InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB releases 2023 rural or underserved counties list
Recently, the CFPB released its annual lists of rural counties and rural or underserved counties for lenders to use when determining qualified exemptions to certain TILA regulatory requirements. In connection with these releases, the Bureau also directed lenders to use its web-based Rural or Underserved Areas Tool to assess whether a rural or underserved area qualifies for a safe harbor under Regulation Z.
Senators ask FTC, CFPB to investigate deceptive listing agreements
In December, Senate Banking Committee Chairman Sherrod Brown (D-OH), along with Senators Tina Smith (D-MN) and Ron Wyden (D-OR) sent a letter to the FTC and the CFPB requesting a review of a Florida-based real estate brokerage firm’s use of exclusive 40-year listing agreements marketed as a “loan alternative.” The request follows a November press release by the Florida attorney general announcing legal action against the firm for engaging in allegedly deceptive, unfair, and unconscionable business practices. According to the AG’s complaint, the firm offered homeowners $300 to $5,000 as a cash loan alternative in exchange for an agreement to use the firm as an exclusive real estate listing broker for a 40-year period. The complaint claimed the firm informs homeowners that there is no obligation to return the cash, stressing the homeowner will owe the firm nothing unless and until the home is sold. The AG asserted, however, that what is not clearly disclosed is that after accepting the payment, the firm files a 40-year lien on the property so that if at any time within 40 years the home is foreclosed upon or transferred to heirs upon the homeowner’s death, or if homeowners simply wish to cancel the deal, the firm will attempt to take three percent of the home’s value. Further, the AG claimed that the firm also failed to inform customers that the liens are filed in the public record, which can make it difficult for homeowners to refinance or access their home’s equity. The complaint seeks injunctive relief, restitution, and civil penalties.
NYDFS announces winter storm relief
On December 27, NYDFS announced actions to provide financial relief to New Yorkers in the Western and North Country regions in the aftermath of a historic winter storm. The relief is part of New York’s continuing and comprehensive efforts to address the historic winter storm that caused statewide devastation. According to the announcement, NYDFS requested that state-chartered banking organizations, federally-chartered banks, and credit unions operating in the area provide fee-free access services to nearby customers and non-customers while travel conditions remain dangerous. NYDFS will also issue temporary adjuster permits to qualified out-of-state independent insurance adjusters to expedite insurance claims in light of the winter storm. Expediting permits will increase the number of adjusters available to process claims and help New Yorkers get their claims paid faster. Insurers are encouraged to make any necessary applications on the NYDFS website. NYDFS urged the insurance industry to work towards a fair and speedy resolution of all claims and provide the necessary resources to do so.
New Jersey reaches $27.3 million settlement with merchant cash advance operation
On January 3, the New Jersey attorney general announced a $27.4 million settlement with a private equity firm, its parent company, and six other associated companies (collectively, “respondents”) to resolve allegations related to violations of the New Jersey Consumer Fraud Act (CFA). According to the press release, the respondents targeted small businesses to enter into lending arrangements disguised as merchant cash advances (MCA) on future receivables. The AG claimed these loans effectively charged interest rates far exceeding the state’s usury caps. According to the attorney general’s press release, the respondents also allegedly engaged in deceptive servicing and collection practices against small businesses.
Under the terms of the consent order, the respondents are permanently enjoined from engaging in any acts or practices that violate the CFA and any applicable Advertising Regulations. The respondents have also agreed to forgive all outstanding balances for customers who entered MCAs (approximately $21.75 million) and pay $5.625 million to cover restitution, attorneys’ fees, costs of investigation and litigation and costs of administering restitution, and penalties not to exceed $250,000. The press release stated that the respondents will also (i) dismiss any pending debt collection actions against customers who had their balances forgiven as a result of the settlement; (ii) provide current customers with the ability to request modifications to their payment terms based on actual receivables; (iii) “[i]mprove internal business practices, be transparent in any terms of future MCA agreements regarding fees and reconciliation rights, and give notice to customers before taking legal action to collect on purported unpaid balances”; and (iv) ensure that all respondents, principals, and any future business entities that may result from a change in structure comply with the terms of the consent order.
