InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
WA Superior Court: Insurance commissioner overstepped in banning credit scoring in underwriting
On August 29, the Washington State Superior Court entered a final order declaring that the Washington Insurance Commissioner exceeded his authority when he issued an emergency rule earlier this year banning the use of credit-based insurance scores in the rating and underwriting of insurance for a three-year period. As previously covered by InfoBytes, several industry groups led by the American Property Casualty Insurance Association (APCIA) sued to stop the rule from taking effect. The rule was intended to prevent discriminatory pricing in private auto, renters, and homeowners insurance in anticipation of the end of the CARES Act, and specifically prohibited insurers from “us[ing] credit history to place insurance coverage with a particular affiliated insurer or insurer within an overall group of affiliated insurance companies.” The rule applied to all new policies effective, and existing policies processed for renewal, on or after June 20, 2021. Industry groups countered that the rule would harm insured consumers in the state who pay less for auto, homeowners, and renters insurance because of the use of credit-based insurance scores to predict risk and set rates.
According to a press release issued by APCIA, earlier this year the superior court issued a bench decision granting the trade group’s petition for a declaratory judgment and invalidating the rule. The superior court “held that the Commissioner could not rely on the more general rating standard statute that prohibited “excessive, inadequate, or unfairly discriminatory” rates to “eliminate all meaning from the more specific credit history statutes by which the legislature had authorized its use.” Calling the final order “an important victory for Washington consumers, particularly lower risk senior policyholders who were forced to pay more to subsidize higher risk policyholders because the rule eliminated the use of credit,” the trade groups said they were pleased that the court agreed with their position that the Commissioner “exceeded his authority when he acted contrary to the longstanding statute that authorized the use of credit in the property and casualty insurance space.”
District Court rules non-judicial foreclosure claims fail
On August 30, the U.S. District Court for the District of Oregon granted defendants’ motion for summary judgment in an action concerning an allegedly unlawful non-judicial foreclosure. Plaintiffs obtained a cash-out loan in 2005 and modified their mortgage terms. The plaintiffs stopped making payments after one of the defendant loan servicer’s agents allegedly informed them that “help was only available if they were in default,” and the defendant loan servicer threatened foreclosure. Following several years of bankruptcy proceedings and foreclosure mediation, plaintiffs sued to stop the foreclosure proceedings, claiming “that the deed of trust was void and that defendants committed fraud in attempting to foreclos[e] on the debt.” The initial non-judicial foreclosure proceedings were rescinded after the suit was dismissed with prejudice, and the defendant loan servicer was eventually allowed to proceed with a second non-judicial foreclosure under Oregon law. Plaintiffs sent a dispute letter demanding that the foreclosure be rescinded because the order in which several notices of default showing the amounts due and the amounts necessary to reinstate were sent did not comply with state law. After the notice was rescinded and a new notice of default was issued and recorded, plaintiffs sued again, seeking to enjoin the defendant trustee’s sale and filing several claims, including breach of contract and violations of the Oregon Unfair Trade Practices Act (OUTPA), RESPA, and FDCPA.
In granting summary judgment to the defendants on each of the claims, the court determined that the breach of contract claim fails because plaintiffs acknowledged that because “they have not substantially performed under the relevant contract,” they are precluded from seeking damages. The FDCPA claim against the defendant trustee also fails “because it is based on a perceived lack of authority under the relevant contract, but as explained in the breach of contract claim, that authority was not lacking.” Finally, the OUTPA and RESPA claims both fail “because there is no evidence that they incurred damages arising out of either claim”—a required element under both statutes, the court said. According to the court, plaintiffs failed “to support their drastic allegations with relevant evidence” and failed to “point to specific evidence supporting valid legal claims.”
