Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 11, the Court of Appeals of the State of California affirmed the denial of an auto lender’s motion to compel arbitration, concluding that the arbitration clause was invalid and unenforceable. According to the opinion, in May 2019, consumers filed a class action complaint alleging the lenders charged unconscionable interest rates in violation of California’s Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA). The company moved to compel arbitration, which the consumers opposed, arguing that the agreement was “procedurally and substantively unconscionable,” and that the California Supreme Court decision in McGill v. Citibank, N.A. (covered by a Buckley Special Alert here, holding that a waiver of the plaintiff’s substantive right to seek public injunctive relief is not enforceable) applied. The trial court denied the motion to compel arbitration, concluding that the McGill rule applied and that the injunctive relief provision could not be severed from the rest of the arbitration agreement because severability did not apply to the class waiver provision.
On appeal, the state appellate court agreed with the trial court, concluding that the McGill rule applied. Specifically, the appellate court concluded that the injunctive relief the consumers were seeking “encompasses all consumers and members of the public,” and “an injunction under the CLRA against [the lender]’s unlawful practices will not directly benefit the Customers because they have already been harmed and are already aware of the misconduct.” Moreover, the appellate court determined that there is no precedent holding that “the remedy of public injunctions under CLRA and UCL should be limited to false advertising claims.” The court further concluded that the class waiver was not severable, stating that the lender’s argument that the arbitration agreement could not be determined void until after an appellate court reviews the viability of the class waiver was “illogical.” Accordingly, the appellate court affirmed the denial of the motion to arbitrate.
On January 13, the Illinois legislature unanimously passed the “Predatory Loan Prevention Act,” (available in House Amendment 3 to SB 1792), which would prohibit lenders from charging more than 36 percent APR on all consumer loans. Specifically, the legislation would apply to any non-commercial loan, including closed-end and open-end credit, retail installment sales contracts, and motor vehicle retail installment sales contracts. For calculation of the APR, the legislation would require lenders to use the system for calculating a military annual percentage rate under the Military Lending Act. Any loan made in excess of 36 percent APR would be considered null and void and no entity would have the “right to collect, attempt to collect, receive, or retain any principal, fee, interest, or charges related to the loan.” Additionally, each violation would be subject to a fine up to $10,000.
On December 29, the Florida Department of Financial Services, Office of Financial Regulation (the “Office”) amended rules related to the application procedures for prospective loan originator, mortgage broker , and mortgage lender licensees to provide an additional 45 days for submission of additional application information and to provide for the disposition of incomplete applications. Specifically, the amended rules allow the Office to grant an extension request of up to an additional 45 days to submit any requested information during the application process, so long as the request is made within the initial 45-day deadline. Should a license applicant fail to provide the additional requested information within the approved timeframe, the application will be removed from further consideration by the Office and closed. The amended rules are effective January 18.
Recently, the California Department of Financial Protection and Innovation (DFPI) issued a notice of proposed regulations (and accompanying statement of reasons) seeking to amend the state’s Escrow Law to clarify (i) the meanings of personal property and prohibited compensation; (ii) maintenance of books and preservation of records; and (iii) the annual report requirements. Among other things, the proposal adds “gametic material” to the definition of personal property to clarify that escrow agents may conduct transactions that hold and disburse funds under assisted reproduction agreements. Additionally, the update to the escrow books and records provisions are to “ensure that CPAs may participate in engagements to meet the annual audit report requirement for Escrow Law licensees without violating any rule of professional conduct.” Comments on the proposed regulatory amendments are due by February 15.
On January 6, a member of the New York Senate introduced S1061, which would update the New York Banking Law (the “Law”) to require a license for persons or entities engaging in the business of making or soliciting a “commercial financing product” in New York. The legislation defines a commercial financing product as “any advance of funds to a commercial or business enterprise made for the purpose of assisting the business with its capital needs,” including (i) loans made to a commercial enterprise of $500,000 or less; (ii) asset-based financing in the amount of $500,000 or less; and (iii) leasing transactions in the amount of $500,000 or less.
