InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District of Columbia AG claims online lender violated usury statutes
On June 5, the District of Columbia attorney general filed a complaint against an online lender for alleged violations of the District of Columbia Consumer Protection Procedures Act (CPPA) by marketing high-costs loans carrying interest rates exceeding D.C.’s interest rate caps. The complaint alleges that the lender offers two loan products to D.C. residents: (i) an installment loan with an annual percentage rate (APR) range of 99-149 percent; and (ii) a second loan product with an undisclosed APR that ranges between 129-251 percent. However, interest rates in D.C. are capped at 24 percent for loans with the rate expressed in the contract (loans that do not state an express interest rate in the contract are capped at six percent), and licensed money lenders that exceed these limits are in violation of the CPPA. According to the AG, the lender—who has allegedly never possessed a money lending license in D.C.—violated the CPPA by (i) unlawfully misrepresenting it is allowed to offer loans in D.C. and failing to disclose or adequately disclose that its loans contain APRs in excess of D.C. usury limits; (ii) engaging in unfair and unconscionable practices through misleading marketing efforts; and (iii) violating D.C. usury laws. In addition, the lender allegedly violated District of Columbia Municipal Regulations Title 16 by lending money in D.C. without being licensed. The complaint seeks a permanent injunction, restitution, and civil penalties. In addition, the complaint asks the court to order the lender’s loans unenforceable and void.
FTC settles with app developer for COPPA violations
On June 4, the FTC announced that a children’s mobile application developer agreed to pay $150,000 and to delete the personal information it allegedly unlawfully collected from children under the age of 13 to resolve allegations that the developer violated the Children’s Online Privacy Protection Act Rule (COPPA). According to the complaint filed in the U.S. District Court for the Northern District of California, the developer, without notifying parents or obtaining verifiable parental consent, allowed third-party advertising networks to use persistent identifiers to track users of the child-directed apps in order to send targeted advertisements to the children. The proposed settlement requires the developer to destroy any personal data collected from children under 13 and notify and obtain verifiable consent from parents for any child-directed app or website they offer that collects personal information from children under 13. A $4 million penalty is suspended upon the payment of $150,000 due to the developer’s inability to pay.
In dissent, Commissioner Phillips argued that the fine imposed against the developer was too high, noting that having children view advertisements based on the collection of persistent identifiers “is something; but it is not everything,” under COPPA. Commissioner Phillips argued that because the developer did not “share[] sensitive personal information about children, or publicize[] it” nor did the developer expose children “to unauthorized contact from strangers, or otherwise put [the children] in danger,” the assessed penalty was too large in comparison to the harm.
In response to the dissent, Chairman Simons argued that while “harm is an important factor to consider…[the FTC’s] first priority is to use [] penalties to deter [] practices. Even in the absence of demonstrable money harm, Congress has said that these law violations merit the imposition of civil penalties.”
9th Circuit upholds TCPA liability for reassigned number
On June 2, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s judgment in a TCPA action against a bank, concluding that consent from the person intended to call does not exempt the bank from liability under the TCPA. According to the opinion, the bank’s vendors made over 180 automated calls to a child’s cell phone in attempt to collect past-due payments from a customer who used to have the same cell phone number, which had since been reassigned to the child’s mother. The customer of the bank had given consent to be called, but the mother and child had not. After a three-day jury trial, the jury returned a verdict in favor of the plaintiff on the TCPA claim, concluding that the bank could not escape liability under the TCPA because the customer it intended to call had given consent, and awarding $500 in statutory damages for each of the 189 unwanted calls, for a total of $94,500.
On appeal, the 9th Circuit affirmed the district court’s judgment after the jury trial. The appellate court noted it was “agreeing with other circuits,” on liability when it concluded that the district court “properly instructed the jury that consent from the intended recipient of the call was not sufficient.” Moreover, the appellate court held that the district court properly instructed the jury on the definition of “automatic telephone dialing system,” based on the panel’s decision in Marks v. Crunch San Diego, LLC (covered by InfoBytes here). Lastly, the appellate court also issued an opinion affirming the district court’s award of attorneys’ fees to the plaintiff.
District court denies arbitration in mobile app BIPA suit
On June 1, the U.S. District Court for the Northern District of Illinois denied a mobile application company’s motion to, among other things, compel arbitration in a class action alleging the company used face-geometry scan technology in violation of the Illinois Biometric Information Privacy Act (BIPA). According to the opinion, the plaintiff brought the proposed class action against the company alleging the company used “facial recognition technology to scan, collect, and store his and other users' face geometries from videos and photographs they uploaded to [the company’s photo editing app] without satisfying [BIPA]’s requirements.” The company moved to compel arbitration of the claims on an individual basis. The court concluded that the plaintiff received reasonable notice of the terms of service when he signed up for his account and subscription plan in the app. However, the court noted that while the company’s terms of service include a binding arbitration agreement, the agreement does not cover potential violations of BIPA. Specifically, the court highlighted that the arbitration clause contained exceptions for “allegations of theft, piracy, invasion of privacy or unauthorized use,” and concluded that the BIPA claim is not within the scope of the agreement to arbitrate.
