InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Massachusetts AG reaches $6.5M settlement over deceptive auto-renewal and collection practices
The Massachusetts attorney general recently reached a $6.5 million settlement with a home security services company, its sister companies, and its CEO to resolve allegations that the defendants violated Massachusetts consumer protection laws by trapping customers in auto renewal contracts and engaging in illegal debt collection practices. The final judgment by consent, filed in Suffolk County Superior Court, resolves a 2019 lawsuit alleging the defendants engaged in unfair and deceptive tactics to prevent customers from canceling their contracts, charged for services during system outages or for services that were never provided, steered customers into contract renewal instead of cancellation, and engaged in aggressive and illegal debt collection practices. Under the terms of the settlement, the defendants are required to pay $1.8 million and waive and forgive $4.7 million of outstanding customer debt. Although they denied the allegations, the defendants have agreed to implement changes to their business practices, including taking measures to come into compliance with the attorney general’s debt collection regulations, offering credits to customers who purchased non-functional systems that cannot be repaired, implementing new complaint procedures, and permitting existing customers to cancel their contracts by telephone, email, and web portal. Additionally, the defendants will make several revisions to the terms of their contracts relating to auto-renewal practices, monitoring charges, cancellation policies and procedures, late fees and other costs.
Massachusetts reaches settlement in unfair debt collection and mortgage servicing matter
On December 22, the Massachusetts attorney general announced a settlement with a South Carolina mortgage servicer to resolve claims that it allegedly failed to assist homeowners avoid foreclosure and engaged in unfair debt collection and mortgage servicing practices. According to an assurance of discontinuance filed in Suffolk Superior Court, the servicer allegedly violated the Massachusetts’ Act to Prevent Unlawful and Unnecessary Foreclosures, which requires servicers to make a good faith effort to help borrowers with certain unfair loan terms avoid foreclosure. Among other things, the servicer allegedly failed to (i) properly review borrowers’ income, debts, and obligations when assessing affordable loan modifications; (ii) provide borrowers with the results of these assessments; or (iii) provide borrowers with notice of their right to present a counteroffer after being offered a loan modification. The servicer also allegedly violated the state’s debt collection regulations by failing to timely issue compliant debt validation notices, and calling borrowers more than twice in a seven-day period. While denying the allegations, the servicer agreed to pay $975,000 to the state and will undertake significant business practice changes and provide ongoing reporting to the AG to ensure compliance.
Debt collection company issued a CDO for operating without a license
On November 3, the Massachusetts Division of Banks issued a cease directive to a formerly-licensed debt collector company for allegedly operating for more than six years without a license. According to the order, the debt collecting company was a foreign company conducting business in Massachusetts with a main address in Florida. According to records maintained on file with the Division and the NMLS, the Commissioner initially issued a debt collector license to the company to engage in the business of debt collection in Massachusetts on or about January 14, 2010. In December 2012, the debt collector license expired due to the company's failure to respond to license items placed on the NMLS account of the company. In May 2013, the debt collector license was placed into a status of “Terminated – Expired.” During an examination of a separate debt collector licensee, the Division became aware that the company continued to engage in now unlicensed debt collection activity in Massachusetts on behalf of the licensee being examined. As a result, the Division directed the company to immediately cease collecting debts on any accounts in Massachusetts until it obtained the proper license to do so. The company was also been directed to provide a complete record of all funds collected from Massachusetts consumers from January 2019 through November 3, 2022, as well as a detailed record of the Massachusetts accounts it is holding for collection. The company can request a hearing to contest the Division’s allegations and has 30 days from November 3 to request such hearing. If it does not do so or fails to appear at a scheduled hearing, it will have been deemed to have consented to the issuance of the cease directive.