“Making or soliciting” includes:
- Providing commercial financing products to small businesses;
- Marketing commercial financing products for providers of commercial financing products;
- Receiving compensation from a provider of a commercial financing product in exchange for a referral; and
- An entity that partners with a federal or state banking organization originator and the entity: (i) acquires a participation interest in the commercial financing product, if the entity either (a) receives compensation from the originator or (b) services the commercial financing product; or (ii) provides indemnity or loss protection to the originator for losses the originator may incur based on the performance of the commercial financing product.
The legislation would exempt banking organizations as defined by the Law (all banks, trust companies, private bankers, savings banks, safe deposit companies, savings and loan associations, credit unions and investment companies), any lender who makes or solicits five or fewer commercial financing products within a 12-month period, and check casher licensees, among others. Notably, the legislation does not currently contemplate any changes to existing Section 340, Article 9 of the Law, which generally requires licensure to originate commercial-purpose loans in New York of $50,000 or less with a rate above 16 percent.
On December 23, the New York governor signed S5470, which establishes consumer-style disclosure requirements for certain commercial transactions. For open and closed-end commercial financing transactions, the legislation requires that the disclosures include, among other things, (i) the amount financed or the maximum credit line; (ii) the total cost of the financing; (iii) the annual percentage rate; (iv) payment amounts; (v) a description of all other potential fees and charges; and (vi) prepayment charges. Violations are subject to a civil penalty no greater than $2,000 per violation. Notably, the legislation exempts (i) financial institutions (defined as a chartered or licensed bank, trust company, industrial loan company, savings and loan association, or federal credit union, authorized to do business in New York); (ii) lenders regulated under the federal Farm Credit Act; (iii) commercial financing transactions secured by real property; (iv) technology service providers; (v) lenders who make no more than five applicable transactions in New York in a 12-month period; and (vi) any individual commercial financing transaction over $500,000. The legislation is effective 180 days after enactment.
As previously covered by InfoBytes, California is currently finalizing proposed regulations implementing the requirements of the commercial financing disclosures required by SB 1235 (Chapter 1011, Statutes of 2018), which was enacted in September 2018. The California Department of Financial Protection and Innovation previously signaled its intent to finalize the regulations by January 2021.
On January 5, the New York attorney general, along with the attorneys general from six other states and the District of Columbia filed a complaint against the OCC in the U.S. District Court for the Southern District of New York challenging the OCC’s “true lender” final rule. As previously covered by InfoBytes, in October 2020, the OCC issued a final rule addressing when a national bank or federal savings association is the “true lender” in the context of a partnership between a bank and a third party to provide certainty about key aspects of the legal framework that applies. The final rule amends 12 CFR Part 7 to state that a bank makes a loan when it, as of the date of origination, (i) is named as the lender in the loan agreement, or (ii) funds the loan. The complaint argues, among other things, that the OCC exceeded its statutory authority, and “acted in a manner contrary to centuries of case law [and] the OCC’s own prior interpretation of the law.” The attorneys general reject the OCC’s contention that the final rule is intended to address “‘ambiguity’ in provisions of three federal banking statutes that generally authorize National Banks to make loans,” and instead argue that the rule seeks to preempt state usury law and “infringe on the States’ historical police powers and facilitate predatory lending.” The complaint seeks a declaratory judgment that the OCC violated the Administrative Procedures Act and requests the court set aside the final rule as unlawful.
On December 18, state attorneys general from Connecticut, Indiana, Kentucky, Michigan, New Jersey, New York and Oregon announced a $2 million settlement with an online retailer concerning allegations that the retailer failed to promptly and adequately respond to a 2019 data breach that compromised more than 22 million consumers’ personal information. According to the Assurance of Voluntary Compliance, the retailer failed to detect a data breach that allowed an unidentified attacker to obtain information including Social Security numbers and tax identification numbers. After learning about the vulnerability from a third-party security researcher, the retailer issued a patch to remediate the vulnerability and required users to reset passwords on their customer accounts. However, the AGs claim that the retailer took nearly six months to conduct a full investigation into whether its user database had been breached, and, after determining that users’ personal information was for sale on the dark web, later began notifying affected users of the breach.
