Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Earlier this summer, the U.S. District Court for the Central District of California denied a motion to dismiss a putative class action accusing a legal services company and its subsidiaries of failing to implement and maintain reasonable security procedures and practices to protect consumers’ data as required by the California Consumer Privacy Act (CCPA). Following a 2020 ransomware attack, class members claimed that sensitive information (including nonencrypted and nonredacted personal information) stored on the defendants’ network was compromised. The defendants countered that class members failed to establish that the defendants qualify as a “business” under the statute as opposed to a “service provider.”
As previously covered by a Buckley Special Alert, the CCPA, which became effective January 1, 2020, defines a “business” as an entity “that collects consumers’ personal information, or on the behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information.” The CCPA defines a “service provider” as an entity “that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract.” While the CCPA provides a limited private right of action for actual or statutory damages against a business, actions against service providers can only be brough by the California attorney general. According to the court, class members adequately alleged that the defendants act as a business rather than a service provider based on allegations that they, among other things, collect consumers’ personal information from consumers (instead of receiving personal information from another business), and determine “the purposes and means of the processing of consumers’ personal information.” The court also rejected the defendants’ argument that class members failed to “plausibly” establish that their information was stolen because the ransomware attack merely encrypted the data on the defendants’ computer systems. “It may be that [p]laintiff’s personal information was not exfiltrated in a nonencrypted and nonredacted form,” the court stated, “[b]ut at this stage, especially when the bases for dismissal upon which [d]efendants rely do not appear in the complaint, the Court concludes that [p]laintiff’s allegations are sufficient to survive a motion to dismiss.”
On September 30, the U.S. District Court for the Western District of Texas denied a request made by two trade groups to stay the implementation of the payment provisions of the CFPB’s 2017 final rule covering “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (2017 Rule) while they appeal an earlier decision allowing the provisions to take effect. As previously covered by InfoBytes, the court upheld the 2017 Rule’s payment provisions, finding that the Bureau’s ratification “was valid and cured the constitutional injury caused by the 2017 Rule’s approval by an improperly appointed official.” The court also concluded that the payment provisions, as a matter of law, “are consistent with the Bureau’s statutory authority and are not arbitrary and capricious,” and that the Bureau properly considered the costs and benefits of such payment provisions. The court’s order, however, granted the plaintiffs’ request to stay the compliance date, which had been set as August 19, 2019, until 286 days after final judgment.
The plaintiffs appealed to the U.S. Court of Appeals for the Fifth Circuit and asked the district court to stay the running of the 286-day stay pending appeal, such that compliance would not be required until 286 days after the appeal is resolved. The court rejected that request, stating that the plaintiffs “failed to make a sufficient showing to warrant a stay pending resolution of the appeal” and that “the equities do not support extending the stay of the compliance date beyond the court's 286-day stay from August 30, 2021.”
On September 22, the U.S. District Court for the District of Maryland granted a national bank’s motion for summary judgment in an action claiming the bank allegedly failed to pay interest on mortgage escrow accounts. The plaintiff filed a putative class action asserting various claims including for violation of Section 12-109 of the Maryland Consumer Protection Act (MCPA), which requires lenders to pay interest on funds maintained in escrow on behalf of borrowers. In response, the bank filed a motion to dismiss on the basis that the MCPA is preempted by the National Bank Act and by 2004 OCC preemption regulations. In 2020, the court denied the bank’s motion to dismiss after it determined, among other things, that under Dodd-Frank, national banks are required to pay interest on escrow accounts when mandated by applicable state or federal law. (Covered by InfoBytes here.) Citing previous decisions in similar escrow interest cases brought against the same bank in other states (covered by InfoBytes here and here), the court stated that Section 12-109 “does not prevent or significantly interfere with [the bank’s] exercise of its federal banking authority, because [Section] 12-109’s ‘interference’ is minimal, when compared with statutes that the Supreme Court has previously found were preempted.” The court further noted that state law—which “still allows [the bank] to require escrow accounts for its borrowers”—provides that the bank must pay a small amount of interest to borrowers if it chooses to maintain escrow accounts.
However, in its most recent ruling, the court held that the MCPA does not authorize the plaintiff to sue either. “[T]his court finds that § 12-109 does not confer a private right of action,” the court wrote, adding that the plaintiff’s breach of contract claim could not get around a notice-and-cure provision in her mortgage agreement that she had not complied with before suing. The plaintiff argued that these requirements did not apply because “her self-styled breach of contract claim is actually a statutory claim because the allegedly breached contractual provision is one which pledges general adherence to applicable law.” The court disagreed, stating that under the plaintiff’s theory “any claim for breach of contract, which also violated a federal or state law, would be vaulted to a privileged hybrid status. Such claims would enjoy an unlimited private right of action (regardless of whether the underlying statute created one) and. . .would be unbounded by any of the provisions or conditions precedent detailed in the contract itself.” The court also ruled that the plaintiff’s escrow statements, which “correctly reflected that her account was not accruing interest,” are themselves “not rendered deceptive by the mere fact that Plaintiff believes such interest is owed.”