CFPB status report provides Section 1071 implementation updates
On May 26, the CFPB filed its first status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. Under the settlement’s terms, the Bureau agreed to outline a proposal for collecting data and studying discrimination in small-business lending by September 15, and to create a Small Business Advocacy Review panel by October 15 in order to prepare a report on the proposal. The Bureau is also required to submit status reports, which must detail the Bureau’s progress and address whether it is on track to meet all relevant deadlines to the plaintiffs and the court every 90 days until the final rule is issued.
Updates on the following items are provided within the first status report: (i) the Bureau is continuing to work to resolve legal and policy issues in order to implement Section 1071; (ii) Bureau staff have begun drafting sections of the outline and started preliminary internal work to select small entity representatives who will consult with the panel; (iii) a survey seeking information from lenders on one-time costs for preparing and collecting data required by Section 1071 (covered by InfoBytes here) was postponed due to the Covid-19 pandemic, but the Bureau believes it can conduct the process without these results if necessary; (iv) the Bureau believes it is on track to meet the September and October deadlines, but notes that the Covid-19 pandemic may “introduce uncertainty with respect to the Bureau’s future ability to meet these deadlines,” and may also impact the Bureau’s ability to recruit small entity representatives to participate in the process; and (iv) the Bureau will notify the plaintiffs should it believe that a deadline extension is needed.
Court rejects dismissal of CFPB claims against foreclosure relief services company
On May 20, the U.S. District Court for the Central District of California denied a foreclosure relief services company and its owner’s (collectively, “defendants”) motion to dismiss an action by the CFPB accusing the defendants of violating the Consumer Financial Protection Act (CFPA) and Regulation O. As previously covered by InfoBytes, in September 2019, the CFPB filed a complaint against the defendants, alleging that since 2014 the defendants made deceptive and unsubstantiated representations about the efficacy and material aspects of its mortgage assistance relief services, and made misleading or false claims about the experience and qualifications of its employees. The Bureau alleged that the defendants’ representations constituted abusive acts and practices because, among other things, consumers “generally did not understand and were not in a position to evaluate the accuracy of [the defendants’] marketing representations or the quality of the mortgage-assistance-relief services that [the defendants] sold.” Moreover, the Bureau claimed the defendants further violated Regulation O by charging consumers advance fees before rendering services. The defendants moved to dismiss the action.
The district court rejected all of the defendants’ arguments, concluding that the Bureau “as an organization and its establishment” are constitutionally permissible, and therefore, can bring enforcement actions against the company. The court also held that the Bureau adequately pleaded that the defendants’ were covered by the CFPA and Regulation O, as providers of “[a]udit and litigation documents to consumers, which Defendants claim will prevent foreclosure or modify the terms of [consumers] mortgage[s].” And lastly, the court held that the Bureau sufficiently alleged that the defendants took “unreasonable advantage of the consumer’s lack of understanding” of the material terms of the product they were selling.
District court requires bank to produce consultant’s data breach report
On May 26, a magistrate judge of the U.S. District Court for the Eastern District of Virginia ordered a national bank to produce to plaintiffs in litigation a forensic analysis performed by a cybersecurity consulting firm regarding the bank’s 2019 data breach, concluding the report was not entitled to work product protection. As previously covered by InfoBytes, in July 2019, the national bank announced that an unauthorized individual had obtained personal information of credit card customers and people who had applied for credit card products. According to the order, after the data breach, the bank’s outside counsel directed a cybersecurity company, which had been engaging in periodic work with the bank since 2015, to prepare a report “‘detailing the technical factors that allowed the criminal hacker to penetrate [the bank]’s security.’” Plaintiffs, in a class action against the bank for the data breach, sought to obtain the report in discovery, but the bank opposed the production, arguing that the report was protected work product created under an agreement with outside counsel in anticipation of litigation.
The court rejected the bank’s argument, concluding that the bank did not show the consultant’s scope of work under the outside counsel agreement “was any different than the scope of work for incident response services,” and that the bank had not shown the firm would not have performed the services “without the prospect of litigation.” Moreover, the court noted, “[t]he retention of outside counsel does not, by itself, turn a document into work product.” The court compelled production, holding that the report was not entitled to protection under the work product doctrine.
