to the Bureau, the savings of a no-cost extended payment plan can be substantial when compared to the total charges associated with repeated rollover fees. A Bureau press release regarding the report highlighted findings from prior research that most payday loans were made to borrowers who use the rollover option so many times that the accrued fees were greater than the original principal.
Key findings of the report include, among other things:
- State payday loan extended payment plan laws typically address certain key provisions. Key provisions include, among other things, number of installments, plan length, allowable fees, frequency of use, consumer eligibility, and disclosures. While specific requirements vary by state, typical features include: disclosure of the right to elect an extended payment plan at the time consumers enter into a payday loan agreement, the requirement that an extended payment plan be repaid in several installments, and that there be no additional fees charged for an extended payment plan.
- Eligibility requirements for extended payment plans vary by state and likely impact usage rates. For example, in Washington, which has possibly the most borrower-friendly extended payment plan, the usage rate is 13.4 percent, whereas states with more restrictive requirements, such as Florida, which requires credit counseling to be eligible, may have usage rates under 1 percent.
- Despite the prevalence of state laws providing for no-cost extended payment plans, rollover and default rates consistently exceed extended payment plan usage rates. According to the report, monetary incentives encourage lenders to promote higher-cost rollovers, and collect the fees associated with such rollovers, at the expense of extended payment plans.
District Court approves $90 million settlement in data tracking suit
On March 31, the U.S. District Court for the Northern District of California granted final approval to a $90 million class action settlement resolving claims that a social media platform unlawfully tracked consumers’ browsing data. According to the settlement agreement, the defendant obtained and collected data from approximately 124 million platform users in the U.S. who visited websites that displayed the defendant’s “Like” button between April 22, 2010 and September 26, 2011. According to the settlement, in addition to paying a $90 million settlement, the company must delete the data it had collected from users during the class period.
CFPB’s TSR claims against software company to proceed
On April 5, the U.S. District Court for the Central District of California denied a motion to dismiss claims brought by the CFPB alleging violations of the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act (CFPA). As previously covered by InfoBytes, the California-based software company and its owner (collectively, “defendants”) market and sell credit-repair business software and other tools to credit-repair businesses charging unlawful advance fees to consumers. According to the Bureau, the defendants provide substantial assistance to these businesses and purportedly encourage them to “charge unlawful advance fees” even though, under the TSR, companies that telemarket their services are prohibited from requesting or receiving fees from consumers until consumers are provided with a credit report showing that the promised results have been achieved.
The court was unpersuaded by the defendants’ argument that the Bureau exceeded its authority to pursue enforcement actions against them, claiming the credit-repair businesses that use defendants’ products and services are not “covered persons” under the CFPA, as the businesses “provide only retrospective credit-repair services and thus do not provide prospective consumer financial services under the CFPA.” The court held that the CFPA’s broad purpose and expansive language covers the services provided by the credit-repair businesses to improve or repair consumers’ credit and that such activity is considered “credit counseling” under the CFPA and is therefore a “consumer financial product or service.” The court further held that the credit-repair businesses were “covered persons” based on allegations that they provide consumers’ credit history to help with the approval of a mortgage or auto loan, recognizing that performing analysis relating to the credit history of consumers in connection with a decision regarding a consumer financial product or service is covered by the CFPA. The court also disagreed with the defendants’ argument that they are not “service providers” under the statute, in part, because the defendants “have the capacity to vet and monitor” the credit-repair businesses. The court also was not persuaded that the Credit Repair Organizations Act’s (CROA) provision allowing credit-repair businesses to charge monthly fees supersedes the TSR requirement that such a company cannot collect payment until the promised results have been achieved, holding that the requirements of each are not in conflict and noting that “if a credit repair agency does not qualify as a telemarketer, then it need not comply with the TSR—only the CROA is applicable,” and that nothing in the language of the CROA indicates that the defendants’ activities “may not simultaneously be regulated by the [TSR].”
