Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court partially grants SEC’s motion for summary judgment in confidentiality agreements case


     On October 13, the U.S. District Court for the Southern District of New York partially granted the SEC’s (plaintiff) motion for summary judgment in a case questioning the extent to which confidentiality agreements can prevent communication with the SEC regarding potential violations of securities laws. The court found that the Commission did not exceed its authority on a count of impeding SEC rules that is connected to a broader civil suit accusing an online store and its CEO (collectively, “defendants”) of stealing nearly $6 million from investors. The plaintiff alleged that the defendants impeded “individuals’ communication with the SEC regarding potential securities laws violations by enforcing or threatening to enforce confidentiality agreements that would prevent individuals’ communications thereof,” in violation of Rule 21F-17 of the Exchange Act. According to the order, in its stock purchase agreements, the defendants allegedly required investors to reject communication with “governmental or administrative agencies or enforcement bodies for the purpose of commencing or otherwise prompting investigation or other action.” The defendants allegedly used lawsuits to prevent communications that would violate its confidentiality agreements, and advertised these suits “to chill further communication,” which the court ruled were “undoubtedly ‘action[s] to impede’ communications, especially where the Rule explicitly prohibits ‘enforcing, or threatening to enforce’ such agreements.” The district court also denied the defendants' cross-motion for summary judgment stating that “the Court is still not persuaded that Rule 21F-17 exceeds the SEC’s rulemaking nor that it violates the First Amendment,” and concluded that the defendants’ conduct violated Rule 21F-17.

    Securities SEC Courts Securities Exchange Act

    Share page with AddThis
  • District Court enters settlement with defendant in 2016 CFPB structured settlement action


    On November 18, the U.S. District Court for the District of Maryland entered a stipulated final judgment and order against one of the individual defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, the Bureau claimed the defendants violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court considered the defendants’ motion to dismiss the Bureau’s amended complaint, as well as the defendants’ motion for judgment on the pleadings on the grounds that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert), and that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). The court’s opinion allowed the Bureau to pursue its amended 2016 enforcement action, which alleged unfair, deceptive, and abusive acts and practices and sought a permanent injunction, damages, disgorgement, redress, civil penalties, and costs.

    Under the terms of the settlement, the individual defendant—“an attorney who provided purportedly independent professional advice for almost all Maryland consumers who made structured-settlement transfers with [the defendants]” and who has neither admitted nor denied the allegations—is prohibited from, among other things, (i) participating or assisting others in participating in any structured-settlement transactions; (ii) owning, being employed by, or serving as an agent of any structured-settlement-factoring company; or (iii) providing independent professional advice concerning any structured-settlement transactions. The individual defendant is also prohibited from disclosing, using, or benefiting from affected consumers’ information, and must pay $40,000 in disgorgement and a $10,000 civil money penalty.

    Courts CFPB Enforcement Settlement Structured Settlement CFPA UDAAP Unfair Deceptive Abusive Consumer Finance

    Share page with AddThis
  • 11th Circuit to rehear Hunstein v. Preferred Collection & Management Services


    On November 17, the U.S. Court of Appeals for the Eleventh Circuit vacated an opinion in Hunstein v. Preferred Collection & Management Services, ordering an en banc rehearing of the case. The order vacates an 11th Circuit decision to revive claims that the defendant’s use of a third-party mail vendor to write, print, and send requests for medical debt repayment violated privacy rights established in the FDCPA. As previously covered by InfoBytes, in April, the 11th Circuit held that transmitting a consumer’s private data to a commercial mail vendor to generate debt collection letters violates Section 1692c(b) of the FDCPA because it is considered transmitting a consumer’s private data “in connection with the collection of any debt.” According to the order issued sua sponte by the 11th Circuit, an en banc panel of appellate judges will convene at a later date to rehear the case.