In addition to paying $2 million to the AGs, which is partially suspended due to the retailer’s financial condition, the retailer—who has not admitted to the alleged violations—has agreed to (i) develop and implement a comprehensive information security program; (ii) design an incident response and data breach notification plan to encompass preparation, detection and analysis, containment, eradication, and recovery; (iii) ensure personal information safeguards and controls are in place, such as encryption, segmentation, penetration testing, risk assessment, password management, logging and monitoring, personal information deletion, and account closure notification; and (iv) ensure third-party security assessments occur biennially for the next five years.
On December 22, the Conference of State Bank Supervisors (CSBS) filed a complaint in the U.S. District Court for the District of Columbia opposing the OCC’s impending approval of a national bank charter for a financial services provider (company), arguing that the OCC is exceeding its chartering authority. According to the complaint, the company’s charter is close to being formally approved by the OCC after being “solicited, vetted and in November 2020 accepted as complete” by the agency. The complaint asserts the company will continue its lending and payment activities (which are currently state-regulated) without obtaining deposit insurance from the FDIC. The complaint alleges that the company is applying for the OCC’s nonbank charter, which was invalidated by the U.S. District Court for the Southern District of New York in October 2019 (which concluded that the OCC’s Special Purpose National Bank Charter (SPNB) should be “set aside with respect to all fintech applicants seeking a national bank charter that do not accept deposits,” covered by InfoBytes here). CSBS argues that “by accepting and imminently approving” the company’s application, the “OCC has gone far beyond the limited chartering authority granted to it by Congress under the National Bank Act (the “NBA”) and other federal banking laws,” as the company is not engaged in the “business of banking.” CSBS seeks to, among other things, have the court declare the agency’s nonbank charter program unlawful and prohibit the approval of the company’s charter under the NBA without obtaining FDIC insurance.
On December 29, the U.S. District Court for the Northern District of California granted preliminary approval of a proposed settlement in a class action alleging a children’s clothing company and cloud technology service provider (collectively, “defendants”) violated, among other things, the California Consumer Privacy Act (CCPA) after suffering a data breach and potentially exposing customers’ personal information (PII) used to purchase products from the company’s website. After the company issued a notice of the security incident in January 2020, the plaintiffs filed the class action alleging the company failed to (i) “adequately protect its users’ PII”; (ii) “warn users of its inadequate information security practices”; and (iii) “effectively monitor [the company]’s website and ecommerce platform for security vulnerabilities and incidents.”
After mediation, the plaintiffs filed an unopposed motion for preliminary approval of class action settlement, which provides for a $400,000 settlement fund to cover approximately 200,000 class members who made purchases through the company’s website from September 16, 2019 to November 11, 2019. Class members have the option of claiming a cash payment of up to $500 for a Basic Award or of up to $5,000 for a Reimbursement Award, with amounts increasing or decreasing pro rata based on the number of claimants. Additionally, the company agreed to certain business practice changes, including conducting a risk assessment of its data assets and environment and enabling multi-factor authentication for all cloud services accounts. When granting preliminary approval, the court concluded that the agreement does “not improperly grant preferential treatment to any individual or segment of the Settlement Class and fall[s] within the range of possible approval as fair, reasonable, and adequate.”
- Steven R. vonBerg to discuss "Non-QM market overview & the impact of QM 2.0" at the IMN Non-QM Virtual Conference
- Buckley Webcast: Looking ahead — Tighter scrutiny of deposit and payment practices
- Jeffrey P. Naimon to discuss "What have you bought non-QM post-Covid?" at the IMN Non-QM Virtual Conference
- Garylene D. Javier to moderate "Innovation in an evolving privacy landscape" at the American Bar Association Business Law Section Consumer Financial Services Committee Winter Meeting