OFAC sanctions North Koreans for development of WMDs
On April 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13382 against five entities for supporting the Democratic People’s Republic of Korea’s (DPRK’s) development of weapons of mass destruction (WMD) and ballistic missile programs in violation of multiple United Nations Security Council resolutions. According to OFAC, the sanctions target a DPRK WMD research and development organization, which is connected to the development of the DPRK’s intercontinental ballistic missile launches, along with four of its revenue generating subsidiaries. As a result of the sanctions, all property and interests in property of the sanctioned entities are blocked and must be reported to OFAC. OFAC noted that its regulations generally prohibit U.S. persons from participating in transactions with the designated entities, including transactions transiting the U.S. OFAC’s announcement further warned that any foreign financial institution that knowingly facilitates significant transactions or provides significant financial services for any of the designated individuals may be subject to U.S. correspondent account or payable-through account sanctions.
OFAC sanctions Russian technology companies
On March 31, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced several new sanctions in response to Russia’s invasion of Ukraine. The new sanctions, issued pursuant to Executive Order 14024, target 21 entities and 13 individuals connected to the Russian Federation “as part of its crackdown on the Kremlin’s sanctions evasion networks and technology companies.” Additionally, OFAC has determined that three additional sectors of the Russian Federation’s economy are subject to sanctions, which permits OFAC to impose sanctions on any individual or entity determined to operate or have operated in any of those sectors. According to OFAC, one of the sanctioned entities is a technology company that exports over 50 percent of Russian microelectronics and is Russia’s largest chipmaker. This action follows OFAC’s March 24 designation of dozens of companies in Russia’s defense-industrial base that are directly involved in Russia’s invasion of Ukraine (covered by InfoBytes here). OFAC also expanded sanctions authorities to include the Russian aerospace, marine, and electronics sector. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons, and “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more” by the targeted persons are blocked and must be reported to OFAC. Additionally, U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons and entities, unless exempt or authorized by a general or specific OFAC license.
Arizona amends data breach notification requirements
On March 29, the Arizona governor signed HB 2146, amending the Arizona Revised Statutes’ security breach notification requirements. Specifically, if a person conducting business in the state that “owns, maintains or licenses unencrypted and unredacted computerized personal information becomes aware of a security incident” involving more than 1,000 individuals, the person is required to notify the three largest national consumer reporting agencies, the state attorney general, and the director of the Arizona Department of Homeland Security within 45 days. The bill also makes various technical corrections and will take effect 90 days after legislature adjourns.
District Court refuses to enforce choice-of-law provision, allows individual state data privacy claims to proceed
On March 30, the U.S. District Court for the Northern District of Illinois denied a global tech company’s bid to dismiss class action Illinois Biometric Information Privacy Act (BIPA) claims. Plaintiffs (Illinois residents) sued the company alleging it violated BIPA by applying image recognition technology to photos uploaded to subscribers’ account without receiving informed written consent. Plaintiffs also claimed the company failed to establish a file retention schedule and deletion guidelines as required by state law. The company argued that the terms of use agreed to by the subscribers contain a choice-of-law provision stating that the laws of Washington State govern the conditions of use and any disputes. The court disagreed, stating that Washington’s biometric protection statute does not provide for a private cause of action and is therefore contrary to Illinois’ fundamental public policy. “The fact that BIPA creates a private cause of action underscores the importance Illinois places on an individual’s right to control their biometric information,” the court said. “Applying Washington law would rob plaintiffs of control over their individual biometric information, instead leaving it to Washington’s attorney general to bring suit.” The court also held that Illinois has a greater material interest in the dispute than Washington. The court allowed the plaintiffs’ claims regarding consent to proceed in federal court but remanded the other claims to the Cook County Circuit Court.
Idaho defines legal status of digital assets
On March 28, the Idaho governor signed HB 583, amending the Idaho commercial code’s definition and classification of digital assets. The bill classifies digital assets as intangible personal property and general intangibles under the bill. However, the bill makes a distinction between digital securities and virtual currency—both are classified as intangible personal property, but while digital securities qualify as investment property, virtual currency is not considered a security. With respect to the purchase and sale of digital assets, the bill states that digital assets “may be purchased and sold in the same manner and subject to the same laws of this state as other personal property,” and notes that an “action based on a claim of a property right, right to performance, or right of payment may not be asserted against a qualified purchaser.” The bill also addresses provisions related to perfection by possession or control, and specifies that a “person that acquires an interest in and obtains control of a virtual currency without notice of any adverse claim takes the interest in the virtual currency and in any right to payment evidenced by the virtual currency free of any adverse claim.” The bill is effective July 1.
