InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Pennsylvania amends privacy bill
On November 3, the Pennsylvania governor signed SB 696 to amend the Breach of Personal Information Notification Act. The bill, among other things, prohibits employees of the Commonwealth from using non-secured Internet connections. The bill also includes data storage policy provisions, which establish that an entity that maintains, stores, or manages computerized data on behalf of Pennsylvania that constitutes personal information must develop a policy to govern reasonably proper storage of the personal information. The bill further notes that a goal of the policy must be to reduce the risk of future breaches of the security of the system. The bill is effective 180 days after approval by the governor.
Pennsylvania sues lead generator for facilitating telemarketers’ robocalls
On November 3, the Pennsylvania attorney general announced a lawsuit against a New York-based lead generation company that connects advertisers to potential new customers through the consumers’ personal data for allegedly causing hundreds of thousands of robocalls to be placed to consumers in the Commonwealth. The defendant, along with several of its subsidiaries, allegedly collected personal information, including phone numbers and personal information of consumers on Pennsylvania’s Do Not Call List, that was then sold to telemarketing companies. According to the complaint, the defendants allegedly engaged in deceptive and misleading business practices in connection with their lead-generation practices, by obtaining consumers’ information through various promotional opportunities without clearly disclosing that by providing their contact information, consumers were consenting to receiving telemarketing calls from hundreds of potential sellers. The complaint alleges that from 2018 to 2021, over 4.2 million Pennsylvania consumers registered their information on one of the defendants’ websites. “Under the [Telemarketing Sales Rule (TSR)], a consumer’s express agreement to accept calls delivering a prerecorded message may not be obtained by a lead generator, who is not a seller or a telemarketer. The express agreement must be obtained directly by the seller or telemarketer from the consumer,” the complaint said. Moreover, even if the defendants were not directly making the telemarketing calls themselves, assisting and facilitating the calls is itself a violation of the rules, the complaint noted.
The defendants are charged with violating several federal and state telemarketing laws, including the TSR, and Pennsylvania’s Telemarketer Registration Act (TRA) and Pennsylvania’s Unfair Trade Practices and Consumer Protection Law. The AG’s office seeks a declaration permanently enjoining the defendants from violating the telemarketing and consumer protection laws, along with civil penalties of $1,000 per violation and $3,000 per violation involving a victim age 60 or older. The suit also seeks disgorgement, costs, and a permanent bar on selling consumer data collected in violation of the TSR and TRA.
District Court grants FDCPA defendant’s motion for summary judgment
On October 18, the U.S. District Court for the Eastern District of Pennsylvania granted a second summary judgment motion by a debt collection agency (defendant) in an FDCPA suit, after the plaintiff filed a motion for reconsideration, ruling that a collection letter sent to the plaintiff was not false, deceptive, misleading, unfair or unconscionable. According to the order, the plaintiff received two bills after being treated at a hospital for an automobile accident: one in the amount of $675, which was adjusted from $900 because the plaintiff lacked insurance, and a second bill from a doctor’s network for $468. The hospital placed the unpaid account with the defendant who in turn sent a collection letter to the plaintiff, which was the only contact between the plaintiff and the defendant. The plaintiff filed suit, alleging that under Pennsylvania’s Motor Vehicle Financial Responsibility Law the defendant was permitted to attempt to collect only $141.15, and that its failure to do so violated the FDCPA. This value was based on the Current Procedural Terminology (CPT) code associated with the doctor’s network bill, but the hospital’s bill did not contain a CPT code. The district court found that the plaintiff did not demonstrate any material issue of disputed fact that the services provided by the hospital were or should have been billed under the same CPT code as the doctor’s network bill, nor did the plaintiff provide sufficient evidence to prove that the amount billed by the hospital violated state law, and therefore, granted the defendant’s motion for summary judgment.
Pennsylvania announces two settlements involving auto title loans
On October 14, the Pennsylvania AG announced a settlement with the owners of an auto title loan business. According to the settlement, the company made unlawful loans to Pennsylvania borrowers carrying annual interest rates over 200 percent. Under the terms of the settlement, the owners must refund over $1.5 million in unlawful interest charges to consumers. The refunds are in addition to the $3.2 million in debt cancellation victims received under an October 2021 order. The owners are also prohibited from, among other things, knowingly participating in, owning, or working for any company that extends credit to Pennsylvania residents, for seven years after they make their last payment under the settlement.
The Pennsylvania AG also announced a settlement with a Florida-based auto title lender for alleged violations of Pennsylvania usury laws and unfair and deceptive business practices. Under the terms of the settlement, the company, among other things, must cancel all outstanding loans made to Pennsylvania consumers, and refund Pennsylvania consumers all fees and interest they paid, which will result in nearly 200 consumers receiving refunds in the amount of $99,541.