On September 27, a proposed settlement was filed in the U.S. District Court for the Southern District of New York resolving allegations that a national bank (defendant) allegedly defrauded nearly 800 commercial customers by charging higher prices on foreign exchange (FX) transactions despite having fixed-pricing agreements. According to the complaint, from 2010 to 2017, the defendant allegedly defrauded customers who utilized its FX services, which violated the mail fraud, wire fraud, and bank fraud statutes of the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA), by: (i) falsely representing that the defendant would charge fixed FX spreads or sales margins on the customers’ FX transactions; (ii) financially incentivizing the FX sales specialists to overcharge while failing to certify that FX sales specialists comply with fixed-pricing agreements; and (iii) systematically charging “higher [FX] spreads or sales margins than [the bank] represented it would charge and/or was charging in fixed-pricing agreements or otherwise, while concealing the overcharges from the Customers.” Under the terms of the proposed settlement, the defendant must pay nearly $35.3 million plus interest, while an additional $2 million payment plus interest is subject to forfeiture to the U.S. The proposed settlement notes that the defendant paid $35.3 million in restitution to commercial customers who utilized the bank’s FX services. According to the order, the whistleblower who filed a declaration in 2016 with the U.S. under the Financial Institutions Anti-Fraud Enforcement Act will receive $1.6 million of the civil penalty. The DOJ sent a letter informing the court “that the United States and [the bank] have entered into a proposed Stipulation and Order of Settlement and Dismissal (the ‘Settlement’) resolving this action.”
On September 28, the U.S. Court of Appeals for the Ninth Circuit issued an en banc decision concluding that the Fair Housing Act (FHA) “is not a statute that supports proximate cause for injuries further downstream.” As previously covered by InfoBytes, the City of Oakland sued a national bank alleging violations of the FHA and the California Fair Employment and Housing Act, claiming the bank provided minority borrowers mortgage loans with less favorable terms than similarly situated non-minority borrowers, which led to disproportionate defaults and foreclosures and caused (i) decreased property tax revenue; (ii) increased city expenditures; and (iii) neutralized spending in Oakland’s fair-housing programs. In 2020, a three-judge panel affirmed both the district court’s denial of the bank’s motion to dismiss claims for decreased property tax revenue, as well as the court’s dismissal of Oakland’s claims for increased city expenditures. (Covered by InfoBytes here.) The panel further held that Oakland’s claims for injunctive and declaratory relief were also subject to the FHA’s proximate-cause requirement and, on remand, the district court must determine whether Oakland’s allegations satisfied this requirement. The bank filed a petition for panel rehearing and rehearing en banc last year arguing, among other things, that the panel had “fashioned a looser, FHA-specific proximate-cause standard” in conflict with the U.S. Supreme Court’s decision in Bank of America Corp. v. City of Miami. As covered by a Buckley Special Alert, in 2017, the Supreme Court held that municipal plaintiffs may be “aggrieved persons” authorized to bring suit under the FHA against lenders for injuries allegedly flowing from discriminatory lending practices, but that such injuries must be proximately caused by, rather than simply the foreseeable result of, the alleged misconduct.
The 9th Circuit agreed with the bank and remanded the case for dismissal of the FHA claims and proceedings consistent with the opinion. Citing the Miami decision as one of the leading factors, the panel stated that “[w]e begin where Miami began, with ‘[t]he general tendency. . .not to go beyond the first step,’” adding that “[t]here is no question that Oakland’s theory of harm goes beyond the first step—the harm to minority borrowers who receive predatory loans. Oakland’s theory of harm runs far beyond that—to depressed housing values, and ultimately to reduced tax revenue and increased municipal expenditures. Oakland thus fails a strict application of the general tendency not to stretch proximate causation beyond the first step.” The panel also affirmed the district court’s decision that Oakland failed to sufficiently plead claims related to increased municipal expenditures and reversed the district court’s denial of the bank’s motion to dismiss claims for lost property tax revenue and injunctive and declaratory relief.