3rd Circuit vacates dismissal of data breach suit
On September 2, the U.S. Court of Appeals for the Third Circuit vacated the dismissal of a class action alleging that a defendant pharmaceutical research company’s negligence led to a data breach. According to the opinion, the plaintiff, who is a former employee of the defendant’s subsidiary, provided her sensitive personal and financial information in exchange for the defendant’s agreement, pursuant to the plaintiff’s employment agreement, to “take appropriate measures to protect the confidentiality and security” of this information. After plaintiff ended her employment with the company, a hacking group accessed the defendant’s servers through a phishing attack and stole sensitive information pertaining to current and former employees. In addition to exfiltrating the data, the hackers installed malware to encrypt the data stored on the defendant’s servers and held the decryption tools for ransom. The defendant informed current and former employees of the breach and encouraged them to take precautionary measures. To mitigate potential harm, the plaintiff took immediate action by conducting a review of her financial records and credit reports for unauthorized activity, among other things. As a result of the breach, the plaintiff alleged that she has sustained a variety of injuries—primarily the risk of identity theft and fraud—in addition to the investment of time and money to mitigate potential harm. The district court granted the defendant's motion to dismiss based on lack of Article III standing, concluding “that [the plaintiff's] risk of future harm was not imminent, but ‘speculative,’ because she had not yet experienced actual identity theft or fraud.”
On the appeal, the 3rd Circuit noted that the district court “erred in dismissing [the plaintiff’s] contract claims, which are raised in Counts III (breach of implied contract) and IV (breach of contract),” arising from her employment agreement. The appellate court wrote that the plaintiff “has alleged an injury stemming from the breach—the risk of identity theft or fraud—that is sufficiently imminent and concrete,” because the defendant “expressly contracted to ‘take appropriate measures to protect the confidentiality and security’ of plaintiff’s information in [the plaintiff’s] employment agreement.” The appellate court also noted that in an “increasingly digitalized world, an employer's duty to protect its employees’ sensitive information has significantly broadened.” The 3rd Circuit vacated the judgment on all counts and remanded the dispute to the district court for consideration of the merits of the claims.
District Court grants summary judgment for defendant in FDCPA suit
On August 25, the U.S. District Court for the Southern District of Indiana granted a defendant’s motion for summary judgment in an FDCPA case, finding that the plaintiff did not suffer a concrete injury after receiving two collection letters from the defendant’s attorneys on the same day. According to the order, the plaintiff had a medical debt that was placed with the defendant for collection. The defendant sent a bill to the plaintiff, but because the plaintiff was unemployed when she received it, she did not make a payment, and “planned on setting up a payment plan once she obtained a ‘steady income.’” A month after sending the bill, the defendant called the plaintiff, and during the call, the plaintiff noted that she was considering filing for bankruptcy. The plaintiff subsequently retained an attorney to assist with a bankruptcy filing. Later that year, the plaintiff received two letters on the same day from the defendant, from two separate attorneys, both requesting that she pay the bill. The plaintiff sued the defendant, alleging that the collection letters violated the FDCPA because they falsely implied that the defendant’s attorneys were personally involved in the collection of her debt. The plaintiff claimed that she experienced concrete harm after receiving the letters in the form of emotional stress and confusion, which affected her decision whether to repay the debt or file for bankruptcy protection. The court granted the defendant summary judgment, deciding that the plaintiff lacked standing because she did not provide “evidence of specific facts showing that the collection letters caused her to take any action to her detriment, including making a payment on the debt or filing bankruptcy.” The court also found that “’[p]sychological states induced by a debt collector’s letter’—including emotional distress and confusion—are not concrete injuries.”
