InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court denied motion to dismiss CFPA and FDCPA claims against debt buyers
On August 22, the U.S. District Court for the Western District of New York refused to dismiss CFPA and FDCPA claims brought by the CFPB that alleged violations related to misrepresentations made to debtors by debt collectors. The CFPB’s complaint alleged that defendants purchased defaulted consumer debt and then placed it for collection with, or sold it to, a network of debt collectors who consistently violated consumer protection laws by making false statements to debtors. These false statements included informing consumers that (i) they would be sued for failing to pay the debts; (ii) that their credit score would be impacted by paying or not paying the debt; and (iii) that they could face criminal charges for failing to pay the debt. The complaint additionally alleged that defendants were aware of the allegedly unlawful acts by the debt collectors they used through monitoring of the debt collectors and consumer complaints made to defendants.
The CFPB’s complaint alleged violations against a variety of corporate entities responsible for the alleged debt collection practices, as well as individual executives at those entities. Defendants moved to dismiss the complaint on several grounds. The defendants argued that they are not “covered persons” under the CFPA, because they do not actually collect debts themselves. The district court held that the defendants were “covered persons” under the CFPA since they were engaged in the collection of consumer debt, writing that it would “strain ordinary understanding to say that a company is not engaged in collecting debt when it purchases defaulted debt, places that debt with other companies for collection, and then receives some of the money recovered by those debt collectors.” Similarly, the defendants argued that they are not “debt collectors” under the FDCPA. The court also rejected this argument, reasoning that defendants’ principal purpose was debt collection making them a “debt collector” for FDCPA purposes, because they purchased portfolios of debts and derived most of their revenue from collecting those debts.
The district court also rejected defendants’ arguments that they could not be held vicariously liable for the conduct of the third-party debt collectors under the CFPA or FDCPA, reasoning that parties can be found vicariously liable for the acts of their agents under both statutes. The court held that because the CFPB’s complaint alleged that the defendants exercised authority over the debt collectors, vicarious liability for the violations by the debt collectors was appropriate.
The district court further held that the complaint adequately alleged violations of the CFPA by the individual defendants. The court held that the individual defendants enabled violations of the CFPA, relying on the fact that the individual defendants had both knowledge of the violations and the ability to control the violations, by either providing instructions to the debt collectors or by refusing to place debts with those collectors. Further, the court held that the individual defendants could be liable for “substantially assisting” violations of the CFPA, because the complaint alleged that the individual defendants recklessly disregarded unlawful behavior by the debt collectors and continued to place or sell debts to those collectors.
Finally, defendants also argued that both the CFPA and the FDCPA claims are time barred by the statute of limitations. The court rejected the defendants’ argument that the CFPB’s FDCPA claims were barred by the FDCPA’s one-year statute of limitations, holding that this provision applies only to private plaintiffs. The court held that FDCPA claims brought by the CFPB are subject to the CPFA’s statute of limitations, which bars claims brought more than three years after the CFPB’s discovery of the violations. The court further rejected the defendants’ argument that the claims were barred by this three-year statute of limitations, holding that it is unclear from the complaint when the CFPB became aware of facts constituting the violation and that the receipt of a consumer complaint by the CFPB will not necessarily constitute the date that the CFPB discovered or should have discovered the facts constituting the violation.
2nd Circuit affirms leveraged loans are not securities
On August 24, the U.S. Court of Appeals for the Second Circuit affirmed a district court’s order dismissing plaintiff’s claim that a national bank’s nearly $1.8 billion syndicated loan for a drug testing company were securities. The drug testing company filed for bankruptcy subsequent to a $256 million global settlement with the DOJ in qui tam litigation involving the company’s billing practices.
Plaintiff, a trustee of the drug testing company, brought claims to the New York Supreme Court in 2017 against defendant for violations of (i) state securities laws; (ii) negligent misrepresentation; (iii) breach of fiduciary duty; (iv) breach of contract; and (v) breach of the implied contractual duty of good faith and fair dealing. Defendant filed a notice of removal to the U.S. District Court for the Southern District of New York, where the district court denied plaintiff’s motion to remand after concluding it had jurisdiction under the Edge Act, and later granted defendant’s motion to dismiss because plaintiff failed to plead facts plausibly suggesting the notes are securities.
The 2nd Circuit held that the district court had subject matter jurisdiction pursuant to the Edge Act. The court then applied a “family resemblance” test to determine whether a note is a security and examined four separate factors to help uncover the context of a note. In comparing the loan note to “judicially crafted” list of instruments that are not securities, the court found that the defendant’s note “‘bears a strong resemblance’” to one, therefore concluding that the note is not a security and affirming the district court’s earlier decision.
Governor Hochul unveils statewide cybersecurity strategy for New York
On August 9, Governor Hochul announced New York’s first-ever statewide cybersecurity strategy to protect the state’s digital infrastructure from cyber threats. The cybersecurity strategy articulates a set of high-level objectives and agency roles and responsibilities, as well as outlines how existing and planned initiatives will be weaved together in a unified approach. The central principles of the strategy are unification, resilience, and preparedness, with a focus on state agencies working together with local governments to strengthen the entire state’s defenses. Included in the plan was a $600 million commitment to improve cybersecurity, including (i) a $90 million investment for cybersecurity in Fiscal Year 2024; (ii) $500 million to enhance healthcare information technology; and (iii) $7.4 million for law enforcement entities to expand their cybercrime capabilities.