On September 27, the U.S. District Court for the District of New Jersey granted in part and denied in part a national bank’s motion to dismiss a putative class action concerning allegations that the bank opened and reopened accounts without notifying customers. The plaintiffs alleged that they discovered the bank reopened closed accounts after receiving tax refunds and a one-off refund from a retailer. According to the plaintiffs, the bank accepted deposits into the reopened accounts and then allegedly collected funds from the accounts, resulting in unanticipated fees.
The court issued an opinion, calling it an issue of first impression within the Third Circuit, finding that “account numbers, whether new or old, which identified or provided access to the disputed accounts opened in Plaintiffs’ names each qualified as a ‘card, code, or other means of access’ to those accounts” under [EFTA] § 1693i(a).” Since the opening of an account “necessarily must be accompanied with an account number associated with that account,” the court found that the plaintiffs sufficiently stated a claim that the bank violated § 1693i(a). Among other things, the court disagreed with the bank’s argument that it could not “have been unjustly enriched by assessing [the plaintiff] fees in exchange for her acceptance of the services [the bank] provides,” stating that the bank’s argument “either misunderstands or purposefully misconstrues the basis” for the plaintiff’s claim, which was that the bank “opened the account in her name without her permission, and therefore did not have a contractual basis for assessing such fees associated with maintaining that account[.]” The court also allowed the plaintiffs’ unjust enrichment claim and Massachusetts Consumer Protection Act claim to proceed. While the court provided the plaintiffs the opportunity to file an amended complaint to revive their dismissed breach of contract claims, their FCRA allegations were dismissed with prejudice.
On September 23, the U.S. District Court for the Central District of California entered a judgment in favor of the CFPB against an individual defendant in an action taken by the Bureau against a lender and several related individuals and companies (collectively, “defendants”) for alleged violations of the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), and Fair Credit Reporting Act (FCRA). As previously covered by InfoBytes, the CFPB filed a complaint in 2020 claiming the defendants violated the FCRA by, among other things, illegally obtaining consumer reports from a credit reporting agency for millions of consumers with student loans by representing that the reports would be used to “make firm offers of credit for mortgage loans” and to market mortgage products. However, the Bureau alleged that the defendants instead resold or provided the reports to numerous companies, including companies engaged in marketing student loan debt relief services. The defendants also allegedly violated the TSR by charging and collecting advance fees for their debt relief services, and violated both the TSR and CFPA by placing telemarketing sales calls and sending direct mail to encourage consumers to consolidate their loans, while falsely representing that consolidation could lower student loan interest rates, improve borrowers’ credit scores, and allow borrowers to change their servicer to the Department of Education. Settlements have already been reached with certain defendants (covered by InfoBytes here, here, and here).
In August the court granted the Bureau’s motion for summary judgment against the individual defendant after determining that undisputed evidence showed that the individual defendant, among other things, “obtained and later used prescreened lists from [a consumer reporting agency] without a permissible purpose” in order to send direct mail solicitations from the businesses that he controlled to consumers on the lists as opposed to firm offers of credit or insurance. (Covered by InfoBytes here.) At the time, the court found that injunctive relief, restitution, and a civil money penalty were appropriate remedies. While the individual defendant objected to the proposed judgment, the court ultimately ordered that the Bureau is entitled to a judgment for monetary relief of over $19 million as redress for fees paid by affected consumers. This restitution is owed jointly and severally with the student loan debt relief company defendants in the amounts imposed in default judgments entered against each of them (covered by InfoBytes here). Additionally, the court determined that the individual defendant “recklessly” violated the CFPA, TSR, and FCRA, warranting a $20 million civil money penalty. The individual defendant is also permanently banned from participating in telemarketing activities or from using or obtaining prescreened consumer reports.
On September 27, the FTC announced a settlement with a Georgia-based debt collection company and its owners (collectively, “defendants”) for allegedly engaging in fraudulent debt collection practices. As previously covered by InfoBytes, the FTC filed a complaint against the defendants alleging that they violated the FTC Act and the FDCPA by, among other things: (i) posing as law enforcement officers, prosecutors, attorneys, mediators, investigators, or process servers when calling consumers to collect debts; (ii) using profane language and threatening consumers with arrest or serious legal consequences if debts were not immediately paid; (iii) threatening to garnish wages, suspend Social Security payments, revoke drivers’ licenses, or lower credit scores; (iv) attempting to collect debts that were either never owed or were no longer owed; (v) unlawfully contacting third parties, such as family members or employers; and (vi) adding unauthorized or impermissible charges or fees to consumers’ debts. The U.S. District Court for the Northern District of Georgia granted a temporary restraining order against the defendants in September 2020. Under the terms of the stipulated final order, the FTC ordered that the defendants are banned from the debt collection industry, prohibited from misrepresenting that they are attorneys or affiliated with a law firm or whether a consumer owes any kind of debt, and are prohibited from making misleading claims while selling a product or service. The order also requires the defendants to pay more than $266,000 to the Commission. A $3 million monetary judgment will be partially suspended upon completion of asset transfers from all financial institutions holding accounts in the defendants’ names.
