InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB highlights abuses in military allotment system
On June 2, the CFPB posted a blog post highlighting abuses within the military allotment system with respect to servicemembers’ automatic recurring payments. According to the Bureau, the allotment system was established to help servicemembers make payments directly from their paychecks, especially when deployed away from home. However, according to the CFPB some lenders have been abusing the allotment system, with certain lenders using the system “as a means of prioritizing repayment of that lender’s loan over the servicemember’s payments of other expenses.” The Bureau noted that servicemembers have other options for automatic payments that are usually free of charge and provide more legal protections than the allotment system, and reiterated that the Department of Defense (DoD) made significant changes in 2014 that prohibited new allotments to purchase, lease, or rent personal property like cars, furniture, and electronics, and “expanded the allotment prohibition in the Military Lending Act (MLA) to include a wider range of credit products, like installment loans, that cannot be repaid by allotment” (revised MLA regulations covered by InfoBytes here).
Through consumer complaints and the work of the agency’s Office of Servicemember Affairs, the Bureau stated it continues to hear about significant concerns in this space, including that some lenders are requiring servicemembers to repay by allotment (a violation of the MLA), and other lenders are entering into partnerships with allotment processing banks to create “allotment-funded savings accounts” for servicemembers in order to evade DoD protections. The blog post emphasized the Bureau’s commitment to protecting servicemembers from abuses and provided information for servicemembers on filing complaints should they believe they have been unfairly treated by a company through the military allotment system.
FTC to modernize guidance on preventing digital deception
On June 3, the FTC announced that it is soliciting public comment on modernizing the agency’s business guidance titled “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,” which was published in 2013 and provides guidance to businesses on digital advertising and marketing. In seeking public comment on possible revisions, the FTC is seeking information on the technical and legal issues that consumers, the FTC’s law enforcement partners, and others believe should be addressed. The issues include, among other things: (i) the usage of sponsored and promoted advertising on social media; (ii) advertising embedded in games and virtual reality and microtargeted advertisements; and (iii) the usage of dark patterns, manipulative user interface designs used on websites and mobile apps, and digital advertising that pose unique risks to consumers. According to the Commission, this effort “is one of a number of initiatives the FTC is undertaking to tackle dark patterns and digital deception, including issuing a click-to-cancel policy statement, proposing strengthened advertising guidelines against fake and manipulated reviews, arming staff with new tools to investigate dark patterns, and authorizing a Notice of Penalty Offense against deceptive reviews.” Comments close on August 2.
OFAC sanctions individuals connected to Mexican cartels
On June 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 14059 against six individuals for engaging with a Mexico-based drug traffic organization. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson stated that “[v]iolence and corruption have been critical to [the organization’s] growth in the past decade,” which has “fueled the cartel’s territorial expansion, and with it a greater capacity to traffic deadly drugs to the United States.” The sanctions are the result of a collaboration between Treasury, the Government of Mexico, and the U.S. Drug Enforcement Administration (DEA) with support from the U.S. Customs and Border Protection. As a result of the sanctions, the designated persons’ property located in the U.S. or held by U.S. persons is blocked and must be reported to OFAC. Additionally, OFAC regulations generally prohibit U.S. persons from participating in transactions with the designated persons.
OFAC sanctions additional networks used by Russian elites, issues new Russia-related General Licenses
On June 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additional sanctions pursuant to Executive Orders (E.O.) 14024, 13685, and 13661, against key networks used by Russian elites, including President Putin, that target “a Kremlin-aligned yacht brokerage, several prominent Russian government officials, and a close Putin associate and money-manager [] who is a custodian of President Putin’s offshore wealth.” OFAC’s announcement also identified “yachts and aircraft in which sanctioned Russian elites maintain interests.” The designations were taken in tandem with the Department of State (which imposed sanctions on five Russian oligarchs and elites) as well as the Department of Commerce (which added 71 new parties located in Russia and Belarus to its Entity List, thus “further restricting the Russian military’s ability to obtain technologies and other items it needs to sustain aggression and project power”).
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons in the U.S. are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC noted that U.S. persons are prohibited from participating in transactions with the sanctioned persons unless authorized by a general or specific license.