OCC orders bank to improve oversight of fintech partnerships
Recently, a national bank disclosed an agreement reached with the OCC that requires the bank to improve its oversight and management of third-party fintech partnerships. According to an SEC filing, the OCC found unsafe or unsound practices related to the bank’s third-party risk management, Bank Secrecy Act (BSA)/anti-money laundering risk management, suspicious activity reporting, and information technology control and risk governance. Under the terms of the agreement, the bank must, within 10 days of the agreement, appoint a compliance committee comprised mostly of members from outside the bank to meet at least quarterly and provide progress reports outlining the results and status of the mandated corrective actions. Within 60 days of the agreement, the bank must also adopt and implement guidelines for assessing risks posed by third-party fintech partnerships and address how the bank “identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable.” Additionally, the bank must establish criteria for their board of directors' review and approval of third-party fintech relationship partners, as well as how it will assess “BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations.” The agreement also requires due diligence, monitoring, and contingency plan measures.
The agreement further stipulates that the bank’s board and management shall, within 90 days, (i) set up written BSA risk assessment guidelines; (ii) adopt an independent audit program; (iii) implement expanded risk-based policies, procedures, and processes to obtain and analyze appropriate customer due diligence, enhanced due diligence, and beneficial ownership information, including for fintech businesses; (iv) develop and adhere to a set of standards to ensure timely suspicious activity monitoring and reporting; and (v) establish a program to assess and manage the bank’s information technology activities, including those conducted by third-party partners. The bank must also conduct a suspicious activity review lookback within 30 days.
Hsu discusses challenges facing community banks
On September 1, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the Texas Bankers Association in Dallas focusing on the importance of community banks and the challenges and opportunities of digitalization. In his remarks, Hsu emphasized the OCC’s commitment to community banks, noting that more than 85 percent of the charters that the OCC supervises are community banks, which total nearly 900 individual institutions. He said that the OCC seeks to support community banks in five areas: (i) assessments; (ii) de novo licensing; (iii) risk-based supervision; (iv) local presence and national perspective; and (v) regulation. In particular, Hsu said the OCC is working to provide increased support for community banks by streamlining the licensing process for de novo banks and updating its approach to risk-based supervision. Hsu noted that the recent reduction in assessments is part of an effort by regulators to encourage community banks to invest in digital technologies. He stated that his “experiences in the 2008 financial crisis taught [him] about the disastrous consequences that can result from an unlevel playing field where regulatory arbitrage and races to the bottom are allowed to fester.” He added that while he has been at the OCC, the agency has been “requiring fintechs seeking a bank charter to be subject to the same requirements as all national banks and we are engaging with our peer agencies to limit regulatory arbitrage.” Hsu also noted that in order to “level the playing field,” the OCC will make a 40 percent reduction in assessment fees on a bank's first $200 million in assets and a 20 percent reduction on bank assets between $200 million and $20 billion. Hsu said that the cuts will result in a $41.3 million reduction in assessments for community banks in 2023. Hsu explained that “[t]he purpose of this adjustment is to level the playing field with the cost of supervision compared to state community bank charters, and that “[t]he recalibration will not reduce the quality of OCC supervision or the resources available to community banks.” Hsu mentioned that he is “hopeful” that the reduction gives community banks “extra breathing space and capacity to invest and seize opportunities related to digitalization, compliance, cybersecurity, and personnel.”
Pelosi cites preemption concerns in federal privacy bill
On September 1, Speaker of the House Nancy Pelosi (D-CA) released a statement commending the House Energy and Commerce Committee’s work on advancing the American Data Privacy and Protection Act (ADPPA) to the House floor (covered by InfoBytes here). However, Pelosi also recognized preemption concerns raised by the California governor, the California Privacy Protection Agency, and other top state leaders. “With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights,” Pelosi said. “California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians—and states must be allowed to address rapid changes in technology.” Praising measures in the ADPPA that would give consumers the right, for the first time, to seek damages in court for violations of their privacy rights, Pelosi said the House “will continue to work with Chairman Pallone to address California’s concerns.” As previously covered by InfoBytes, the ADPPA also received criticism from several state attorneys general who argued, among other things, that “Congress should adopt a federal baseline, and continue to allow states to make decisions about additional protections for consumers residing in their jurisdictions,” instead of preempting areas of state privacy regulation.
