Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court approves $4.3 million data breach settlement
Earlier this month, the International Organization of Securities Commissions (IOSCO) released draft policy recommendations to support greater regulatory and oversight consistency within the crypto and digital assets markets. According to the global securities watchdog, regulators must strive for consistency in their oversight of crypto-asset activities given the cross-border nature of these markets and the varying approaches taken by individual jurisdictions. Seeking to optimize consistency in the way crypto-asset and securities markets are regulated, the IOSCO advised regulators to enhance cooperation efforts and attempt “to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets in order to facilitate a level-playing field between crypto-assets and traditional financial markets and help reduce the risk of regulatory arbitrage.” Encouraging regulators to engage in rulemaking and information sharing, the IOSCO presented a comprehensive strategy for harmonizing the oversight of crypto companies, including standards on conflicts of interest and governance, fraud and market abuse, cross-border cooperation, custody of client monies and assets, and operational and technological risks. The IOSCO also suggested measures for reducing money laundering risks, explaining that crypto assets may be more appealing to criminals who want to avoid traditional financial system oversight. The IOSCO noted that its goal is to finalize its policy recommendations in early Q4 2023. Comments will be received through July 31.
CFPB announces $9 million settlement with bank on credit card servicing
On May 23, the CFPB announced a settlement to resolve allegations that a national bank violated TILA and its implementing Regulation Z, along with the Consumer Financial Protection Act. The Bureau sued the bank in 2020 (covered by InfoBytes here) claiming that, among other things, when servicing credit card accounts, the bank did not properly manage consumer billing disputes for unauthorized card use and billing errors, and did not properly credit refunds to consumer accounts resulting from such disputes. At the time, the bank issued a response stating that it self-identified the issues to the Bureau five years ago while simultaneously correcting any flawed processes.
The bank neither admitted nor denied the allegations but agreed under the terms of the stipulated final judgment and order filed in the U.S. District Court for the District of Rhode Island to pay a $9 million civil penalty. In addition to amending its credit card practices, the bank is prohibited from automatically denying billing error notices and claims of unauthorized use of cards should the customer fail to provide a fraud affidavit signed under penalty of perjury. The bank must also (i) credit reimbursable fees and finance charges to a customer’s account when unauthorized use and billing errors occur; (ii) provide required acknowledgement and denial notices to customers upon receipt or resolution of billion error notices; and (iii) provide customers who call its credit counseling hotline with at least three credit counseling referrals within the caller’s state. The bank must also maintain procedures to ensure customers are properly refunded any fees or finance charges identified by valid error notices and unauthorized use claims. The bank issued a statement following the announcement saying that while it “continues to disagree with the CFPB’s stance with respect to these long-resolved issues, which were self-identified and voluntarily addressed years ago,” it is pleased to resolve the matter.
Default judgment entered against provider of immigration bonds
The U.S. District Court for the Western District of Virginia recently entered default judgment against defendants accused of misrepresenting the cost of immigration bond services and deceiving migrants to keep them paying monthly fees by making false threats of deportation for failure to pay. As previously covered by InfoBytes, the defendants—a group of companies providing immigration bond products or services for non-English speaking U.S. Immigration and Customs Enforcement detainees—were sued by the CFPB and state attorneys general from Massachusetts, New York, and Virginia in 2021 for allegedly engaging in deceptive and abusive acts and practices in violation of the Consumer Financial Protection Act (CFPA). The defendants argued that the court lacked subject matter jurisdiction because the Bureau did not have authority to enforce the CFPA since the defendants are regulated by state insurance regulators and are merchants, retailors, or sellers of nonfinancial goods or services. However, the court disagreed, explaining that “limitations on the CFPB’s regulatory authority do not equate to limitations on this court’s jurisdiction.” (Covered by InfoBytes here.)
As explained in the court’s opinion, last year the plaintiffs filed a motion for sanctions and for an order to show cause why the court should not hold the defendants in contempt for actions relating to several ongoing discovery disputes. The court determined that the defendants failed to demonstrate that “factors other than obduracy and willfulness” led to their failure to comply with multiple discovery orders and that the defendants engaged in a “pattern of knowing noncompliance with numerous orders of the court.” These delays, the court said, have significantly harmed the plaintiffs in their ability to prepare their case. Finding each defendant in civil contempt of court, the court also entered a default judgment against the defendants, citing them for discovery violations in other cases. The court set June deadlines for briefs on remedies and damages.
