InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court grants TRO and preliminary injunction in FDCPA case
On July 7, the U.S. District Court for the Central District of Illinois granted a motion for a temporary restraining order and preliminary injunction against a defendant in an FDCPA case. In the motion, two individual plaintiffs claimed that the defendant called them 20 times in a three-day period and said he will continue calling “family, friends, and business interests until the [plaintiffs’] adult son’s debts are paid.” The plaintiffs’ attorney sent a notice to the defendant indicating that the plaintiffs were being represented and to not contact them directly. The defendant allegedly responded that he “does not intend to cease or desist.” After communicating with the plaintiffs’ attorney, the defendant allegedly called the plaintiffs’ business associates and employees over 40 times over a six-day period. The plaintiffs filed suit, claiming the defendant violated the FDCPA by, among other things, “using obscene language, and repeatedly and continuously calling Plaintiffs with the intent to abuse, annoy or harass,” and “threaten[ing] to sue them for debts that they do not owe.” According to the order, the defendant argued that the underlying debt is a business debt and thus not subject to the FDCPA. The district court found that the defendant “declined to present any evidence and refused the opportunity to testify under oath.” Ultimately, the district court stated that the plaintiffs “seek an injunction that only goes so far as to require Defendants’ compliance with the law.” Further, the district court noted that the defendant “will suffer no harm in that they are only being ordered to do that which is already legally required of them.”
4th Circuit says foreign debit fee contract language is ambiguous
On July 7, the U.S. Court of Appeals for the Fourth Circuit held that a class action breach of contract suit related to foreign debit card fees charged by a credit union may proceed. Class members claimed that the credit union’s contract allows fees only when customers make debit card purchases in a foreign country—not when customers make a purchase while they are physically in the U.S. even if the merchant is abroad. According to the contract’s disclosure agreement and fee schedule, debit card transactions “made in a foreign country” and non-credit union “Point-of-sale and ATM transactions made in a foreign country” will incur a one percent fee.
In vacating the district court’s ruling that the card contracts clearly prohibited these fees, the 4th Circuit concluded that the contract’s language is ambiguous and subject to different interpretations. While class members and the credit union both cited dictionary definitions in support of their arguments, the appellate court said the contract’s language “simply does not clarify whether the location of the account holder or the seller determines whether the transactions are made in foreign countries.” In an online context, the 4th Circuit pointed to questions posed by the 7th Circuit: “Where is the point of sale for such a purchase—the consumer’s computer? the vendor’s headquarters? the vendor’s server? cyberspace generally?” The 4th Circuit further noted that the contracts could have been clearly drafted to explain whether online transactions were “made in foreign countries” if they were between account holders physically in the U.S. and foreign sellers but “were not.”
CFPB sues payday lender over debt collection practices
On July 12, the CFPB filed a complaint against a Texas-based payday lender (defendant) for allegedly engaging in illegal debt-collection practices and allegedly generating $240 million in reborrowing fees from borrowers who were eligible for free repayment plans in violation of the CFPA. As previously covered by InfoBytes, in 2014, the Bureau ordered the defendant to, among other things, pay $10 million for allegedly using false claims and threats to coerce delinquent payday loan borrowers into taking out an additional payday loan to cover their debt. The Bureau stated that after the CFPB’s 2014 enforcement action, the defendant “used different tactics to make consumers re-borrow.” The complaint alleges that the defendant “engaged in unfair, deceptive, and abusive acts or practices by concealing the option of a free repayment plan to consumers who indicated that they could not repay their short term, high-cost loans originated by the defendant.” The Bureau also alleges that the defendant attempted to collect payments by unfairly making unauthorized electronic withdrawals from over 3,000 consumers’ bank accounts. The Bureau seeks permanent injunctive relief, restitution, disgorgement, damages, civil money penalties, and other relief.