On September 9, the U.S. Court of Appeals for the Sixth Circuit determined that the U.S. Supreme Court’s decision in Barr v. American Association of Political Consultants Inc. (AAPC) (covered by InfoBytes here, which held that the government-debt exception in Section 227(b)(1)(A)(iii) of the TCPA is an unconstitutional content-based speech restriction and severed the provision from the statute) does not invalidate a plaintiff’s TCPA claims concerning robocalls he received prior to the Court issuing its decision. In the current matter, the plaintiff filed a proposed class action alleging violations of the TCPA’s robocall restriction after he received two robocalls from the defendant in late 2019 and early 2020 advertising its electricity services. Following the Court’s decision in AAPC, the district court granted the defendant’s motion to dismiss, ruling that because severance of the exception in AAPC only operates prospectively, “the robocall restriction was unconstitutional and therefore ‘void’ for the period the exception was on the books.” As such, the district court concluded that because the robocall restriction was void, it could not provide a basis for federal-question jurisdiction for alleged TCPA robocall violations arising before the Court severed the exception.
On appeal, the 6th Circuit conducted a severability analysis, holding that the district court erred in concluding that the court, in AAPC, offered “‘a remedy in the form of eliminating the content-based restriction' from the TCPA.” Rather, the appellate court pointed out that “the Court recognized only that the Constitution had ‘automatically displace[d]’ the government-debt-collector exception from the start, then interpreted what the statute has always meant in its absence,” adding that the legal determination in AAPC applied retroactively and did not render the entire TCPA robocall restriction void until the exception was severed by the court. A First Amendment defense presented by the defendant premised on the argument that “government-debt collectors have a due-process defense to liability because they did not have fair notice of their actions’ unlawfulness” for robocalls placed before AAPC was also rejected. The 6th Circuit opinion emphasized that “[w]hether a debt collector had fair notice that it faced punishment for making robocalls turns on whether it reasonably believed that the statute expressly permitted its conduct. That, in turn, will likely depend in part on whether the debt collector used robocalls to collect government debt or non-government debt. But applying the speech-neutral fair-notice defense in the speech context does not transform it into a speech restriction.”
On September 16, the U.S. District Court for the Southern District of Alabama granted a defendant tribal payday lender’s motion to dismiss and compel arbitration, ruling that an arbitration agreement in a loan contract is still valid even if an arbitration panel found the contracts were void. The plaintiff initiated an arbitration proceeding against the defendant alleging that payday loan contracts carrying interest rates between 200 and 830 percent were void because the defendant was not licensed under the Alabama Small Loans Act to extend such loans. An American Arbitration Association panel determined, among other things, that the defendant had waived any tribal sovereign immunity, “the transactions involved off-reservation commercial activities to which sovereign immunity does not apply,” and that the loans were entirely void because each of the loans was extended without a license. The plaintiff filed suit in state court to confirm the arbitration award and pursue a class action on the premise that the loans are usurious and should be declared void. The defendant removed the case to federal court and asked the court to dismiss the proposed class action and compel arbitration. The district court agreed with the defendant that the arbitration agreement in the voided loan contract remained binding despite the arbitrator’s earlier determination in the plaintiff’s favor. Specifically, the court disagreed with the plaintiff’s argument that the arbitrator’s determination meant that “no aspect of the contact survives,” stating that the plaintiff “overlooks a central tenet in binding precedential arbitration law: severability.” According to the court, “‘[a]s a matter of substantive federal arbitration law, an arbitration provision is severable from the remainder of the contract.’”
- Daniel R. Alonso to moderate an interactive roundtable at the Latin Lawyer and GIR Connect: Anti-Corruption & Investigations Conference
- APPROVED Checkpoint Webcast: You have license renewal questions, we have answers
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel R. Alonso to discuss anti-money-laundering at FELABAN Spanish-language webinar “Perspective for banks: LAFT, FINCEN, OFAC, Cryptocurrency”
- Daniel R. Alonso to discuss "What’s new in BSA/AML compliance?" at the Institute of International Bankers Regulatory Compliance Seminar
- Jon David D. Langlois to discuss "Regulatory update: What you need to know under the new boss; It won’t be the same as the old boss" at the IMN Residential Mortgage Service Rights Forum (East)
- Benjamin B. Klubes to discuss “Creating a Fantastic Workplace Culture”
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek