InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit denies online retailer’s petition for full panel review of decision on standing in data breach case
On April 20, the U.S. Court of Appeals for the 9th Circuit denied an online retailer’s request to have the full bench reconsider the court’s March 8 ruling, which ruling held that the increased risk of fraud or identity theft from a data breach gave consumers Article III standing to sue. As previously covered by InfoBytes, the underlying action results from a 2012 data breach affecting over 24 million shoppers. Previously, the three-judge panel held that the district court erred in dismissing claims brought by consumers who did not allege financial losses as a result of the data breach because, among other things, the stolen information provided hackers the “means to commit fraud or identity theft.” The online retailer appealed the decision, asking the full panel to review. The panel disagreed, upholding the previous decision that the plaintiffs sufficiently alleged the risk of future harm.
Bank petitions for rehearing of 9th Circuit preemption decision; OCC to file amicus brief in support of bank
On April 13, a national bank filed a petition for an en banc rehearing of the U.S. Court of Appeals for the 9th Circuit’s March decision, which held that a California law that requires the bank to pay interest on escrow funds is not preempted by federal law. As previously covered by InfoBytes, the 9th Circuit held that the Dodd-Frank Act of 2011 (Dodd-Frank) essentially codified the existing National Bank Act (NBA) preemption standard from the 1996 Supreme Court decision in Barnett Bank of Marion County v. Nelson. The panel cited to Section 1639d(g)(3) of Dodd-Frank, which, according to the opinion, expresses Congress’ view that the type of law at issue does not “prevent or significantly interfere with a national bank’s operations” because the law does not “prevent or significantly interfere” with the national bank’s exercise of its power. Additionally, the 9th Circuit concluded that the OCC’s 2004 preemption regulation had no effect on the preemption standard.
In its petition for rehearing, the bank argues that the 9th Circuit’s decision, if allowed to stand, “will create confusion regarding which state laws apply to national banks and restrict the terms on which they may extend credit” because the decision conflicts with previous decisions by the same court, the Supreme Court, and other circuits. The bank also acknowledges the OCC’s intent to file an amicus curiae brief in support of the petition no later than April 23.
9th Circuit amended opinion holds company not vicariously liable under TCPA
On April 4, the U.S. Court of Appeals for the 9th Circuit issued an amended opinion to further affirm a district court’s decision to grant summary judgment in favor of a defendant concerning allegations that it was vicariously liable for telemarketing activity in violation of the Telephone Consumer Protection Act (TCPA). The three-judge panel held that the defendant, who sells vehicle service contracts (VSCs) through automobile dealers and “marketing vendors,” was not vicariously liable under the TCPA for calls made by telemarketers employed by a company that sold VSCs for the defendant and multiple other companies. Last August, the three-judge panel determined that the company’s telemarketers acted as independent contractors, rather than as the defendant’s agents. In amending their opinion, the three-judge panel further determined that the telemarketers lacked actual authority (under express language contained within the parties’ contract) to place the unlawful calls, and that the defendant “exercised insufficient control over the manner and means of the work to establish vicarious liability under the asserted theory.”
9th Circuit affirms dismissal of claims alleging survey provider violated TCPA
On March 29, the U.S. Court of Appeals for the 9th Circuit affirmed a district court’s decision to grant summary judgment in favor of a patient satisfaction survey provider (defendant), concluding that a plaintiff's signed enrollment form with her health insurance provider meant she granted “prior express consent” to receive calls from the defendant. According to the opinion, the plaintiff accused the defendant of allegedly violating the Telephone Consumer Protection Act (TCPA) when it used an automatic telephone dialing system to repeatedly call her to inquire about the quality of her experience with a network physician. She later challenged the dismissal of her suit, arguing that the calls fell outside the scope of consent. However, in agreeing with the district court’s decision, the three-judge panel held that by providing her phone number on an insurance enrollment form that permitted the insurer to share her information for “quality improvement” and other purposes, the plaintiff had provided the level of consent required by the TCPA to receive calls from the defendant. While the court acknowledged that the plaintiff “could not have known the identity of the specific entity that would ultimately call her,” by authorizing the insurance company “to disclose her phone number for certain purposes, she necessarily authorized someone other than [the insurance company] to make calls for those purposes. Specifically, she authorized calls from entities to which [the insurance company] disclosed her information.” According to the panel, the defendant fell within that category.” The panel also rejected the plaintiff’s argument that the calls violated the TCPA because the defendant failed to demonstrate that it called her on the insurance company’s behalf, finding that there is “no statutory or logical basis for imposing such a requirement.”