New York AG announced proposed settlement with student debt relief companies
On May 22, the New York attorney general (NYAG) announced a proposed settlement with three student loan debt relief companies and two of the companies’ executive officers (collectively, “defendants”), resolving allegations that the defendants participated in a broader scheme that fraudulently, deceptively, and illegally marketed, sold, and financed student debt relief services to consumers nationwide. As previously covered by InfoBytes, the September 2018 complaint alleged that a total of nine student loan debt relief companies, along with their financing company, and the two individuals violated several federal and state consumer protection statutes, including the Telemarketing Sales Rule, New York General Business Law, the state’s usury cap on interest rates, disclosure requirements under TILA, and the Federal Credit Repair Organization Act. Specifically, the NYAG asserted, among other things, that the defendants (i) sent direct mail solicitations to consumers that deceptively appeared to be from a governmental agency or an entity affiliated with a government agency; (ii) charged consumers over $1,000 for services that were available for free; (iii) requested upfront payments in violation of federal and state credit repair and debt relief laws; and (iv) charged usurious interest rates.
If approved by the court, the proposed consent judgment would require the five defendants to pay $250,000 of a $5.5 million total judgment, due to their inability to pay. Additionally, the defendants are also permanently banned from advertising, marketing, promoting, offering for sale, or selling any type of debt relief product or service—or from assisting others in doing the same. Additionally, the defendants must request that any credit reporting agency to which the defendants reported consumer information in connection with the student loan debt relief services remove the information from those consumers’ credit files. The defendants also agreed not to sell, transfer, or benefit from the personal information collected from borrowers.
The NYAG previously settled with two other defendants in February, covered by InfoBytes here.
District court: Unilateral imposition of post-judgment interest violates FDCPA
On May 19, the U.S. District Court for the District of Connecticut granted in part and denied in part parties’ motions for summary judgment in an FDCPA action concerning post-judgment interest. According to the ruling, the defendants—a debt buyer and an attorney who represents creditors, including the debt buyer, in collection actions—obtained a judgment from the Connecticut State Superior Court (state court) for the plaintiff’s unpaid credit card debt. The judgment awarded the defendant $33,921.25 plus post judgment interest under state law. While the complaint requested post-judgment interest of 10 percent—the maximum amount allowed by state law—the judgment did not reference a specific interest rate. After the defendants began charging post-judgment interest at 10 percent, the plaintiff filed suit alleging the defendant violated the FDCPA by using false, deceptive, or misleading representations or means in connection with the collection of any debt. The defendants sought clarification of the rate of post-judgment interest from the state court and received a clarification order stating that the state court “intended that the interest rate be set at the allowable rate of ten percent per year in accordance with the statute.” In its defense, the defendants asserted a bona fide error defense under the FDCPA, arguing, among other things, that they “erroneously believed that application of post-judgment interest at a rate of ten percent was neither false nor misleading because they relied on the state court’s judgment and Clarification Order, which explicitly provided for post-judgment interest at a rate of ten percent.”
The court partially granted summary judgment in favor of the plaintiff on her FDCPA claim, stating that the unilateral imposition of post-judgment interest at a rate of 10 percent per year, which was not awarded in the judgment, is a “clear violation” of the FDCPA that is not subject to the bona fide error defense. The court stated that the bona fide error defense does not apply in this situation because “the FDCPA violation resulted from the defendants’ mistaken belief that, absent a rate of post-judgment interest expressly set by the state court, defendants were entitled to set a rate at the maximum amount allowed under the statute.” According to the court, when a state court “fails to include a specific rate of interest based on the state law,” a debt collector may not apply a default interest rate. In holding that the FDCPA’s bona fide error defense is inapplicable here, the court extended the holding of the U.S. Supreme Court in Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich, L.P.A. that the “bona fide error defense . . . is not available to debt collectors who misinterpret the legal requirements of the FDCPA,” to include misinterpretations of state law as well.
The court did, however, partially grant the defendant’s motion for summary judgment with respect to the application of pre-judgment interest.
Credit repair trade association sues CFPB over TSR six-month waiting period
On May 21, a credit repair trade association filed a complaint against the CFPB in the U.S. District Court for the Southern District of Florida alleging the Bureau violated the credit repair organizations’ First Amendment rights under the Constitution by enforcing a six-month payment waiting period in the FTC’s Telemarketing Sales Rule (TSR). The association is challenging Section 310.4(a)(2)(ii) of the TSR, which prohibits credit repair organizations from requesting or receiving payment for services rendered for a minimum of six months after the services have been performed. The complaint alleges that the prohibition (i) exceeds the FTC’s statutory authority under the Telemarketing and Consumer Fraud and Abuse Prevention Act; (ii) conflicts with the Credit Repair Organizations Acts (CROA); and (iii) is an infringement on the First Amendment rights of credit repair organizations by improperly impairing fully protected speech. Specifically, the association argues that the TSR is only applicable to credit repair organizations in certain situations, and the CROA—which does not require the six-month waiting period nor proof that “results were achieved”—is “the final and decisive law concerning credit repair organizations, including the time and manner of their billing practices.” Moreover, the complaint argues that the Bureau does not have the authority to enforce the TSR against credit repair organizations, as the Dodd-Frank Act did not explicitly transfer the authority from the FTC. The complaint is seeking a declaratory judgment that the TSR is unenforceable, invalid, and unlawful.