3rd Circuit: Debt buyer not required to be licensed under Pennsylvania law
On September 19, the U.S. Court of Appeals for the Third Circuit affirmed a district court’s ruling in an FDCPA suit, finding that a defendant debt buyer was not required to be licensed under Pennsylvania law when it attempted to collect interest that had accrued at a rate of more than 6 percent under the original credit card agreement. According to the opinion, the plaintiff opened a credit card with a bank, which had an interest rate of 22.9 percent. The plaintiff defaulted on a debt he accrued on the card, and the debt was subsequently charged-off and sold by the bank to the defendant. The plaintiff argued that the defendant violated the FDCPA since the interest rate was limited by the Pennsylvania Consumer Discount Company Act (CDCA), which states that an unlicensed firm “in the business of negotiating or making loans or advances of money on credit [less than $25,000]” may not collect interest at an annual interest rate over 6 percent. The district court granted the defendant’s motion to dismiss, ruling that the defendant was entitled to collect interest above 6 percent because it held a license under a different state law.
On the appeal, the 3rd Circuit found that the CDCA applies to companies that arrange for or negotiate loans with certain parameters, and that there is nothing in the plaintiff’s amended complaint to suggest that the defendant is in the business of negotiating loans. The appellate court noted that the plaintiff’s allegations “indicate that [the defendant] purchases debt, such as [plaintiff’s] credit card account that [the bank had] charged off. But even with that allegation as a starting point, it is not reasonable to infer that an entity that purchases charged-off debt would also be in the business of negotiating or bargaining for the initial terms of loans or advances.” The appellate court further noted that “the amended complaint cuts against such an inference: it alleges that [the bank], not [the defendant], set the annual interest rate for [plaintiff’s] use of the credit card for loans and advances at 22.90%. Thus, with the understanding that negotiate means ‘to bargain’ and not ‘to transfer,’ [the plaintiff’s] allegations do not support an inference that [defendant] is in the business of negotiating loans or advances.”
District Court denies request to reverse summary judgment in FDIA suit
On August 29, the U.S. District Court for the Eastern District of Pennsylvania denied a consumer plaintiff’s request to reconsider its summary judgment order against him in a Federal Deposit Insurance Act (FDIA) suit. According to the opinion, the plaintiff accrued debt to a federally-insured, state-chartered bank, which had then assigned that debt to defendants, who were not state-chartered, federally-insured banks. The plaintiff’s debt included interest charges that had accrued at an annual rate between 24.99 percent and 25.99 percent, which the plaintiff argued could not be collected by defendants because the interest exceeded the six percent allowed under Pennsylvania's usury law. The court ruled in favor of the defendants, relying on a recently promulgated FDIC rule that determined that state usury laws are preempted by section 27 of the FDIA in cases where state usury law interferes with state-chartered, federally-insured banks' ability to make loans or when they interfere with a state-chartered, federally-insured bank’s assignee’s efforts to collect on those loans. The plaintiff requested the reconsideration of the district court's summary judgment decision and filed a notice of appeal to the U.S. Court of Appeals for the Third Circuit. In his motion for reconsideration, the plaintiff argued that the court’s previous summary judgment decision was “erroneous” because: (i) the 3rd Circuit held in In re: Community Bank of Northern Virginia that “the FDIA unambiguously excludes non-bank purchasers of debt from its coverage and that deference to the FDIC’s contrary interpretation would, therefore, be inappropriate”; (ii) the FDIC’s rule cannot apply to his debts because such an application would be impermissibly retroactive; and (iii) LIPL fits within the FDIC rule’s exception for “licensing or regulatory requirements.”
The court denied the plaintiff’s motion for reconsideration, holding that the plaintiff “failed to identify an appropriate basis for reconsideration,” as the consumer’s arguments are “either a new argument that could have been presented before judgment was entered or a reprisal of an argument that the Court addressed in its original decision.” The court further noted that it would be “inappropriate for the Court to grant a motion to reconsider under either of those circumstances.” The court went on to determine that the new arguments advanced by the plaintiff were unpersuasive in any event, finding that the 3rd Circuit had not held section 27 of the FDIA to be unambiguous in its meaning and that application of the FDIC’s rule did not create an impermissible retroactive effect.
State AGs announce settlement to resolve alleged data security breach
On July 26, a coalition of state attorneys general, co-led by the New Jersey AG and Pennsylvania AG, announced a settlement with a Pennsylvania-based convenience store chain related to an alleged data breach that compromised payment cards of consumers. According to the Assurance of Voluntary Compliance, the company experienced a breach of security between April 2019 and December 2019 that exposed consumer payment card data, including customers’ card numbers, expiration dates and cardholder names in New Jersey, Pennsylvania, Florida, Delaware, Maryland, and Virginia, as well as Washington, D.C. The AGs alleged that the company “failed to employ reasonable data security measures,” in violation of the states’ Consumer Protection Acts and Personal Information Protection Acts. Under the terms of the settlement, the company—without admitting to the allegations—has agreed to pay an $8 million fine, of which New Jersey is to receive approximately $2.5 million. The settlement also requires the company to strengthen its network protections and take measures to better protect consumer payment data.