CFPB appeals $10 million order in payday lender suit
On March 27, the CFPB filed a notice of appeal to the U.S. Court of Appeals for the 9th Circuit in response to a district court’s order that an online loan servicer and its affiliates pay a $10 million penalty for offering high-interest loans in states with usury laws barring the transactions—a penalty which fell far short of the $50 million the CFPB had requested. As previously covered in InfoBytes, the district court found that a lower statutory penalty was more appropriate than the CFPB’s requested amount because the CFPB failed to show the company “knowingly violated the CFPA.” It further rejected the Bureau’s request for restitution and denied a request for a permanent injunction. The notice of appeal seeks review of all parts of the final judgment as well as the parts of the findings of facts and conclusions of law that are adverse to its position.
9th Circuit denies bank’s challenge to FDIC bank secrecy order
On March 12, the U.S. Court of Appeals for the 9th Circuit upheld a 2016 FDIC cease and desist order against a California bank arising out of alleged deficiencies in compliance management relating to the Bank Secrecy Act (BSA) and anti-money laundering laws. According to the opinion, FDIC examinations dating back to 2010 identified areas for BSA compliance improvement. While the bank made adjustments in response to the original findings, a 2012 FDIC examination found the bank’s BSA compliance program still was deficient, including because it did not “establish and maintain procedures designed to ensure adequate internal controls, independent testing, administration, and training”—known as the “four pillars”—and because the bank had not filed a necessary suspicious activity report. The bank argued that the BSA compliance standards were too vague, accused FDIC examiners of bias during the examination in a manner that violated its due process rights, and alleged that the decision was not supported by substantial evidence.
The three-judge panel ruled that (i) there was no bias in the FDIC’s decision to assess a penalty against the bank because there was substantial evidence to support an administrative law judge’s findings that the bank’s failure to maintain adequate controls violated BSA regulations; and (ii) because the BSA and FDIC’s implementing regulations are “economic in nature and threaten no constitutionally protected rights,” vagueness is not an overriding concern. While the “four pillars” of BSA compliance are open to interpretation, the panel noted, the FDIC provides banks with a manual written by the Federal Financial Institutions Examination Council that sets forth a uniform compliance standard. Furthermore, FDIC Financial Institution Letter 17-2010 clarifies that the manual contains the FDIC’s BSA compliance supervisory expectations. “A BSA Officer at the Bank bearing the requisite ‘specialized knowledge’ would understand that compliance with the FFIEC Manual ensures compliance with the BSA. . . . The BSA and its implementing regulations are not unconstitutionally vague,” the panel stated. Therefore, the 9th Circuit held that the manual was entitled to Chevron deference and denied the bank’s petition for review.
9th Circuit reinstates class action data breach lawsuit against online retailer
On March 8, the U.S. Court of Appeals for the 9th Circuit reinstated a putative class action lawsuit against an online retailer, concluding that the increased risk of identity theft resulting from a 2012 data breach affecting over 24 million shoppers gave consumers Article III standing to sue. The three-judge panel held that the district court erred in dismissing claims brought by consumers who did not allege financial losses as a result of the data breach because the stolen information provided hackers the “means to commit fraud or identity theft.” The panel noted that evidence that another group of consumers had suffered financial losses from the same data breach undermined the argument that the data stolen would not lead to fraud or identity theft. In addition, although the defendant asserted that too much time had passed since the data breach for any harm to be considered imminent, the panel found that determining jurisdiction requires an assessment of a plaintiff’s standing at the time the suit was filed, and that the risk of harm was sufficiently imminent at the time of filing. The 9th Circuit remanded the case back to the lower court for review.