Treasury solicits comments on digital assets
On July 12, the U.S. Treasury Department released a notice seeking public comment regarding potential opportunities and risks presented by digital assets. According to the announcement, Treasury is requesting input that will inform its work in carrying out its mandate under Executive Order 14067, Ensuring Responsible Development of Digital Assets, which directs Treasury, in consultation with the Secretary of Labor and other relevant agencies, to report to President Biden on the implications of development and adoption of digital assets and changes in financial market and payment infrastructures. The notice also seeks feedback from the public on potential risks associated with digital asset markets and how digital assets may benefit or pose risk to vulnerable populations. Comments must be received by August 8.
FHA revises appraisal validity period
On July 12, FHA released FHA INFO 2022-71, announcing the publication of Mortgagee Letter (ML) 2022-11, Revised Appraisal Validity Periods, which applies to Single Family Title II Forward and HECM programs. The ML increases the FHA initial appraisal validity period from 120 days to 180 days and extends the appraisal update validity period to one year. As a result of the ML, FHA will implement modifications to the appraisal-related functionality in FHA Connection (FHAC). For all case numbers assigned on or after September 6, the Appraisal Effective Date field on the FHAC Appraisal Logging screen will no longer be editable. Appraisal Logging for this field is automatically pre-filled with the information submitted from the electronic appraisal report. The updates outlined in ML 2022- 11 will be incorporated under the Single-Family Housing Policy Handbook 4000.1.
ARRC recommends transition steps for legacy USD LIBOR cash product contracts
On July 11, the Alternative Reference Rates Committee (ARRC) released the LIBOR Legacy Playbook to help support the transition away from legacy LIBOR cash products. ARRC estimated that approximately $74 trillion in legacy USD LIBOR exposures will mature after June 30, 2023, when the remaining USD LIBOR panels will cease. Of this amount, roughly $5 trillion are in cash products, which do not carry the benefit of a protocol process that will allow market participants to adopt a uniform set of robust fallbacks or a simple mechanism to determine which contracts are covered by those fallbacks. Rather, cash products have a range of fallbacks, the ARRC said, explaining that “currently there is no simple way, other than in many cases manual effort, to determine what the fallback for each contract is. Careful work will be needed to communicate the associated rate changes to counterparties to these contracts.”
The Playbook includes a compilation of publications by the ARRC and other available reference material to assist market participants in ensuring that the transition from LIBOR is operationally successful. The Playbook also recommends steps for market participants to take to successfully implement fallbacks for cash products, including: (i) thoroughly assessing the fallbacks that are embedded (either contractually or through legislation) in every USD LIBOR contract; (ii) remediating these contracts where feasible to reference the Secured Overnight Financing Rate prior to June 30, 2023; and (iii) adopting plans to communicate each contract’s fallback with affected parties for remaining LIBOR contracts, and making sure sufficient resources are allocated to ensure that rate changes are successfully implemented. The ARRC stressed that its recommendations are voluntary and that market participants must make independent decisions about how best to transition existing contracts to an alternative rate upon the cessation of USD LIBOR.
Find continuing LIBOR InfoBytes coverage here.
District Court orders CFPB to issue Section 1071 rulemaking by March 31
On July 11, the U.S. District Court for the Northern District of California issued an order setting March 31, 2023 as the deadline for the CFPB to issue a notice of proposed rulemaking (NPRM) on small business lending data. As previously covered by InfoBytes, the Bureau is obligated to issue an NPRM for implementing Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on lending to women and minority-owned small businesses. The requirement was established as part of a stipulated settlement reached in 2020 with a group of plaintiffs, including the California Reinvestment Coalition (CRC), who argued that the Bureau’s failure to implement Section 1071 violated two provisions of the Administrative Procedures Act, and harmed the CRC’s ability to advocate for access to credit, advise organizations working with women and minority-owned small businesses, and work with lenders to arrange investment in low-income and communities of color (covered by InfoBytes here).
Find continuing Section 1071 coverage here.