On the same day, OFAC issued several new Russia-related general licenses (GL): (i) GL 25B authorizes transactions related to telecommunications and certain internet-based communications that are otherwise prohibited by Russian Harmful Foreign Activities Sanctions Regulations; (ii) GL 36 and GL 37 authorize the wind down of transactions normally prohibited by E.O. 14024 involving an identified public joint stock company and a gold mining company respectively; and (iii) GL 38 authorizes transactions related to pension payments to U.S. persons that are normally prohibited by E.O. 14024 “provided that the only involvement of blocked persons is the processing of funds by financial institutions blocked pursuant to E.O. 14024.” Additionally, OFAC issued several new and amended Russia-related frequently asked questions.
Special Alert: Eleventh Circuit upholds terms of arbitration agreement in challenge under Dodd-Frank
On May 26, 2022, the United States Court of Appeals for the Eleventh Circuit issued a published decision holding that the Dodd-Frank Act does not prohibit the enforceability of delegation clauses contained in consumer arbitration agreements “in any way.” This opinion is of potentially broad significance in the class action and arbitration space since it is one of the first appellate decisions in the country concerning Dodd-Frank’s arbitration provision and supports broad enforcement of delegation clauses even where a statute could allegedly prohibit arbitration of the underlying claim.
In Attix v. Carrington Mortgage Services, LLC, the Eleventh Circuit reversed a decision of the United States District Court for the Southern District of Florida denying Carrington’s motion to compel arbitration that was based on the plaintiff’s argument that the anti-waiver provision in the Dodd-Frank Act, prohibited enforcement of the arbitration agreement. The anti-waiver provision of the Dodd-Frank Act provides that “no other agreement between the consumer and the creditor relating to the residential mortgage loan or extension of credit . . . shall be applied or interpreted so as to bar a consumer from bringing an action in an appropriate district court of the United States.” The district court agreed with the plaintiff’s argument that the Dodd-Frank Act prohibited arbitration of the underlying dispute and in doing so, side-stepped the delegation clause that delegated such threshold determinations to an arbitrator.
In a 52-page published opinion, the Eleventh Circuit reversed the decision of the district court, holding that the Dodd-Frank Act does not prohibit enforcing delegation clauses, such as the clause at issue, which “clearly and unmistakably” delegates to the arbitrator “threshold arbitrability disputes.” The circuit court found that in such circumstances, all questions of arbitrability are delegated to an arbitrator “unless the law prohibits the delegation of threshold arbitrability issues itself.”
The court went on to broadly hold that the Dodd-Frank Act does not prohibit the enforceability of delegation clauses “in any way.” In doing so, the Eleventh Circuit explained that if Dodd-Frank had been intended to prohibit the enforcement of delegation clauses, then it could have been drafted that way, but instead, “the actual statute is silent as to who may decide whether a particular contract falls within the scope of its protections.” While the Dodd-Frank Act prohibits arbitration agreements from being applied or interpreted in a particular manner, it does not prohibit the enforcement of delegation clauses, and as a result, the court held that under the terms of Carrington and the plaintiff’s agreement, the arbitrator (and not the court) must determine the threshold question of whether the Dodd-Frank Act prohibits enforcement of Carrington’s arbitration agreement since it is a “quintessential arbitrability question.”
Significantly, the court also held that a challenge to an agreement to arbitrate on the basis that a statute precludes its enforcement is not a “specific challenge” to a delegation clause found within the arbitration agreement, such that the court lacks jurisdiction to review the enforceability of the delegation clause. In other words, where a challenge “is only about the enforceability of the parties’ primary arbitration agreement” and there is a delegation clause, “an arbitrator must resolve it.” As the Eleventh Circuit explained, “when an appeal presents a delegation agreement and a question of arbitrability, we stop. We do not pass go.”
This case has significance for anyone considering drafting an arbitration agreement particularly in a class action context. A threshold drafting question is whether or not to delegate issues of arbitrability to the arbitrator or allow a court to resolve the issue. Under this decision, a question of whether a statute bars arbitration of claims is for the arbitrator to decide when there is a delegation clause, unless the statute also explicitly bars delegation clauses. This decision reinforces that inclusion of a properly drafted delegation clause in an arbitration agreement can result in a case improperly filed in court being more quickly sent to arbitration, even where the dispute is whether a statute prohibits the claim from being arbitrated in the first instance.