CFPB brief defends funding structure
On May 8, petitioner CFPB filed its brief with the U.S. Supreme Court, criticizing the U.S. Court of Appeals for the Fifth Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the appellate court found that the Bureau’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here). The 5th Circuit’s decision also vacated the agency’s Payday Lending Rule on the premise that it was promulgated at a time when the Bureau was receiving unconstitutional funding.
Earlier this year, the Bureau filed a petition for a writ of certiorari, which the Court granted (covered by InfoBytes here). The Bureau explained in its petition that the 5th Circuit’s decision would negatively impact its “critical work administering and enforcing consumer financial protection laws” and “threatens the validity of all past CFPB actions as well” as the decision vacates a past agency action based on the purported Appropriations Clause violation. Community Financial Services Association of America (CFSA) filed a conditional cross-petition, seeking review on other aspects of the 5th Circuit’s decision, including that the 5th Circuit’s decision does not warrant review because the appellate court correctly vacated the Payday Lending Rule, which, according to the respondents, has “multiple legal defects, including but not limited to the Appropriations Clause issue.” (Covered by InfoBytes here.)
In its opening brief, the Bureau expanded on why it believes the 5th Circuit erred in its holding. The Bureau argued that the text of the Appropriations Clause “does not limit Congress’ authority to determine the specificity, duration, and source of its appropriations.” The agency further explained that Congress has chosen similar funding mechanisms for many other financial regulatory agencies, including the FDIC, NCUA, FHFA, and the Farm Credit Administration (and agencies outside of the financial regulatory sector), where they are all funded in part through the collection of fees, assessments, and investments. The Bureau emphasized that the 5th Circuit and the CFSA failed “to grapple with the Appropriation Clause’s text, Congress’ historical practice, or [Supreme] Court precedent,” but instead asserted only that the funding mechanism was “unprecedented.” “Congress enacted a statute explicitly authorizing the CFPB to use a specified amount of funds from a specified source for specified purposes,” the Bureau emphasized. “The Appropriations Clause requires nothing more.” The 5th Circuit’s “novel and ill-defined limits on Congress’s appropriations authority contradict the Constitution’s text and congressional practice dating to the Founding.”
The Bureau also addressed the now-vacated Payday Lending Rule. Arguing that even if there were some constitutional flaw in 12 U.S.C. § 5497 (the statute creating the Bureau’s funding mechanism), the 5th Circuit should have looked for some cure to allow the remainder of the funding mechanism to stand independently instead of “adopting an unjustified and profoundly disruptive retrospective remedy” and presuming the funding mechanism created under Section 5497(a)-(c) was entirely invalid. The Bureau also stressed that vacatur of the agency’s past actions was not an appropriate remedy and is inconsistent with historical practice. Adopting a remedial approach, the Bureau warned, would inflict significant disruption by calling into question 12 years of past agency actions.
The Bureau urged the Court to at most grant only “prospective relief preventing the CFPB from enforcing the Payday Lending Rule against [CFSA] or their members until Congress provides the Bureau with funding from another source.” While such an approach could still “upend” the Bureau’s activities, “it would at least avoid the profoundly disruptive effect of unwinding already completed and concededly authorized agency actions like the Payday Lending Rule,” the Bureau wrote, adding that “[v]acatur of the CFPB’s past actions would be inappropriate in light of the significant disruption that such vacatur would produce.”
District Court denies servicer’s claims that it never received QWR
The U.S. District Court for the Eastern District of Missouri recently considered whether a mortgage servicer received a borrower’s qualified written request (QWR) relating to a missed mortgage payment. The borrower sent a money order to cover two monthly mortgage payments, but the payments were not properly credited to her account. The borrower made several attempts to contact the mortgage servicer about the improperly credited payment. After receiving a formal notice of default, the borrower sent a “Request for Information and Notice of Error” (NOE) to the servicer explaining the situation and asking that her account be updated to reflect that all payments had been made and requesting the removal of late fees and charges. She also asked that her loan be removed from default status and sent letters to the credit reporting agencies formally disputing the delinquent payment reports. According to the court’s opinion, the borrower claimed that the servicer violated RESPA by failing to respond and violated the FCRA by failing to conduct a reasonable investigation into her credit disputes and verifying inaccurately furnished information.