Judge stays CFPB, NY AG lawsuit against auto lender
On August 7, the U.S. District Court for the Southern District of New York granted a defendant’s motion to stay a lawsuit against an alleged predatory auto lender until the Supreme Court determines the constitutionality of the CFPB’s funding in a separate lawsuit (CFSA Case; covered by InfoBytes here).
The CFPB and the New York Attorney General (AG) brought the complaint in January, accusing the lender of UDAAP and TILA violations that involved tricking consumers into loans financing used cars with high interest rates (typically above 22 percent) and add-on products they could not afford. The CFPB and AG alleged the dealers affiliated with the company (i) engaged in deceptive conduct; (ii) used high pressures sales tactics; (iii) pressured consumers into unaffordable auto loans; (iv) pressured family and friends to cosign the loans; (v) withheld prices of vehicles; and (vi) misrepresented key financial terms of the purchase, violating the CFPB, the Martin Act, and fraud and UDAP statutes, among other allegations.
In its decision, the district court reasoned that the stay awaiting the Supreme Court’s decision would (i) allow for clarity and guidance on the legal issues at hand and it may help the defendant avoid unnecessary litigation costs; and (ii) promote judicial efficiency and minimize the possibility of conflicts with other courts. Furthermore, the court determined that although it would be in the public interest to enforce consumer protection laws, the potential harm to the public caused by the stay is outweighed by the benefit to consumers “in proceeding in a streamlined fashion.” The order requires the parties to file a joint letter updating the court by the earlier of November 3 or one week after a major development in the CFSA case.
Supreme Court of New York: FDCPA does not require collectors to explain how debt is acquired
On July 19, the Supreme Court of the State of New York filed an order granting defendants’ motion for summary judgment, ruling that the FDCPA does not require debt collectors to provide debtors with proof of how they came to acquire the debt from the original creditor. One of the defendants purchased plaintiff’s defaulted credit card debt, which was placed with the second defendant for collection. The second defendant sent plaintiff a collection letter that identified the original creditor, along with the last four digits of the account number and identified the current creditor by name. Plaintiff sued, alleging violations of several sections of the FDCPA, claiming the letter was “false, deceptive, and misleading” because he never entered into a transaction with the current creditor and that the defendants reported the alleged debt to the credit reporting agencies. Plaintiff also maintained that prior to filing the lawsuit, he sought to validate the alleged debt but that neither defendant provided information sufficient to establish the current creditor’s ownership of the debt. Defendants filed for summary judgment seeking dismissal of plaintiff’s claims. In granting the motion, the court held that nothing in the FDCPA requires debt collectors “to educate the debtor ‘with proof, or at least a narrative, as to how it came to acquire the debt from [the] original creditor,’” and that the statute does not require plaintiffs to be notified when their debt is sold.
Court orders credit union to pay $5 million to settle overdraft allegations
On June 27, the U.S. District Court for the Northern District of New York granted final approval of a class action settlement, resulting in a defendant credit union paying approximately $5.2 million to settle allegations concerning illegal overdraft/non-sufficient funds (NSF) fees and inadequate disclosure practices. As described in plaintiffs’ unopposed motion for preliminary approval, the defendant was sued in 2020 for violating the EFTA (Regulation E) and New York General Business Law (NY GBL) § 349. According to plaintiffs, defendant charged overdraft fees and NSF fees that were not permitted under its contracts with its members or Regulation E. Plaintiffs’ Regulation E and NY GBL liability theories are premised on the argument that defendant’s “opt-in form did not inform members that these fees were charged under the ‘available balance’ metric, rather than the ‘actual’ or ‘ledger’ balance metric”—a violation of Regulation E and NY GBL § 349. The plaintiffs’ liability theory was that defendant’s “contracts did not authorize charging overdraft fees when the ledger or actual balance was positive.”
Under the terms of the settlement, defendant is required to pay $2 million, for which 25 percent of the settlement fund will be allocated to class members’ Regulation E overdraft fees, 62.5 percent will go to class members’ GBL overdraft fees, and 12.5 percent will be allocated to class members’ breach of contract overdraft fees. Defendant is also required to pay $948,812 in attorney’s fees, plus costs, and $10,000 service awards to the two named plaintiffs. Additionally, the defendant has agreed to change its disclosures and will “forgive and release any claims it may have to collect any at-issue fees which were assessed by [defendant] but not collected and subsequently charged-off, totaling approximately $2,300,000.”