    Courts Debt Collection Third-Party Disclosures Appellate Eleventh Circuit Vendor Hunstein FDCPA Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • 4th Circuit: Tribal lenders must face usury claims


    On November 16, the U.S. Court of Appeals for the Fourth Circuit upheld a district court’s ruling denying defendants’ bid to dismiss or compel arbitration of a class action concerning alleged usury law violations. The plaintiffs—Virginia consumers who defaulted on short-term loans received from online lenders affiliated with a federally-recognized tribe—filed a putative class action against tribal officials as well as two non-members affiliated with the tribal lenders, alleging the lenders violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent. The defendants moved to compel arbitration under a clause in the loan agreements and moved to dismiss on various grounds, including that they were exempt from Virginia usury laws. The district court denied the motions to compel arbitration and to dismiss, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.” However, the district court dismissed the RICO claim against the tribal officials, ruling that RICO only authorizes private plaintiffs to sue for money damages and not injunctive or declaratory relief.

    On appeal, the 4th Circuit concluded that the arbitration clauses in the loan agreements impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent. As such, the appellate court stated that the entire arbitration provision is unenforceable. “The [t]ribal [l]enders drafted an invalid contract that strips borrowers of their substantive federal statutory rights,” the appellate court wrote. “[W]e cannot save that contract by revising it on appeal.” The 4th Circuit also declined to extend tribal sovereign immunity to the tribal officials, determining that while “the tribe itself retains sovereign immunity, it cannot shroud its officials with immunity in federal court when those officials violate applicable state law.” The appellate court further noted that the “Supreme Court has explicitly blessed suits against tribal officials to enjoin violations of federal and state law.” The 4th Circuit ultimately affirmed the district court’s judgment, noting that the loan agreement provisions were unenforceable because “tribal law’s authorization of triple-digit interest rates on low-dollar, short-term loans violates Virginia’s compelling public policy against unregulated usurious lending.”

    The appellate court also agreed with the district court that RICO does not permit private plaintiffs to seek an injunction. “Congress’s use of significantly different language” to define the scope of governmental and private claims under RICO “compels us to conclude” that “private plaintiffs may sue only for treble damages and costs,” the appellate court stated. While plaintiffs “urge us to consider by analogy the antitrust statutes,” provisions outlined in the Clayton Act (which explicitly authorize injunction-seeking private suits) have “no analogue in the RICO statute,” the appellate court wrote, adding that “nowhere in the RICO statute has Congress explicitly authorized private actions for injunctive relief.”

    Courts Fourth Circuit Appellate Tribal Lending Tribal Immunity RICO State Issues Interest Usury Online Lending Class Action Consumer Finance

    Share page with AddThis
  • District Court grants defendant’s motion in FCRA, FDCPA case


    On November 10, the U.S. District Court for the Western District of New York granted a defendant debt agency’s motion for judgment resolving FCRA and FDCPA allegations. A father allegedly co-signed an apartment lease for his daughter (collectively, “plaintiffs”), which included a provision that allowed the plaintiffs to terminate the lease if another individual took over the lease. The plaintiffs allegedly did not move in but identified two replacement tenants to take over the lease. The owner of the apartment allegedly signed separate leases with the identified replacement tenants and “thwarted [plaintiffs’] efforts to have someone take over [the] [l]ease.” The owner placed the debt with the defendant for collection, who reported the debt to three credit reporting agencies. The plaintiffs disputed the debt, but the defendant confirmed the accuracy of the information. The plaintiffs sued, alleging the defendant violated the FCRA for not conducting a proper investigation of the dispute, and the FDCPA for attempting to collect the allegedly invalid debt, which allegedly negatively impacted the plaintiffs’ credit scores, their ability to obtain a car loan, and efforts to apply for an apartment.

    With respect to the FCRA claim, the district court found that the plaintiffs’ allegation regarding an inaccurate debt “turns on an unresolved legal question, a section 1681s-2(b) claim that a furnisher failed to conduct a reasonable investigation of disputed credit information cannot stand.” Additionally, since the claim was “tethered to a legal dispute,” the district court found that it cannot form the basis of an FCRA claim. With respect to the FDCPA allegations, the district court dismissed the claim finding that the plaintiffs did not adequately state a claim because the plaintiffs’ claim was based on “nothing more than their conclusory and self-serving allegations that they do not owe the [d]ebt.”