FSB releases statement on crypto-asset activities
On July 11, the Financial Stability Board (FSB) released a statement regarding international regulation and supervision of crypto-asset activities following the “recent turmoil in crypto-asset markets.” The FSB called for “an effective regulatory framework” to “ensure that crypto-asset activities posing risks similar to traditional financial activities are subject to the same regulatory outcomes, while taking account of novel features of crypto-assets and harnessing potential benefits of the technology behind them.” The statement also called for, among other things: (i) crypto-assets and markets to be subjected to effective regulation and oversight relative to their domestic and international risks; (ii) cryptocurrency service providers to ensure compliance with existing legal obligations in the jurisdictions where they operate; and (iii) stablecoins to be subject to “robust” regulations and supervision if they are to be adopted as a widely used means of payment or play an important role in the financial system. The FSB noted the “ongoing work of the FSB and the international standard-setting bodies to address the potential financial stability risks posed by crypto-assets,” and highlighted that member authorities will implement applicable international standards into national regulatory and supervisory frameworks “to the extent not already reflected and will adopt guidance, recommendations and best practices of international standard-setting bodies.”
FTC seeks to protect highly sensitive data
On July 11, the FTC’s Division of Privacy & Identity Protection published a blog post addressing risks associated with the sharing of highly personal information with strangers, particularly with respect to the use of technology that directly observes or derives sensitive information about users. The FTC noted that aside from location information, which is often automatically generated from consumers’ connected devices, consumers are also actively generating sensitive health information, including personal reproductive data, through apps on their devices. This “potent combination of location data and user-generated health data creates a new frontier of potential harms to consumers,” the FTC warned, pointing to the “ad tech and data broker ecosystem where companies have a profit motive to share data at an unprecedented scale and granularity.” Additionally, once the sensitive information is collected, the FTC said that consumers usually have no idea who has access to it, what the information is being used for, or that companies are profiting from the sale of their data. “The misuse of mobile location and health information–including reproductive health data–exposes consumers to significant harm,” the FTC stated. “Criminals can use location or health data to facilitate phishing scams or commit identity theft . . . and may subject people to discrimination, stigma, mental anguish, or other serious harms.” The FTC reminded companies that it is committed to using the full scope of its legal authorities to protect consumers’ privacy and that it “will vigorously enforce the law” to protect the security and privacy of consumers’ personal information. Companies are advised that sensitive information is protected by several federal and state laws and that making claims that data is “anonymous” or “has been anonymized” may be a deceptive trade practice under the FTC Act if untrue.
Fed discusses cybersecurity risk management and emerging threats
On July 7, the Federal Reserve Board published its 2022 Cybersecurity and Financial System Resilience Report. Issued pursuant to the Consolidated Appropriations Act, the Fed’s report described measures it has taken to strengthen cybersecurity in the financial services sector. The report identified cybersecurity as a high priority for the Federal Reserve System and Board-supervised institutions and recognized the increasing and evolving nature of cybersecurity threats to the financial system. It delivered an overview of the Fed’s supervisory policies and procedures, which, among other things, require supervised institutions to implement internal controls and information systems appropriate to the size of the institution and to the nature, scope, and risk of its activities. The report explained that examiners’ cybersecurity evaluations consider “the business model and activities conducted by supervised institutions as part of a principles-based supervision program.” According to the Fed, an examination’s scope “is set as part of a multiyear supervisory plan that considers key cybersecurity risks, the industry landscape, and other factors such as emerging technologies.” The Fed explained that as part of these evaluations, “examiners consider business-line controls, risk-management practices, assurance functions, and governance activities performed by the firm’s senior management and board of directors.”
The report also outlined intergovernmental, international, and public and private sector coordination activities, and included a list of recent actions taken by the Fed and other agencies to promote cybersecurity. Additionally, the report discussed current or emerging threats to financial institutions’ ability to operate and protect customer data, including ransomware, sophisticated distributed denial of service threats, increasing geopolitical tensions, and attacks to supply chains or third parties. Other emerging technology-related cybersecurity threats are also discussed including “[p]otential cybersecurity vulnerabilities in fintech applications,” such as cryptocurrency exchanges, banking applications, and other platforms that provide “threat actors an opportunity to steal funds or data by compromising victims’ computer systems or technology infrastructure used to interact with the products or services.”