Buckley represented Carrington on appeal with a team comprising Fredrick Levin, who argued the appeal, Scott Sakiyama, Brian Bartholomay, and Sarah Meehan. For questions regarding the case, please contact one of the team members or a Buckley attorney with whom you have worked in the past.
FINRA levies $15 million fine for software flaw that increased mutual-fund prices
On June 2, the Financial Industry Regulatory Authority (FINRA) announced it had entered into a Letter of Acceptance, Waiver, and Consent (AWC), which ordered a New York-based member brokerage firm to pay more than $15.2 million in restitution and interest to customers who were steered by a software flaw in its automated system into purchasing higher-priced mutual fund shares when other shares were available at substantially lower costs. According to FINRA, the firm’s system, which is designed to restrict a customer’s purchase of Class C shares when lower cost Class A shares are available, allegedly “failed to correctly identify and implement applicable purchase limits on Class C shares,” thus causing thousands of customers to purchase Class C shares and incur fees and charges. The firm neither admitted nor denied the findings set forth in the AWC agreement but accepted and consented to the entry of FINRA’s findings and agreed to convert shares where applicable. FINRA stated that it “did not impose a fine due to the firm’s extraordinary cooperation and substantial assistance with the investigation.”
SEC publishes final rule requiring certain electronic filings
On June 3, the SEC announced a final rule requiring certain forms to be filed or submitted electronically. The final rule also amends forms to require structured data reporting and remove outdated references. According to the SEC, the final rule is “intended to promote efficiency, transparency, and operational resiliency by modernizing how information is filed or submitted to the Commission and disclosed to the public.” The SEC also noted that electronic filings will be more accessible and available on the SEC website in searchable formats. The public comment period will be open for 30 days after publication in the Federal Register. The SEC released a Fact Sheet providing information on the amendments to electronic filing requirements. According to a statement released by SEC Chair Gary Gensler, the final rule “will modernize and increase the efficiency of the filing process—for filers, investors, and the SEC.”
California’s privacy agency posts CPRA proposal
Recently, in advance of its June 8 board meeting, the California Privacy Protection Agency (CPPA) Board posted draft regulations to implement the California Privacy Rights Act (CPRA). As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020. Earlier this year, the CPPA provided an update on the CPRA rulemaking process, announcing its intention to finalize rulemaking in the third or fourth quarter of 2022 (covered by InfoBytes here). While the CPRA established a July 1, 2022 deadline for rulemaking, CPPA Executive Director Ashkan Soltani stated during the February meeting that the rulemaking process will extend into the second half of the year. An updated formal rulemaking timeline may be released during the June 8 meeting.
The draft regulations, which were introduced outside of the rulemaking process, set forth a working draft of the regulations to implement the CPRA and modify certain provisions and propose new regulations, including:
- Adding, amending, and striking certain definitions. The CPRA draft regulations modify the definitions in the CCPA regulations. Specifically, the amendments strike “affirmative authorization” and “household” from its list of definitions, but adds new terms such as “disproportionate effect,” “first party,” “frictionless manner,” “notice of right to limit,” “opt-out preference signal,” as well as terms related to a consumer’s right to request to correct, opt-in to sale/sharing, delete, know, or limit.
- Outlining restrictions on the collection and use of personal information. The draft regulations state that a business’s collection, use, retention, and/or sharing of a consumer’s personal information must be “reasonably necessary and proportionate,” and “must be consistent with what an average consumer would expect when the personal information was collected.” Businesses also must obtain a consumer’s explicit consent prior to collecting, using, retaining, and/or sharing the personal information for any purpose that is unrelated or incompatible with the original purpose for which the personal information was collected or processed.
- Providing disclosure and communications requirements. Disclosures and communications are required to be easy to read and understandable to consumers, be available in languages in which the business ordinarily provides information, and be reasonably accessible to consumers with disabilities. The draft regulations also stipulate requirements for website and mobile application links.
- Describing requirements for submitting CCPA requests and obtaining consumer consent. The draft regulations set forth methods for submitting CCPA requests and obtaining consumer consent, including requirements regarding the manner in which such requests and consents may be obtained. For example, the requests and consents must be easy to understand, must include symmetry in choice, and avoid confusing and manipulative language. Methods that do not comply with these requirements may be considered a “dark pattern” and will not constitute consumer consent.
