InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Buckley Sandler Special Alert: D.C. Circuit significantly narrows FCC’s order defining autodialer
On March 16, the D.C. Circuit issued its much-anticipated ruling in ACA International v. FCC. The D.C. Circuit’s ruling significantly narrows a Federal Communication Commission order from 2015, which, among other things, had broadly defined an “autodialer” for purposes of the Telephone Consumer Protection Act.
* * *
Click here to read the full special alert.
If you have questions about the ruling or other related issues, please visit our Class Actions practice page, or contact a Buckley Sandler attorney with whom you have worked in the past.California appellate court says mortgage servicers can be debt collectors under Rosenthal Act
On March 13, a California appellate court held that a mortgage servicer that engages in debt collection activities may be considered a “debt collector” under California’s Rosenthal Fair Debt Collection Practices Act (Rosenthal Act). The decision results from a class action lawsuit alleging that the mortgage servicer made hundreds of phone calls demanding mortgage payments that had already been paid or were not yet due, including making calls at inconvenient times throughout the day and using threats of negative credit reporting and foreclosure. The class action suit alleged that the mortgage servicer’s activity violated the Rosenthal Act and the California’s Unfair Competition Law. The trial court sustained the mortgage servicer’s demurrer to the plaintiff’s complaint, concluding that servicing a mortgage is not a form of collecting consumer debts. In reversing the trial court’s decision, the appellate court held that, although the language in the Rosenthal Act was ambiguous with regard to mortgage debt servicing, it should be “construed broadly in favor of protecting the public,” and thus mortgage lenders and mortgage servicers can be considered “debt collectors” within the law’s purview. The appellate court acknowledged a split among California federal courts on the issue.
9th Circuit denies bank’s challenge to FDIC bank secrecy order
On March 12, the U.S. Court of Appeals for the 9th Circuit upheld a 2016 FDIC cease and desist order against a California bank arising out of alleged deficiencies in compliance management relating to the Bank Secrecy Act (BSA) and anti-money laundering laws. According to the opinion, FDIC examinations dating back to 2010 identified areas for BSA compliance improvement. While the bank made adjustments in response to the original findings, a 2012 FDIC examination found the bank’s BSA compliance program still was deficient, including because it did not “establish and maintain procedures designed to ensure adequate internal controls, independent testing, administration, and training”—known as the “four pillars”—and because the bank had not filed a necessary suspicious activity report. The bank argued that the BSA compliance standards were too vague, accused FDIC examiners of bias during the examination in a manner that violated its due process rights, and alleged that the decision was not supported by substantial evidence.
The three-judge panel ruled that (i) there was no bias in the FDIC’s decision to assess a penalty against the bank because there was substantial evidence to support an administrative law judge’s findings that the bank’s failure to maintain adequate controls violated BSA regulations; and (ii) because the BSA and FDIC’s implementing regulations are “economic in nature and threaten no constitutionally protected rights,” vagueness is not an overriding concern. While the “four pillars” of BSA compliance are open to interpretation, the panel noted, the FDIC provides banks with a manual written by the Federal Financial Institutions Examination Council that sets forth a uniform compliance standard. Furthermore, FDIC Financial Institution Letter 17-2010 clarifies that the manual contains the FDIC’s BSA compliance supervisory expectations. “A BSA Officer at the Bank bearing the requisite ‘specialized knowledge’ would understand that compliance with the FFIEC Manual ensures compliance with the BSA. . . . The BSA and its implementing regulations are not unconstitutionally vague,” the panel stated. Therefore, the 9th Circuit held that the manual was entitled to Chevron deference and denied the bank’s petition for review.
District Court denies payment company’s request to set aside judgment
On March 12, the U.S. District Court for the Northern District of California denied a company’s post-trial motions to set aside September 2017 judgments in a lawsuit brought by the CFPB for alleged violations of the Consumer Financial Protection Act (CFPA). Specifically, the bi-weekly payments company requested that the court set aside its injunction and reconsider a $7.93 million penalty in light of “new evidence” that demonstrated the company’s inability to pay the penalty. As previously covered by Infobytes, the CFPB filed the lawsuit in 2015, alleging, among other things, that the company made misrepresentations to consumers about its bi-weekly payment program by overstating the savings provided by the program and creating the impression the company was affiliated with the consumers’ lender. In denying the company’s motion, the court held that the company failed to present new evidence that would justify the relief. Additionally, the court rejected the argument that the permanent injunction placed on the company was overly burdensome, stating “in light of the evidence of defendants[’] prior practices…the limitations of the injunction reflect appropriate safeguards ‘to avoid deception of the consumer.’”
California judge limits plaintiffs’ ability to seek certain punitive damages in internet data breach
On March 9, the U.S. District Court for the Northern District of California partially granted a motion to dismiss limiting plaintiffs’ ability to seek certain punitive damages for data breaches. The court also held that the plaintiffs cannot seek claims under the California Customer Records Act (CRA). The consolidated litigation results from announcements that hackers had breached the defendant’s systems and accessed users’ personal information in multiple attacks between 2013 and 2016. While the court kept several claims alive, including one alleging company executives purposefully concealed the hacks and others related to good faith and fair dealing, the court found the plaintiffs had failed to establish when the company learned about the 2013 and 2014 hacks, which warranted dismissal of most of the claims brought under the CRA. With respect to the limit on punitive damages, the court held that there is no punitive remedy for the alleged breaches relating to the breach of contract and CRA claims. However, the court did allow the plaintiffs to seek punitive damages for concealment, negligence, and misrepresentation related to the executives’ alleged suppression of the breach.