CFPB examines finances and debt in Appalachia
On September 1, the CFPB released a report detailing family finances and debt in rural Appalachia, intended to provide a starting point in better understanding the needs and challenges of these consumers. The report—which is the first in a series regarding the finances of consumers living in rural areas—focuses on rural Appalachians, who, according to the Bureau, tend to earn less than consumers in other rural areas and have higher rates of subprime credit. According to the report, of the 26 million people living in the Appalachian region, 33 percent live in rural counties. Over 2 million Appalachians live in Persistent Poverty Counties (PPCs), which are defined as counties that have had poverty rates of 20 percent or higher for the past 30 years. Nearly one-in-four Appalachians are carrying some amount of medical debt, according to the report, compared with 17 percent of people nationally. Those people in the region with medical debt have more than double the rate of delinquency on their credit report compared to people without medical debt. Other findings of the report include, among other things, that: (i) 71 percent of rural Appalachians and 63 percent of those living in PPCs have an active credit card, compared to 80 percent of consumers nationally; (ii) auto loan balances equal 31 percent of household annual income for rural Appalachians, compared to 21 percent nationally; (iii) denial rates for mortgage applications in rural Appalachia were almost twice the rate of mortgage applications nationally; and (iv) though the high school graduation rate for individuals in Appalachia is higher than the national average, the percentage of individuals who attended some college is significantly lower than the national average. According to the Bureau, these circumstances have “led to disproportionately high levels of distress in rural Appalachians’ consumer financial lives.”
House Oversight seeks info from digital asset exchanges, financial regulators
On August 30, the Subcommittee on Economic and Consumer Policy of the House Committee on Oversight and Reform announced that Representative Raja Krishnamoorthi (D-IL), Chair of the Subcommittee, sent letters to the U.S. Treasury Department, SEC, CFTC, and FTC, in addition to five digital asset exchanges, requesting information on how they are combating cryptocurrency-related fraud and scams. According to his letters, Chairman Krishnamoorthi is “concerned about the growth of fraud and consumer abuse linked to cryptocurrencies.” He further added that “[t]he lack of a central authority to flag suspicious transactions in many situations, the irreversibility of transactions, and the limited understanding many consumers and investors have of the underlying technology make cryptocurrency a preferred transaction method for scammers.” In the letters to the federal agencies, he stated that “the federal government has been slow to curb cryptocurrency scams and fraud,” and that “[e]xisting federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” In one of the letters to the digital asset exchanges, Krishnamoorthi noted that “cryptocurrency exchanges must themselves act to protect consumers conducting transactions through their platforms.” The letters requested that all recipients provide information to the subcommittee outling “steps they are taking to combat cryptocurrency-related fraud and scams and additional actions that are needed to protect Americans” in order to “help Congress understand what they are doing to protect consumers and inform legislative solutions to bring stability to the digital asset industry.”
Treasury caps Russian oil sales; OFAC guidance coming soon
On September 2, the U.S. Treasury Department announced that G7 Finance Ministers confirmed their joint intention to implement a price cap on Russian-origin crude oil and petroleum products. According to the statement, G7 countries, along with other allies and partners, “plan to prohibit the provision of services that enable maritime transportation of such oil and products unless purchased at or below a price level determined by the coalition of countries adhering to and implementing the price cap.” Secretary of the Treasury Janet L. Yellen issued a statement commending the action. She noted that the price cap will “help deliver a major blow for Russian finances and will both hinder Russia’s ability to fight its unprovoked war in Ukraine and hasten the deterioration of the Russian economy,” while also maintaining supplies to global energy markets by keeping Russian oil flowing at lower prices.
In conjunction with the announcement, OFAC said it plans to publish preliminary guidance on implementing the price cap later this month. The guidance will provide a high-level overview of the mechanism, including how U.S. persons can comply in advance of formal guidance and legal implementation which will be issued at a later date.