- Amending requirements related to a business’s privacy notice. The draft regulations would amend the requirements related to the information that must be included in a privacy notice related to a business’s online and offline practices regarding the collection, use, sale, sharing, and retention of personal information; and an explanation of CPRA rights conferred on consumers regarding their personal information, how they can exercise their rights, and what they can expect from this process.
- Amending notices required by the CCPA. The draft regulations set forth additional requirements related to the notice at collection, the notice of right to opt-out of sale/sharing, and the “Do Not Sell or Share My Personal Information” link, such as updates to the content of the notices, location of the notices/links, and the effects of certain requests (e.g. “clicking the business’s ‘Do Not Sell or Share My Personal Information’ link will either have the immediate effect of opting the consumer out of the sale or sharing of personal information or lead the consumer to a webpage where the consumer can learn about and make that choice”). The draft regulations would also amend the notice of financial incentive.
- Providing instructions for the Notice of Right to Limit Use of Sensitive Personal Information. The draft regulations outline requirements for businesses to comply with a consumer’s rights to limit the use of sensitive personal information. They also provide businesses the option to use an alternative opt-out link to allow “consumers to easily exercise both their right to opt-out of sale/sharing and right to limit, instead of posting the two separate…links.”
- Amending methods for handling consumer requests to delete, correct, and know. The draft regulations outline additional documentation requirements, as well as guidance on responding to consumer requests, including explanations for denying a request. Notably, in response to a request to know, “a business shall provide all the personal information it has collected and maintains about the consumer on or after January 1, 2022, including beyond the 12-month period preceding the business’s receipt of the request, unless doing so proves impossible or would involve disproportionate effort.” Additionally, a company that intends to collect additional categories of information that are “incompatible” with the originally disclosed purpose must provide a new notice at collection and obtain new consent.
- Opt-out preference signals. The draft regulations set forth requirements for opt-out preference signals and how businesses should respond to such preferences. Specifically, the draft regulations provide that processing an opt-out preference must be done in a “frictionless manner” and includes examples.
- Addressing consumer requests for limiting the use and disclosure of sensitive personal information. Businesses will be required to provide two or more designated methods for submitting requests to limit and must, among other things, comply with a request to limit “as soon as feasibly possible, but no later than 15 business days from the date the business receives the request.” All service providers, contractors, and third parties must comply as well. The regulations set forth exceptions to the limitations for using and disclosing sensitive personal information.
The draft regulations also amend provisions related to contract requirements for service providers/contractors/third parties, verification of requests, authorized agents, minor consumers, discriminatory practices, requirements for businesses collecting large amounts of personal information, and investigations and enforcement.
Coding glitch hits credit scores
Recently, a consumer reporting agency (CRA) informed lenders and industry members that it experienced a coding issue when it changed some of the technology to its legacy online model platform. As a result of the issue, the CRA advised that the miscalculation impacted approximately 12 percent of credit scores, although credit reports were not affected.
In response, on June 1, Fannie Mae issued a notice regarding the coding error. Fannie Mae reminded lenders “of their obligations under the Selling Guide to correct erroneous credit data, ensure the accuracy of the credit data submitted to Desktop Underwriter® (DU® ) at the time of loan sale, and to provide any corrected information to us.” Freddie Mac issued a similar notice advising lenders of their credit reporting and data correction responsibilities. Both Fannie Mae and Freddie Mac are monitoring the situation and may issue additional guidance regarding the coding issue.
OFAC issues FAQs related to securities investments in Chinese military companies
On June 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published three new frequently asked questions related to the Chinese military-industrial complex sanctions. As previously covered by InfoBytes, Executive Order 13959, as amended, addressed threats from securities investments that finance Communist Chinese military companies. The FAQs address questions pertaining to (i) whether U.S. financial institutions are required to block the attempted purchase or sale of covered securities after the relevant 365-day divestment period; (ii) whether U.S. financial institutions are permitted to process transactions for holders of covered securities related to stock splits, cash dividends, or dividend reinvestments; and (iii) whether U.S. persons are required to divest their holdings of covered securities before the end of the relevant 365-day divestment period.