Unregistered crypto platform to pay $1.8 million to New York
On June 15, the New York attorney general announced a settlement with a Hong Kong-based cryptocurrency platform to resolve allegations that the company failed to register as a securities and commodities broker-dealer and falsely represented itself as a crypto exchange. The respondent’s platform enables investors to buy and sell cryptocurrency. An investigator was able to create an account on the platform using a New York-based IP address to buy and sell tokens even though the respondent was not registered with the state. (Under New York law, securities and commodities brokers are required to be registered.) The respondent is ordered to refund more than one million dollars to investors and pay more than $600,000 to the state. According to the settlement, investors will receive their refunds in the form of cryptocurrency within 90 days. Additionally, the respondent must cease operating in the U.S., and implement geoblocking to prevent New York IP addresses from accessing its platform. The platform is also banned from offering, selling, or purchasing securities and commodities in New York, and must send weekly emails to its investors in New York, advising them to withdraw their funds from their accounts, or their funds will be transferred to the AG’s office. “Unregistered crypto platforms pose a risk to investors, consumers, and the broader economy,” the AG said, further warning of the serious consequences to other crypto platforms that do not follow New York law. This settlement follows other crypto-related legislation and suits from the New York AG (covered by InfoBytes here).
HUD says company offering homeowner aid violated FHA
On June 13, HUD announced a Charge of Discrimination against several entities and individuals accused of allegedly violating the Fair Housing Act by discriminating against New York City homeowners on the basis of race, color, or national origin. According to HUD, the seven complainants alleged that the respondents targeted them with offers of mortgage and foreclosure prevention assistance. Respondents allegedly filed illegitimate liens and instructed telemarketers to use “affinity marketing” to build relationships with elderly, vulnerable, and distressed homeowners by bringing up shared national origin and cultural practice. Homeowners who accepted respondents’ purported loan modification services were convinced to sign documents that unknowingly sold their homes to two entities named as respondents, HUD said, explaining that respondents would then attempt to force homeowners to vacate their homes. These efforts were disproportionately concentrated in neighborhoods with a high majority of persons of color (specifically persons of Black and Caribbean descent), HUD noted, adding that in order to persuade lenders to approve the short sale, some of the respondents would allegedly create private real estate listings for homeowners’ properties and present them to the bank as public listings, while falsely claiming no offers had been received in order to secure minimal sales prices. Homeowners were also allegedly promised that the short sales were part of the loan modification services and that the property would be transferred back into their names or that of a family member after a certain period, and that they would be able to remain in their homes until the title was returned. In fact, however, respondents intended to flip the properties for profit.
The charge will be heard by a U.S. administrative law judge unless a party elects to have the case heard in federal district court. HUD requested that the respondents be enjoined from continuing to discriminate against any person because of race, color, or national origin, and asked for damages to fully compensate the complainants, as well as the maximum civil penalty for each respondent.
NYDFS calls its virtual currency framework the “gold standard”
On May 25, NYDFS Superintendent Adrienne Harris testified before the New York assembly to address the regulation of virtual currency in the state. Harris highlighted the value and “gold standard” set by NYDFS’s virtual currency regulatory framework. She detailed how novel risks in that landscape were met with subsequential growth of the virtual currency unit since her arrival, including the addition of 50 professionals and a range of seasoned experts to streamline enforcement investigations.
In her testimony, Harris also voiced how the framework responsibly supports innovation for entities engaging primarily in virtual currency activities, leveraging their licensing (BitLicense) and chartering (the limited purpose trust company charter) regimes, whereas other states license virtual currency entities only as money transmitters. Adding on, she specified how NYDFS’s customized approach continues after approval, specifically, “NYDFS creates a detailed supervisory agreement that is tailored to the specific risks presented by the company’s business model. Licensed and chartered entities also are subject to ongoing supervision and are regularly examined for compliance with broadly applicable virtual currency regulations and other rules, as well as with their supervisory agreements.” The development of these tools, among other safeguards, is demonstrative of NYDFS’ focus on addressing the inherently high-risk nature of virtual currency business activity with respect to illicit transactions, she noted.
Harris further clarified that secure, customized regulatory requirements, as outlined in the framework, coupled with transparency, ushers in more business for the state, especially in the case of crypto startups. Further, other regulators, jurisdictions, and economic development agencies are seeking to replicate the framework, Harris commented, as consumer protection is not only achieved as outlined in the law, but by regulators that are able to move at a faster pace than the former.
New York reaches settlement with medical management company over patient data
On May 23, the New York attorney general announced a settlement with a medical management company, for allegedly failing to protect over 428,000 New Yorkers’ personal and health data from a 2020 ransomware cyberattack affecting roughly 1.2 million consumers nationwide. According to the AG’s investigation, the company implemented a new version of its software in January 2019, but allegedly failed to conduct a series of security tests and scans that could have identified any security problems. Further, the private information maintained by the company was not encrypted. Notably, information for 13 consumers was apparently discovered on the dark web days after the hack. The investigation concluded that the company, amongst the 28 areas where they failed to maintain reasonable data security practices to protect patients’ private and health information, allegedly failed to maintain appropriate patch management processes, conduct regular security testing of its systems, and encrypt the personal information on its servers. Under the terms of the assurance of discontinuance, the company, while neither admitting or denying the allegations, agreed to pay $550,000 in penalties, and will improve its data security practices and offer affected customers free credit monitoring services.