In considering both parties’ motions for summary judgment, the court granted the borrower’s motion on liability with respect to her RESPA claim and denied the servicer’s motion for summary judgment on the FCRA claims on the basis that the borrower provided evidence of actual damages resulting from the servicer’s alleged FCRA violation. The court explained that RESPA requires mortgage servicers to respond to a QWR within five days to acknowledge receipt, and again within 30 days by either correcting the account, providing a written explanation as to why it believes the account is correct, or providing the information requested by the borrower or an explanation of why the information requested is unavailable. Failure to do so entitles a borrower to any actual damages suffered as result of the failure. Claiming the NOE was a QWR, the borrower presented evidence, including a certified mail receipt allegedly showing the NOE was signed for by one of the servicer’s representatives. The servicer countered that because it had no record of the correspondence, its RESPA duties were not triggered. The servicer further argued that the NOE did not qualify as a QWR because it failed to provide sufficient information for it to investigate or respond to the request, and that even if it was a QWR, the borrower had failed to show actual damages.
The court disagreed, determining (i) that the servicer failed to prove it did not receive the NOE, and (ii) that the NOE constituted a QWR. “The information in the letter alone is sufficient to qualify as a QWR,” the court wrote. “The letter quite specifically states the error [the borrower] believed to have occurred…. This is not an ‘overbroad’ and generalized statement of ‘bad servicing.’ It identifies an error specifically contemplated by RESPA’s regulations.” The court further added that “RESPA does not require that a lender’s violations be the sole cause of a borrower’s emotional distress. It merely requires that damages be causally related to a violation of the statute.” However, the court noted that the borrower still needs to prove at trial the extent of damages caused by the servicer's alleged violation.
France fines facial recognition company additional €5.2 million for noncompliance
On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply with an October order. As previously covered by InfoBytes, last fall CNIL imposed a €20 million penalty against the company for allegedly violating the EU’s General Data Protection Regulation (GDPR) after investigations found that the company allegedly processed personal biometric data without a legal basis (a breach of article 6 of the GDPR), and failed to take into account an individual’s rights in an “effective and satisfactory way”—particularly with respect to requests for access to their data (a breach of articles 12, 15 and 17 of the GDPR). CNIL reported that the company had two months after receiving the October order to stop collecting and processing data on individuals located in France “without any legal basis, and to delete the data of these individuals, after responding to requests for access it received.” Because the company did not submit proof of compliance within this time frame, CNIL imposed an additional fine on top of the original penalty.
6th Circuit: Tennessee judicial foreclosure time-barred
On May 4, the U.S. Court of Appeals for the Sixth Circuit affirmed a lower court’s decision in a judicial foreclosure action, holding that a bank’s lawsuit was barred by Tennessee’s 10-year statute of limitations for actions to enforce liens on real property. The appellate court also refused to establish an equitable lien on the property in favor of the bank. According to the opinion, the home equity line of credit at issue in the case matured in 2007, requiring a final balloon payment, but the bank did not demand this payment, refinance the loan, or foreclose on the property. Instead, the bank continued to accept monthly interest payments totaling around $100,000 until 2017. The opinion reflected that the bank did not contend there to be a written instrument showing an extension of the loan or that such an extension was recorded. Rather, the bank raised several arguments, including that there was an oral modification to the loan and that it had the unilateral right to extend the loan based on “a future advances provision that could extend the maturity date for up to twenty years.” The bank further argued that the defendants’ monthly interest payments excused any writing requirement and evidenced an agreement to extend the loan’s maturity date. The appellate court disagreed, concluding that because the bank could not show, as a matter of law, that the loan’s maturity date was extended, its suit is untimely. The appellate court stated that the bank was aware that the loan “was in default as early as 2011 (well within the statute of limitations period) but took no action to foreclose or refinance.” The 6th Circuit further noted that if the bank had “simply memorialized an extension to the [l]oan’s maturity date in writing as required by Tenn. Code Ann. § 28-2-111(c), it would not be in this situation.”