Massachusetts settles with debt payment processor
On November 7, the Massachusetts attorney general announced a settlement with a payment processing company to resolve claims that it provided substantial assistance to a debt settlement provider engaged in unlawful business practices that charged consumers premature and inflated fees in violation of state and federal law. According to an assurance of discontinuance filed in Suffolk Superior Court, the company processed settlement and fee payments for consumers enrolled in various debt settlement programs, including those offered by a debt settlement provider that was previously fined $1 million by the AG’s office for allegedly harming financially-distressed consumers. (Covered by InfoBytes here.) The newest settlement resolves claims that the company transferred unlawful fee payments to the debt settlement provider despite having knowledge of the alleged misconduct and even after the provider was sued by the AG’s office. Without admitting any facts, liability, or wrongdoing, the company has agreed to pay $600,000 to the Commonwealth, and will, according to the announcement, “make meaningful business practice changes that would prevent it from transferring untimely fees from any Massachusetts consumer account to any debt settlement company.”
Massachusetts reaches settlement with mortgage servicer over foreclosure practices
On August 17, the Massachusetts attorney general announced that a national mortgage servicer must pay $3.2 million to resolve allegations that its mortgage servicing, debt collection, and foreclosure practices were unfair and deceptive. According to the assurance of discontinuance, the servicer allegedly violated Massachusetts’ Act Preventing Unlawful and Unnecessary Foreclosures by not providing notice and opportunity for borrowers to apply and be reviewed for loan modifications. Among other things, the servicer also allegedly placed debt collection calls exceeding the number of calls permitted by state law, did not inform borrowers of their right to request verification of the amount of their debt, unfairly charged foreclosure-related fees prior to obtaining authority to foreclose, and failed to send required debt validation notices. While the servicer denied the allegations, it agreed to pay borrowers $2.7 million in the form of principal forgiveness on eligible loans as well as a $500,000 fine. The servicer also agreed to “make significant changes” to its business practices.
Massachusetts AG orders company to pay $230,000 for data breach
On July 21, the Massachusetts AG announced that a Rhode Island-based job placement service company must pay a $230,000 settlement to resolve allegations that it failed to implement the proper security programs, which led to a data breach. According to the assurance of discontinuance (AOD), the company was breached in December 2020 after an employee was a victim to a phishing email, resulting in a compromise of credentials that allowed hackers to access personal data of users. The AG alleged that the company violated Massachusetts data privacy laws by failing to have a written information security program (WISP) in place during or prior to the data breach. Under the terms of the settlement, the company is required to pay $230,000 in penalties, come into compliance with state laws, continue to implement and maintain a WISP, and continue to train its employees on the importance of personal information security.
District Court says Massachusetts law will apply in choice-of-law privacy dispute
On June 28, the U.S. District Court for the District of South Carolina ruled that it will apply Massachusetts law to negligence claims in a putative class action concerning a cloud-based services provider’s allegedly lax data-security practices. The plaintiffs claimed that the defendant’s “security program was inadequate and that the security risks associated with the Personal Information went unmitigated, allowing [] cybercriminals to gain access.” During discovery, the defendant (headquartered in South Carolina) stated that its U.S. data centers are located in Massachusetts, Texas, California, and New Jersey, and that the particular servers that housed the plaintiffs’ data (and were the initial entry point for the ransomware attack) are physically located in Massachusetts. While both parties stipulated to the application of South Carolina choice-of-law principles generally, the plaintiffs specifically requested that South Carolina law be applied to their common law claims of negligence, negligence per se, and invasion of privacy since it was the state where defendant executives made the cybersecurity-related decisions that allegedly allowed the data breach to occur. However, the defendant countered that the law of each state where a plaintiff resides should apply to that specific plaintiff’s common law tort claims because the “damages were felt in their respective home states.” Both parties presented an alternative argument that if the court found the primary choice-of-law theory to be unfounded, then Massachusetts law would be appropriate as “Massachusetts was the state where the last act necessary took place because that is where the data servers were housed.”
In determining which state’s common-law principles apply, the court stated that even if some of the cybersecurity decisions were made in South Carolina, the personal information was stored on servers in Massachusetts. Moreover, the “alleged decisions made in South Carolina may have contributed to the breach, but they were not the last act necessary to establish the cause of action,” the court wrote, noting that in order for the defendant to be potentially liable, the data servers would need to be breached. The court further concluded that “South Carolina’s choice of law rules dictate that where an injury occurs, not where the result of the injury is felt or discovered is the proper standard to determine the last act necessary to complete the tort.” As such, the court stated that Massachusetts law will apply as that is where the data breach occurred.