DFPI issues recommendations for engaging in crypto technologies
In December, the California Department of Financial Protection and Innovation (DFPI) issued a report identifying six recommendations for how California should engage with blockchain and Web3 industries. The report follows a May 2022 Executive Order (E.O.) from the California governor to create a regulatory and business environment for blockchain and cryptocurrency companies that balances the benefits and risks to consumers. As previously covered by InfoBytes, one of the priorities of the E.O. included for DFPI to, among other things, engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in California. The report made six recommendations to “encourage the continued growth and adoption of blockchain technology.”
- Engagement with stakeholders. The state should “continue dialogue with industry, advocates, and regulators to stay apprised of new technologies, products, definitions and risks.”
- Consumer protection and education. The state should promote consumer protection and consumer education about blockchain and crypto products, which includes, among other things: (i) training staff to better supervise regulated entities, products, and services; (ii) increasing efforts to educate Californians on how to use certain crypto-asset related financial products and services; and (iii) developing and publishing “standards for use in reviewing crypto asset-related securities to help provide more meaningful investor disclosures and to allow companies who wish to offer such securities more quickly and efficiently.”
- Legislation and regulation. The state should identify legislative gaps and clarify statutory authority regarding crypto assets. DFPI will attempt to harmonize California’s regulatory approach with federal regulators, other states, and local jurisdictions.
- Government use. The state should consider ways to use blockchain technology to “increase efficiencies, improve access, and reduce costs.”
- Environmental protection. The state should encourage more environmentally efficient blockchain technologies and explore policy interventions to reduce energy use.
- Workforce and economic development. The state should tap its higher education systems to help support and grow the blockchain sector and related technologies.
Social media users denied preliminary injunction in privacy suit
On December 22, the U.S. District Court for the Northern District of California denied plaintiffs’ motion for preliminary injunction in a privacy suit. According to the order, the plaintiffs alleged that the social media company improperly acquired their confidential health information in violation of state and federal law and in contravention of the company’s own policies regarding the use and collection of users’ data. The plaintiffs alleged that each of their healthcare providers allegedly installed the company’s software, which is a free and publicly available piece of code that the company allows third-party website developers to install on their patient portals. When the plaintiffs logged into the portal on their medical provider’s website, the software allegedly transmitted certain information to the social media company. The plaintiffs claimed that the software allowed the company to intercept personally identifiable medical information and the content of patient communications for its financial gain. The court found,however, that though the plaintiffs “raise potentially strong claims on the merits and their alleged injury would be irreparable if proven,” the “plaintiffs need to show ‘that the law and facts clearly favor [their] position, not simply that [they are] likely to succeed.’” The court also noted that the company’s “core defense is that it has systems in place to address the receipt of the information at issue and that it would be unfairly burdensome and technologically infeasible for them to take further action.” The court continued, “[w]ithout further factual development, it is unclear where the truth lies, and plaintiffs do not meet the high standard required for a mandatory injunction.”
2nd Circuit affirms dismissal in FCRA suit
On January 4, the U.S. Court of Appeals for the Second Circuit affirmed a district court’s decision to grant summary judgment for a credit reporting agency (defendant) in a suit alleging FCRA violations. According to the opinion, four years after the plaintiff took out a student loan, he filed for bankruptcy protection. The bankruptcy court issued a final decree of discharge, which released the plaintiff from all “dischargeable debts,” but did not specifically indicate that the loan was discharged. The student loan servicer indicated that the student loan was not discharged, and the plaintiff executed a loan modification agreement with the loan holder and made payments for several years. The plaintiff filed suit against the defendant consumer reporting agency, alleging that it violated the FCRA and New York law for including the loan on his credit report. The district court granted summary judgment in favor of the defendant after determining that the consumer’s loan had not been discharged. The plaintiff appealed.