9th Circuit reinstates class action data breach lawsuit against online retailer
On March 8, the U.S. Court of Appeals for the 9th Circuit reinstated a putative class action lawsuit against an online retailer, concluding that the increased risk of identity theft resulting from a 2012 data breach affecting over 24 million shoppers gave consumers Article III standing to sue. The three-judge panel held that the district court erred in dismissing claims brought by consumers who did not allege financial losses as a result of the data breach because the stolen information provided hackers the “means to commit fraud or identity theft.” The panel noted that evidence that another group of consumers had suffered financial losses from the same data breach undermined the argument that the data stolen would not lead to fraud or identity theft. In addition, although the defendant asserted that too much time had passed since the data breach for any harm to be considered imminent, the panel found that determining jurisdiction requires an assessment of a plaintiff’s standing at the time the suit was filed, and that the risk of harm was sufficiently imminent at the time of filing. The 9th Circuit remanded the case back to the lower court for review.
The panel also addressed a separate appeal by the class on the district court’s decision not to enforce a purported settlement agreement, affirming the lower court’s decision “because the parties did not have a meeting of the minds on all essential terms of the agreement.”
District Court recognizes CFTC authority to regulate virtual currency as commodities
On March 6, the U.S. District Court for the Eastern District of New York granted the CFTC’s request for preliminary injunction against defendants alleged to have misappropriated investor money through a cryptocurrency trading scam, holding that the CFTC has the authority to regulate virtual currency as commodities. The decision additionally defined virtual currency as a “commodity” within the meaning of the Commodity Exchange Act (CEA) and gave the CFTC jurisdiction to pursue fraudulent activities involving virtual currency even if the fraud does not directly involve the sale of futures or derivative contracts. However, the court noted that the “jurisdictional authority of CFTC to regulate virtual currencies as commodities does not preclude other agencies from exercising their regulatory power when virtual currencies function differently than derivative commodities.” Under the terms of the order, the defendants are restrained and enjoined until further order of the court from participating in fraudulent behavior related to the swap or sale of any commodity, and must, among other things, provide the CFTC with access to business records and a written account of financial documents.
Find continuing InfoBytes coverage on virtual currency oversight here.
2nd Circuit finds bankruptcy claim non-arbitrable
On March 7, the U.S. Court of Appeals for the 2nd Circuit denied a bank’s motion to compel arbitration, holding that arbitration of the debtor’s claims would present an inherent conflict with the intent of the Bankruptcy Code because the dispute concerns a core bankruptcy proceeding. The debtor’s claims against the bank relate to a purported refusal to remove a “charge-off” status on the debtor’s credit file after the debtor was released from all dischargeable debts through a Chapter 7 bankruptcy. The bankruptcy court allowed the debtor to reopen the proceeding in order to file a putative class action complaint against the bank alleging that the designation amounted to coercion to pay a discharged debt. The bank moved to compel arbitration, based on a clause in the debtor’s cardholder agreement, and the court denied the motion. On appeal, the district court affirmed the bankruptcy court’s decision. In affirming both lower courts’ decisions, the 2nd Circuit reasoned that a claim of coercion to pay a discharged debt is an attempt to undo the effect of the discharge order and, therefore, “strikes at the heart of the bankruptcy court’s unique powers to enforce its own orders.” The circuit court found the debtor’s complaint to be non-arbitrable based on a conclusion that it would create an inherent conflict with the intent of the bankruptcy code.
Pennsylvania Attorney General sues ride-sharing company for 2016 data breach
On March 5, Pennsylvania Attorney General filed a lawsuit against a ride-sharing company for violating Pennsylvania’s Breach of Personal Information Notification Act (BPINA) because of its failure to disclose a 2016 data breach caused by hackers. The complaint alleges that after the company became aware of the breach, it “paid the hackers at least $100,000 to delete the acquired consumer data and keep quiet.” According to the complaint, the breached data included the private information of at least 13,500 Pennsylvania drivers. The Attorney General asserts that, under the BPINA, the company must provide notice to the affected residents without unreasonable delay. Instead, the company waited until November 2017 to disclose the incident. Among other things, the complaint seeks civil penalties in the amount of $1,000 or $3,000, depending on the consumer’s age, for each individual BPINA violation.
The Pennsylvania lawsuit follows similar lawsuits by the City of Chicago and Washington State, previously covered by InfoBytes here.
Judge orders student loan servicer to comply with CFPB CID
On February 28, the U.S. District Court for the Western District of Pennsylvania granted the CFPB’s petition to enforce a Civil Investigative Demand (CID) issued against a student loan servicer. According to the opinion, the student loan servicer filed a petition with the CFPB to set aside a June 2017 CID because the statutorily-mandated Notification of Purpose did not comply with the Bureau’s notice requirements under 12 U.S.C. § 5562(c)(2). The loan servicer argued that the CID’s list of activities under investigation—i.e., processing payments, charging fees, transferring loans, maintaining accounts, and credit reporting—failed to provide the servicer with fair notice as to the nature of the investigation because it “merely categorize[s] all aspects of a student loan servicing operation.” The CFPB denied the petition, and in November 2017, filed a petition in court to enforce the CID. In granting the Bureau’s petition, the court found that the Notification of Purpose met the statutory notice requirements because nothing in the law bars the CFPB “from investigating the totality of a company’s business operations.” Moreover, the court also found that the CID’s Notification of Purpose met the necessary requirements regarding administrative subpoenas set forth by the U.S. Court of Appeals for the 3rd Circuit, concluding that the investigation is for a “legitimate purpose,” the information requested is relevant and not already known by the Bureau, and the request is not unreasonably broad or burdensome.