    Courts FCRA FDCPA New York Debt Collection Consumer Finance

    Share page with AddThis
  • District Court approves e-commerce platform data breach settlement


    On November 4, the U.S. District Court for the District of Massachusetts granted final approval to a settlement in a class action against an alcohol e-commerce platform stemming from a data breach that allegedly compromised customers’ personally identifiable information. The plaintiffs’ memorandum of law requested approval of the class action settlement, which included a settlement class of 2.5 million individuals whose information was compromised. Class members claimed that the company did not publicly report the data breach until July 2020, and that customers’ information was available for purchase on the dark web. A complaint was filed against the defendant asserting claims of negligence, negligence per se, breach of implied contract, unjust enrichment, and violations of several state consumer protection statutes. The defendant moved to compel arbitration, citing a provision in its terms of service, as well as a class action waiver that required customers to arbitrate their claims individually. However, the parties entered into settlement discussions and agreed to mediate their dispute. Under the terms of the settlement, which is valued between $3.35 million and $7.1 million, the defendant has agreed to pay all associated administration costs, attorneys’ fees and expenses, and incentive awards. Class members will receive individual cash payments and will also receive a pro rata portion of a pool of up to $447,750 in the form of a credit against the cost of service fees for future orders on the defendant’s platform. The defendant will also implement certain data security measures for two years.

    Courts Privacy/Cyber Risk & Data Security Data Breach Class Action Settlement State Issues

    Share page with AddThis
  • District Court grants tech company’s motion to arbitrate smartphone data monitoring claims


    On November 9, the U.S. District Court for the Northern District of California issued an order granting, among other things, a global technology company defendant’s motion to compel individual arbitration in a privacy class action and dismissing the action without prejudice. As outlined in a May order issued by the court, which granted in part and denied in part defendant’s motion to dismiss plaintiff’s first amended complaint, the plaintiff alleged that the defendant failed to disclose it was (i) monitoring and collecting Android smartphone users’ sensitive personal data while users interacted with apps not owned by the defendant; or (ii) generally collecting “sensitive personal data to obtain an unfair economic advantage.” While the court dismissed the plaintiff’s California Invasion of Privacy Act claims, it allowed claims brought under the California Consumers Legal Remedies Act (which “prohibits ‘unfair methods of competition and unfair or deceptive acts or practices’”) to proceed based on the reasoning that if the defendant had disclosed these material facts, the plaintiff would have acted differently.

    The defendant moved to compel arbitration, claiming the plaintiff was using a smartphone that was bound by an arbitration provision. The plaintiff countered in both the complaint and first amended complaint, as well as in his initial disclosures, that the phone he originally purchased was never subject to an arbitration agreement. However, the court noted that account information later showed that the smartphone used by the plaintiff at the time he filed suit, as well as the smartphone he later switched to, both came with individual arbitration provisions and class waivers, subject to user opt out. The court stated that the plaintiff did not opt out of arbitration for either smartphone, and further denied the plaintiff’s motion for leave to file a second amended complaint, dismissing the action without prejudice.

    Courts Privacy/Cyber Risk & Data Security Arbitration State Issues Class Action California

    Share page with AddThis
  • 5th Circuit stays OSHA mandate


    On November 12, the U.S. Court of Appeals for the Fifth Circuit issued a nationwide stay on the emergency temporary standard (ETS), which mandates that all employers with 100 or more employees require employees to be fully vaccinated or be subject to a weekly Covid-19 test. As previously covered by InfoBytes, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) published a rule in the Federal Register requiring employers to develop, implement, and enforce a mandatory Covid-19 vaccination policy, unless they adopt a policy requiring employees to choose between vaccination or regular testing for Covid-19 and wearing a face covering at work. The 5th Circuit stay, which was in response to a legal challenge filed by several states along with private entities and individuals, affirmed the court’s initial stay. According to the appellate opinion, OSHA’s enforcement of this ETS is illegitimate, calling it “unlawful” and “likely unconstitutional.” Furthermore, the 5th Circuit ordered OSHA to “take no steps to implement or enforce the Mandate until further court order.”