3rd Circuit: Applying Pennsylvania usury laws to out-of-state lender does not violate “Commerce Clause”
On January 24, the U.S. Court of Appeals for the Third Circuit held that applying Pennsylvania usury laws to an out-of-state lender is not a violation of the “dormant Commerce Clause” of the Constitution. According to the opinion, the lender provides motor vehicle loans with interest rates allegedly “as high as 180%” to consumers, including residents of Pennsylvania. The opinion noted that the “entire loan process—from the application to the disbursement of funds—takes place . . . at one of [the lender’s] brick-and-mortar locations” outside of Pennsylvania, and that under the lender’s motor vehicle loan terms, the borrower receives the applicable loan proceeds “in the form of ‘a check drawn on a bank outside of Pennsylvania.’” Pursuant to its enforcement authority under Pennsylvania’s Consumer Discount Company Act (CDCA) and the Loan Interest and Protection Law (LIPL), the Pennsylvania Department of Banking and Securities (Department) issued a subpoena asking the lender to provide documents related to its interactions with Pennsylvania residents. The lender stopped making loans to Pennsylvania residents after receiving the subpoena, and later filed a lawsuit in the U.S. District Court for the District of Delaware against the Department claiming it “lost revenue as a result” of the Department’s actions. The suit sought “injunctive and declaratory relief for, among other things, violations of the Commerce Clause.” The Department separately filed a petition in state court to enforce the subpoena.
While the lender did not dispute that before 2017, it engaged in loan servicing activities and vehicle repossessions in Pennsylvania, the lender maintained that it “does not have any offices, employees, agents, or brick-and-mortar stores in Pennsylvania and is not licensed as a lender in the Commonwealth.” Additionally, the lender claimed that while “it has never used employees or agents to solicit Pennsylvania business, and [] does not run television ads within Pennsylvania,” advertisements may still reach Pennsylvania residents. The district court eventually determined that because the lender’s “loans are ‘completely made and executed outside Pennsylvania and inside. . .[brick-and-mortar] locations in Delaware, Ohio, or Virginia,’ the Department’s subpoena’s effect is to apply Pennsylvania’s usury laws extraterritorially in violation of the Commerce Clause.”
On appeal, the 3rd Circuit examined the “territorial scope” of the transactions the Department “has attempted to regulate” and considered whether these transactions occur “wholly outside” of Pennsylvania. The appellate court concluded that the lender’s “conduct does not occur wholly outside of Pennsylvania,” and that the transactions are “more than a simple conveyance of money,” but rather "create a creditor-debtor relationship that imposes obligations on both the borrower and lender until the debt is fully paid.” Moreover, even if the appellate court considered the local benefits with respect to interstate commerce, it “would conclude that they weigh in favor of applying Pennsylvania laws to [the lender].” The CDCA and LIPL “protect Pennsylvania consumers from usurious lending rates,” the 3rd Circuit wrote, adding that applying Pennsylvania’s usury laws to the lender’s loans furthers the state’s local interest in prohibiting usurious lending. “Pennsylvania may therefore investigate and apply its usury laws to [the lender] without violating the Commerce Clause,” the appellate court explained. “[A]ny burden on interstate commerce from doing so is, at most, incidental.”
Pennsylvania adopts mortgage servicing regulations
On September 25, the Pennsylvania Department of Banking and Securities adopted provisions regarding mortgage servicing regulations. Among other things, the regulations clarify the definition of a “COVID-19 related hardship,” establish general disclosure requirements, and provide early intervention and loss mitigation procedures and options. Specifically, the regulations establish that until October 22, 2022, a servicer must, after establishing live contact for borrowers not in forbearance programs, inform them that forbearance programs are available for those experiencing a “COVID-19-related hardship” and must list and describe these forbearance programs and the actions the borrower must take to be evaluated for the programs, among other things. Additionally, for borrowers in forbearance programs at the time of live contact, servicers, until October 22, 2022, must provide the end date of the borrower’s current forbearance program, a list and description of the types of forbearance extensions, and a way that the borrower can find contact information for homeownership counseling services, among other things. The regulations also establish loss mitigation procedures in that a servicer may offer a borrower a loss mitigation option based upon evaluation of an incomplete application, provided that certain criteria are met. In addition, the regulations create certain Covid-19-related loan modification options, such as a loan modification can be made available to borrowers experiencing a Covid-19-related hardship. The regulations are effective immediately.
FDIC announces Pennsylvania disaster relief
On September 16, the FDIC issued FIL-67-2021 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Pennsylvania affected by Hurricane Ida. The FDIC acknowledged the unusual circumstances faced by institutions in affected areas, and suggested institutions take certain steps to meet the needs of their communities and keep the FDIC informed of business impacts. These steps include (i) working with borrowers to adjust or alter loan terms in a safe and sound manner; (ii) identifying potential community development activities to revitalize or stabilize the disaster area (which the FDIC noted may receive favorable CRA consideration); (iii) monitoring potentially impacted municipal securities and loans; (iv) notifying the FDIC of delays in meeting filing and publishing requirements, or in the event temporary banking facilities are needed; and (v) processing consumer requests under Regulation Z for a waiver or modification of the three-day rescission period for dwelling-secured loans in the event of a “bona fide personal financial emergency.”