District Court preliminarily approves $300 million auto insurance settlement
On May 1, the U.S. District Court for the Northern District of California preliminarily approved a $300 million class action settlement resolving claims that a national bank hid misconduct relating to its auto insurance practices. The lead plaintiff alleged that, between November 3, 2016 and August 3, 2017, the defendant made materially false or misleading statements in violation of the Securities Act, which artificially inflated the price of the defendant’s stock. Specifically, the plaintiff maintained that the defendant concealed that it allegedly force-placed unneeded collateral protection insurance (CPI) on many of its customers and failed to refund unearned guaranteed auto protection (GAP) premiums to other customers, which led to more than 20,000 customers having their cars repossessed. The plaintiff further alleged that the defendant was aware of these issues but failed to disclose them to investors or the public, and claimed that the facts did not emerge until they were published by the media in July of 2017. As a result, class members who purchased defendant’s stock during the relevant period allegedly suffered economic losses when the stock price declined as a result of two corrective disclosures that revealed the CPI and GAP issues to investors. A hearing later this year will determine the service fee award and attorneys’ fees and expenses (to be no more than 25 percent of the settlement amount). The defendant denies all claims of wrongdoing.
FTC obtains TROs to halt student loan debt relief schemes
On May 8, the FTC announced that the U.S. District Court for the Central District of California recently issued temporary restraining orders (TROs) against two student loan debt relief companies that allegedly tricked consumers into paying for nonexistent repayment and loan forgiveness programs. According to the complaints (see here and here), the defendants allegedly made deceptive claims in order to lure low-income consumers into paying hundreds to thousands of dollars in illegal upfront fees as part of a purported plan to pay down their student loans. The defendants allegedly made consumers believe that they were enrolled in a legitimate loan repayment program, that their loans would be forgiven in whole or in part, and that most or all of their payments would be applied to their loan balances. The FTC alleges that, in reality, the defendants pocketed the borrowers’ payments. The FTC also charged the defendants with falsely claiming to be or be affiliated with the Department of Education and stating that they were purchasing borrowers’ debt from federal student loan servicers in order to secure debt relief on their behalf. When consumers realized the debt relief program did not exist, the defendants allegedly often refused to provide refunds.
According to the FTC, these deceptive misrepresentations violated Section 5 of the FTC Act and the Telemarketing Sales Rule (TSR). The FTC also alleges that the companies violated the Gramm-Leach-Bliley Act (GLBA), by using deceptive tactics to obtain consumers’ financial information, and the TSR, by calling numbers listed on the National Do Not Call Registry and by failing to pay required Do Not Call Registry fees for access. In issuing the TROs (see here and here), which temporarily halt the two schemes and freeze the defendants’ assets, the court noted that, upon “[w]eighing the equities and considering the FTC’s likelihood of ultimate success on the merits,” there is good cause to believe that immediate and irreparable harm will occur as a result of the defendants’ ongoing violations of the FTC Act, the TSR, and the GLBA, unless the defendants are restrained and enjoined.
State appeals court says electronic bank statement constituted notice of new terms
On May 4, the Colorado Court of Appeals held that a plaintiff had constructive notice of updated terms and conditions in her membership agreement with a defendant credit union, which included an arbitration agreement with an opt-out provision. Plaintiff entered into a finance agreement with an auto dealer, which assigned the agreement to the defendant. To complete the assignment, the plaintiff opened a savings account and signed an agreement, in which she consented to receiving and accepting statements, notices, and disclosures electronically. A few years later, the defendant updated its membership agreement’s terms to include the arbitration provision and sent notices to members with their monthly bank statements. Plaintiff received an email with information about the updates and was given an opportunity to opt-out of the arbitration provision in writing within 30 days. Records show that the plaintiff received the email but did not open it. Defendant filed a motion to dismiss plaintiff’s class action complaint and compel arbitration, but the district court concluded that the plaintiff did not have actual or constructive notice of the arbitration agreement. In reversing the district court’s ruling, the Court of Appeals wrote “we do not deem the notice as being buried or hidden in [defendant’s] email, or the surrounding information as cluttering the screen to the extent that a reasonable person would be distracted from the important notice about the ‘updated ... Membership and Account Agreement.’” The Court of Appeals also disagreed with plaintiff’s argument that her “express and affirmative consent” was required for the defendant to add the arbitration provision to the terms, stating that “[u]nder the totality of the circumstances, [plaintiff] is deemed to have assented to the addition of the arbitration agreement” as she was constructively notified of the change, did not exercise her right to opt out, and continued to use her account.
While concurring with the majority, one of the judges questioned whether the “current ‘reasonable person’ standard that courts use for constructive notice is outdated given the economic realities of the digital age.” The judge asked whether the monthly bank statement has “significantly diminished in importance” or is becoming obsolete since consumers are able to check bank account balances and transactions “at any time and from any location.”