    Courts Fifth Circuit Biden Covid-19 Department of Labor OSHA Appellate

    Share page with AddThis
  • District Court dismisses data breach claims due to lack of jurisdiction


    On November 8, the U.S. District Court for the Northern District of California dismissed a putative class action brought against a French cryptocurrency wallet provider and its e-commerce vendor after determining that the court does not have jurisdiction over the companies. Plaintiffs—customers who purchased hardware wallets through the vendor’s platform between July 2017 and June 2020—alleged violations of state-level consumer protection laws after a 2020 data breach exposed the personal contact information of thousands of vendor customers. Plaintiffs contended that when the breach was announced in 2020, the wallet provider failed to inform them that their data was involved in the breach. Plaintiffs also alleged that an unauthorized third party gained access to the wallet provider’s e-commerce database and obtained the email addresses of one million customers as well as physical contact information for 9,500 customers. According to the plaintiffs, the wallet provider did not disclose that the attack on its website and the vendor’s data theft were connected, and it downplayed the seriousness of the attack. As a result, plaintiffs were allegedly subject to “phishing scams, cyber-attacks, and demands for ransom and threats.” Plaintiffs claimed that the companies failed to implement appropriate security measures to protect customer data, and brought claims against the companies for injunctive relief and other remedies under California’s unfair competition law, Georgia’s Fair Business Practices Act, and New York’s General Business Law. The defendant companies moved to dismiss, arguing that the court lacked personal jurisdiction and that plaintiffs failed to state a claim.

    The court determined that it does not have jurisdiction over the French wallet provider, and ruled, among other things, that the plaintiffs did not establish that the wallet provider “expressly aimed” its activities towards California in a way that would establish specific jurisdiction, and “did not cause harm in California that it knew was likely to be suffered there.” The court further held that the fact that the vendor was headquartered in California at the time the breach occurred is not sufficient to establish general jurisdiction because the vendor moved to Canada before the class action was filed. “Courts have uniformly held that general jurisdiction is to be determined no earlier than the time of filing of the complaint,” the court wrote, dismissing the case with prejudice.

    Courts Privacy/Cyber Risk & Data Security Data Breach State Issues Of Interest to Non-US Persons

    Share page with AddThis
  • District Court denies EFTA safe harbor in overdraft class action


    On November 8, the U.S. District Court for the District of New Hampshire denied a credit union’s motion to dismiss claims concerning its overdraft fees and policies. Plaintiffs filed a putative class action alleging that the defendant failed to properly disclose how it assessed overdrafts in violation of EFTA and implementing Regulation E. According to the plaintiffs, the defendant’s overdraft fee opt-in disclosure did not provide a “clear and readily understandable” explanation of the meaning of “enough money,” nor did it specify whether overdrafts are calculated based on the actual balance or the available balance. The defendant moved to dismiss, arguing that the opt-in disclosure should be read in conjunction with a separate membership agreement that outlines the account terms and discloses the defendant’s use of the “available balance” method to determine when an account is overdrawn. The defendant further contended that it did not violate Regulation E and that it qualifies for EFTA’s safe harbor provision. The court disagreed, ruling that the plaintiffs had plausibly alleged a violation of Regulation E, as it requires the opt-in disclosure to be “segregated from all other information.” Among other things, the court stated that “[c]ountless courts examining virtually identical language have agreed” that language similar to the phrase “enough money” can plausibly amount to a violation of Regulation E’s “clear and readily understandable” explanation of overdraft fees.

    With respect to defendant’s safe harbor claim, the court observed that EFTA may provide safe harbor to banks using an appropriate CFPB model clause (15 U.S.C. § 1693m(d)(2)) or a disclosure form “substantially similar” to the Bureau’s Model Form A-9, which states “[a]n overdraft occurs when you do not have enough money in your account to cover a transaction, but we pay it anyway.” The court agreed, however, with the reasoning of several courts that using language identical to that in the A-9 does not necessarily provide safe harbor defeating plaintiffs’ claims where, as here, the plaintiffs “have plausibly stated a claim that the clause from Model Form A-9 was not ‘appropriate’ because the language did not describe [defendant’s] overdraft policy in a ‘clear and readily understandable’ way.”

    Courts EFTA Overdraft Safe Harbor Regulation E Fees Class Action Disclosures CFPB Consumer Finance

    Share page with AddThis