CFPB’s UDAAP claims to proceed against mortgage lender
On March 31, the U.S. District Court for the District of Columbia mostly denied motions to dismiss filed by a mortgage lender and four executives (collectively, “defendants”) sued by the CFPB for allegedly engaging in unlawful mortgage lending practices. As previously covered by InfoBytes, the Bureau filed a complaint last year against the defendants alleging violations of several federal laws, including TILA and the CFPA. According to the Bureau, (i) unlicensed employees allegedly offered and negotiated mortgage terms; (ii) company policy regularly required consumers to submit documents for verification before receiving a loan estimate; (iii) employees denied consumers credit without issuing an adverse action notice; and (iv) defendants regularly made misrepresentations about, among other things, the availability and cost savings of FHA streamlined refinance loans.
The mortgage lender had argued in its motion to dismiss that neither TILA nor the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) required the lender to ensure that its individual employees were licensed under state law. In denying the motions to dismiss, the court disagreed with the lender’s position stating that in order for a mortgage originator to comply with TILA, it must also comply with Bureau requirements set out in Regulation Z, including a requirement that “obligates loan originator organizations to ensure that individual loan originators working for them are licensed or registered as required by state and federal laws.”
The court also concluded that the individual defendants must face claims for allegedly engaging in unfair or deceptive practices. The Bureau contended that the company’s chief compliance officer had warned the individual defendants that certain unlicensed employees were engaging in activities requiring licensure, and that the company’s owners approved the business model that permitted the underlying practices. According to the court, an individual “engages” in a UDAAP violation if the individual “participated directly in the practices or acts or had authority to control them” and “‘had or should have had knowledge or awareness’ of the misconduct.” The court rejected defendants’ arguments that it was improper to adopt this standard, and stated that “the fact that a separate theory of liability exists for substantially assisting a corporate defendant’s UDAAP violations has no bearing on how courts evaluate whether an individual defendant himself engaged in a UDAAP violation.”
While the court allowed the count to continue to the extent that it was based on allegations of unlicensed employees performing duties that would require licensure, it found that the complaint did not support an inference that the individual defendants knew that the employees were engaging in activities to make it appear that they were licensed. The court provided the Bureau an opportunity to replead the count to provide a stronger basis for such an inference.
OCC’s Hsu discusses large bank resolvability
On April 1, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the University of Pennsylvania Wharton School of Business focusing on financial stability and large bank resolvability. In his remarks, Hsu described gaps in resolvability for the largest non-global systemically important banks, potential solutions, and the subsequent effect on financial stability. Hsu stated that he has been involved in every “systemically important” financial stability event since 2008, and that the dangers posed by too-big-to-fail firms “are not a theoretical matter” to him. While the resolvability of the eight global systemically important banks (GSIB) is “logica[lly]” regulated under Title I of the Dodd-Frank Act, Hsu warned that the largest non-GSIB banks are not subject to these "heightened standards.” Hsu pointed out that the four largest non-GSIB banks have total consolidated assets greater than $500 billion, and questioned that “if one were to fail, how would it be resolved?” Noting that the likely resolution would be the absorption of the failing non-GSIB bank by one of the GSIBs, Hsu stated that this is not a “terrible outcome” from a “traditional financial stability perspective.” However, “a GSIB would be forced through a shotgun marriage to be made significantly more systemic, with minimal due diligence and limited identification of integration challenges, which for firms of this size are significant,” he stated. Hsu advocated for utilizing a “single-point-of-entry,” which is the same strategy to which GSIBs are currently subject under their resolution planning framework. Hsu explained that with this approach, “only the parent holding company is supposed to file for bankruptcy or be taken into receivership; all of the material subsidiaries are expected to continue to operate and function, thus avoiding the chaos of multiple proceedings.”