On appeal, the 2nd Circuit noted that the plaintiff’s claim “hinges on the resolution of an unsettled legal question”: whether the loan was in fact discharged in the bankruptcy proceeding. Making such a determination would have required the defendant to resolve a legal question related to the debt, which the appellate court concluded was not required under the FCRA. As a result, the appellate court affirmed the dismissal of the plaintiff’s complaint because the alleged inaccuracy is not considered to not be an actionable “inaccuracy” under the FCRA.
Agencies extend Reg. O relief for some companies controlled by funds
On December 22, the Federal Reserve Board, FDIC, and OCC extended Regulation O relief for certain investment fund-controlled companies. The agencies issued a temporary no-action position in 2019 to allow time for the Federal Reserve, in consultation with the FDIC and OCC, “to consider whether to amend Regulation O to address concerns about unintended consequences of the application of Regulation O to companies that sponsor, manage, or advise investment funds and institutional accounts that invest in voting securities of banking organizations.” The interagency statement extends the no-action relief under Regulation O for another year to the sooner of either January 1, 2024, or the effective date of a final Federal Reserve rule revising Regulation O “that addresses the treatment of extensions of credit by a bank to fund complex-controlled portfolio companies that are insiders of the bank.” Specifically, the agencies state that action will not be taken against banks extending credit to fund complex-controlled portfolio companies that would otherwise violate Regulation O, provided the company controls (directly or indirectly) less than 15 percent of the bank’s voting securities (or 20 percent under certain circumstances) and has not or does not plan to place representatives in the bank or seek to exercise a controlling influence over the bank. Extensions of credit to these companies must be on “substantially the same terms as those prevailing for comparable transactions with unaffiliated third parties” and may not “involve more than normal risk of repayment or present other unfavorable features,” the agencies explained, noting that the relief applies only to fund complex-controlled portfolio companies, not the fund complexes.
FCC proposes new data breach notification requirements
On January 6, the FCC announced a notice of proposed rulemaking (NPRM) to launch a formal proceeding for strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). FCC Chairwoman Jessica Rosenworcel noted that “given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements.” She commented that the “new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.” The NPRM, which seeks to improve alignment with recent developments in federal and state data breach laws covering other sectors, would require telecommunications providers to notify impacted customers of CPNI breaches without unreasonable delay, thus eliminating the current seven business day mandatory waiting period for notifying customers of a breach.
Among other things, the FCC requests feedback on whether to establish a specific timeframe (e.g. a requirement to report breaches of customers’ data within 24 or 72 hours of discovery of a breach) or whether a disclosure deadline should vary based on a graduated scale of severity. The FCC also seeks comments on whether a carrier should “be held to have ‘reasonably determined’ a breach has occurred when it has information indicating that it is more likely than not that there was a breach,” and whether the Commission should publish guidance on what constitutes a reasonable determination or adopt a more definite standard. Feedback is also solicited on topics such as threshold triggers, what should be included in a security breach notification, the delivery method of these notifications, and whether to expand the definition of a data breach to also include inadvertent disclosures. Comments are due 30 days after publication in the Federal Register.
CFPB report on credit bureaus hints at rulemaking
On January 3, the CFPB released its annual report, pursuant to Section 611(e)(5) of the FCRA, on information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). According to the report, the Bureau received 488,000 consumer complaints about the CRAs from October 2021 through September 2022. The Bureau’s analysis revealed that 93 percent of consumers reported having previously attempted to fix their problem with the company. The report also noted that the use of problematic response types has decreased, and most complaints now receive “more substantive and tailored” responses. The report found that most responses from the CRAs describe the outcomes of consumers’ complaints. The Bureau highlighted areas that the CRAs should prioritize given the “challenges facing market participants and policy makers,” including: (i) considering consumer burden when implementing automated processes; (ii) recognizing how current processes will need to evolve in light of new technologies that can generate similar-sounding complaints that are in fact unique; and (iii) considering how to transition the market from control and surveillance to consumer participation. According to CFPB Director Rohit Chopra, the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”