Massachusetts amends mortgage lender/broker licensing provisions
Recently, the Massachusetts Office of Consumer Affairs and Business Regulation, Division of Banks announced final amendments effective May 27 to certain provisions of Regulation 209 CMR 42.00, which establishes procedures and requirements for the licensing and supervision of mortgage lenders under M.G.L. c. 255E. (See also redlined version of the final amendments here.) Specifically, the amendments:
- Add and amend certain definitions. The amendments add new terms such as “Bona Fide Nonprofit Affordable Homeownership Organization” and “Instrumentality Created by the United States or Any State,” and amend “Mortgage Broker” to also include a “person who collects and transmits information regarding a prospective mortgage loan borrower to a third party” that conducts any one or more of the following activities: (i) collects a prospective borrower’s Social Security number; (ii) views a prospective borrower’s credit report; (iii) obtains a prospective borrower’s authorization to access or view the borrower’s credit report or credit score; (iv) accepts an application; or (v) issues a prequalification letter.
- Add licensing exemptions. The amendments provide a list of persons that are not required to be licensed in the state as a mortgage broker or mortgage lender. These include: (i) lenders making less than five mortgage loans and persons acting as mortgage brokers fewer than five times within a 12 consecutive-month period; (ii) banks, national banking associations, federally chartered credit unions, federal savings banks, or any subsidiary or affiliate of the above; (iii) banks, trust companies, savings banks, and credit unions “organized under the laws of any other state; provided, however, that such provisions shall apply to any subsidiary or affiliate, as described in 209 CMR 42.0”; (iv) nonprofit, public, or independent post-secondary institutions; (v) charitable organizations; (vi) certain real estate brokers or salesmen; and (vii) persons whose activities are “exclusively limited to collecting and transmitting” certain quantities of specified information regarding a prospective borrower to a third party.
The amendments also specifically provide that “a person who collects and transmits any information regarding a prospective mortgage loan borrower to a third party and who receives compensation or gain, or expects to receive compensation or gain, that is contingent upon whether the prospective mortgage loan borrower in fact obtains a mortgage loan from the third party or any subsequent transferee of such information, is required to be licensed as a mortgage broker.”
Massachusetts settles with financial company
On April 13, the Massachusetts attorney general announced a settlement with a California-based finance company (defendant) resolving allegations that it violated Massachusetts law by purchasing and collecting on dog leases – which are illegal in Massachusetts. The settlement also alleges that the company engaged in illegal debt collection practices such as calling debtors too frequently while attempting to collect on the leases. Under the terms of the settlement, the defendant must pay over $930,000, which includes $175,000 in restitution to approximately 200 consumers, and a $50,000 fine. The defendant is prohibited from collecting on any active leases involving dogs in Massachusetts and must transfer full ownerships of the dogs to the consumers. The defendant must also cancel any outstanding amount owed on the leases, totaling approximately $700,000.
The Massachusetts AG has been investigating financial companies who originate or purchase dog leases – calling the practice “exploitive” because it uses “dogs as emotional leverage” over debtors – and encouraged consumers who are victims of dog leases to call the AG’s office or to file a complaint online.
Massachusetts settles with auto lender
On February 18, the Massachusetts attorney general announced that a national auto lender entered into a settlement with the Commonwealth resolving allegations that the lender did not provide sufficient disclosures to consumers related to its debt collection practices, with over 1,000 borrowers expected to be eligible for relief. According to the Assurance of Discontinuance (AOD), the lender allegedly failed to provide certain consumers with sufficient information about the calculation methods for any deficiencies remaining on their auto loans after their cars were repossessed. The AOD requires the auto lender to pay $5.6 million in restitution to eligible borrowers, and cover administration and investigation costs associated with the matter. According to Massachusetts Attorney General Laura Healey, the “settlement, which combines cash payments with debt relief and credit repair, will help many subprime borrowers in need.”