The panel also addressed a separate appeal by the class on the district court’s decision not to enforce a purported settlement agreement, affirming the lower court’s decision “because the parties did not have a meeting of the minds on all essential terms of the agreement.”
9th Circuit reverses lower court’s dismissal of TCPA claim
On February 28, the U.S. Court of Appeals for the 9th Circuit reinstated a consumer’s lawsuit against two banks on charges that the nearly 300 calls she received seeking payment of a debt may have violated the Telephone Consumer Protection Act (TCPA). The three-judge panel stated that the district court’s decision to dismiss the case on standing grounds was incorrect in light of a subsequent 9th Circuit ruling in a different case, which held that “a violation of the TCPA is a concrete, de facto injury.” The court further held that the TCPA is not limited to telemarketing calls, and that the unsolicited contact—“regardless of caller or content”—is evidence of “concrete harm” that can be traced back to the conduct at issue. Additionally, the panel also held that the district court erred in granting the banks’ request for summary judgment on the plaintiff’s claim under California’s Rosenthal Fair Debt Collection Practices Act and her claim for “intrusion upon seclusion,” finding that the banks’ actions “allegedly caused harm” to the plaintiff’s solitude. The court reversed and remanded the case for further proceedings.
9th Circuit holds California's interest on escrow requirements is not preempted by federal law
On March 2, the U.S. Court of Appeals for the Ninth Circuit held that a national bank must comply with a California law that requires mortgage lenders to pay interest on the funds held in a consumer’s escrow account because the law does not “prevent or significantly interfere” with the national bank’s exercise of its power. The case results from a 2014 lawsuit in which a consumer sued the national bank for refusing to pay interest on the funds in his mortgage escrow account as required by a California state law. The district court dismissed the action, holding that the California state law interfered with the bank’s ability to perform its business making mortgage loans and therefore, was preempted by the National Bank Act (NBA).
In reversing the district court’s decision, the 9th Circuit held that the Dodd-Frank Act of 2011 (Dodd-Frank) essentially codified the existing NBA preemption standard from the 1996 Supreme Court decision in Barnett Bank of Marion County v. Nelson. The panel cited to Section 1639d(g)(3) of Dodd-Frank (“if prescribed by applicable State or Federal law, each creditor shall pay interest to the consumer on the amount held in any . . . escrow account that is subject to this section in the manner as prescribed by that applicable State or Federal law”), which, according to the opinion, expresses Congress’ view that the type of law at issue does not “prevent or significantly interfere with a national bank’s operations.” Moreover, the panel disagreed with the national bank’s reliance on the OCC’s 2004 preemption regulation, which interpreted the standard more broadly, by concluding that the regulation had no effect on the preemption standard. This decision could have significant implications for the rise of preemption by federally chartered banks.
Supreme Court denies cert petition in Spokeo
On January 22, the U.S. Supreme Court denied a second petition for writ of certiorari in Spokeo v. Robins, thereby declining to reconsider its position on Article III’s standing to sue requirements or to provide further clarification on what constitutes injury in fact. Citing “widespread confusion” over how to determine whether intangible injuries qualify as injury in fact, and therefore meet the standing threshold, Spokeo argued in its petition that review is “warranted to ensure that the jurisdiction asserted by the federal courts remains within constitutional limits.” The second petition was filed by Spokeo last December to request a review of the U.S. Court of Appeals for the Ninth Circuit’s August 2017 decision—on remand from the Supreme Court (see Buckley Sandler Special Alert here)—which ruled that Robins had established standing to sue for alleged violations of the Fair Credit Reporting Act (FCRA) by claiming an intangible statutory injury without any additional harm. The 9th Circuit opined that information contained in a consumer report about age, marital status, educational background, and employment history is important for employment and loan applications, home purchases, and more, and that it “does not take much imagination to understand how inaccurate reports on such a broad range of material facts about Robins’s life could be deemed a real harm.” Further, guaranteeing the accuracy of such information “seems directly and substantially related to FCRA’s goals.” The 9th Circuit reversed and remanded the case to the Central District of California after finding that Robins had adequately alleged the essential elements of standing (see previous InfoBytes coverage here).