InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Florida Court of Appeal: Bank may seek attorney’s fees as a condition of loan reinstatement
On May 4, the Florida Court of Appeal, Fourth District, held that a borrower cannot sue a law firm for sending a letter seeking to collect attorney’s fees because the mortgage contract gave the bank the right to seek attorney’s fees from a prior foreclosure action as a condition of reinstating the loan. Previously, a trial court had awarded the borrower attorney’s fees following dismissal of a prior foreclosure action. The bank later brought a new foreclosure action against the borrower concerning the same property, and the law firm representing the bank sent the borrower a reinstatement letter requiring payment of attorney’s fees incurred by the bank in the prior foreclosure action in order to reinstate the loan. The trial court, citing a 2019 decision in U.S. Bank Trust, N.A. v. Leigh, granted summary judgment in favor of the law firm on the grounds that “the law firm was entitled to immunity under the litigation privilege because the Florida Consumer Collection Practices Act (FCCPA) claim was based on the reinstatement letter the law firm sent during the foreclosure proceedings” and because the borrower lacked standing.
On appeal, the Court of Appeal agreed with the law firm that it was entitled to collect attorney fees and costs and that the borrower lacked standing to bring his FCCPA claim. According to the Court of Appeal, a provision in the mortgage contact included language that “if the borrower defaulted and the lender accelerated the loan, the borrower would have the right to reinstate the loan if certain conditions were met.” Among these conditions was that the borrower would agree to “pay all expenses incurred in enforcing this Security Instrument, including, but not limited to, reasonable attorneys’ fees.” Applying the rationale of Leigh, the Court of Appeal found “that the law firm did not violate the FCCPA because it sought to recover a legitimate expense it was entitled to recover pursuant to a contract, that being the expense of attorney’s fees the lender incurred in the prior foreclosure action.”
District Court partially certifies data breach suit
On May 3, the U.S. District Court for the District of Maryland granted in part and denied in part certification of eight class actions against a hotel corporation (defendant) alleging that it misled consumers regarding a major breach of customers’ personal information. According to the opinion, the plaintiffs filed suit after allegedly learning that the defendant took more than four years to discover the breach and took nearly three months to notify customers of their exposed information. The defendant discovered the breach in September 2018 when a consulting company contracted, to provide data security services reported an anomaly pertaining to a guest information database. In total, the breach impacted approximately 133.7 million guest records associated with the U.S., including an estimated 47.7 million records associated with the bellwether states. The defendant argued that certification should be denied because not all of the class members demonstrated that they suffered an injury, which the court rejected, noting that the plaintiffs do not need to demonstrate that every class member has standing at the class certification stage. The size of the certified classes based on an overpayment theory was decreased, because the court agreed with the defendants’ argument that the plaintiffs were too broad in seeking to include all customers who were affected by the breach, rather than those who only “bore the economic burden.” The court also declined to certify one class seeking only injunctive or declaratory relief, stating that “[w]ithout any direction as to the nature of the injunction sought, besides a request for further discovery, plaintiffs’ motion goes no further than requesting that defendants discontinue their current practices with respect to the [personally identifiable information] at issue.”
Washington Court of Appeals affirms dismissal of suit accusing bank of collecting debt under a different name
On May 3, the Washington Court of Appeals, Division Three, affirmed the dismissal of an action accusing a defendant bank of violating the FDCPA by attempting to collect a debt in a name that differed from its own. The plaintiff obtained a credit card from the bank in 2006. Following a merger between the bank holding company (a separate legal entity at the time) and a card services company, the defendant bank merged with and under the charter of the card services company and notified credit card customers that the new issuer and administrator of their accounts would be the card services company. In 2014, the card services company merged into and under the charter of the national bank of the same name, who subsequently became issuer and administrator of the credit card portfolio and the named creditor of the plaintiff’s account. By 2012, the plaintiff had stopped making payments on his credit card and was sued by the card services company. While this action was pending, the 2014 merger occurred but the collection action was not updated to reflect this development. Eventually, the collection action was dismissed without prejudice, and the plaintiff sued the defendant in Washington state court, claiming the defendant violated the FDCPA because it continued its collection suit under the name of the card services company after the merger had taken place. The state court dismissed the case, and the plaintiff appealed. At issue was whether the national bank “falls under the FDCPA despite its status as a creditor because it used a name other than its own ‘which would indicate that a third person is collecting or attempting to collect’ the debt owed by” the plaintiff.
The Court of Appeals disagreed and held that even a least sophisticated consumer would not be confused and think that the debt had been transferred to a third-party collection agency. “Instead, a least sophisticated consumer (and even average-level consumer) might be led to believe that nothing had changed and [the card services company] was still collecting its credit card debt in its own right,” the Court of Appeals wrote. “There is no reason to think a least sophisticated consumer would be led to believe that [the bank] had acquired [the card services company’s] debt and then contracted with [it] to collect the debt.”
9th Circuit: Data release did not violate defendant’s Fourth Amendment rights
On April 27, the U.S. Court of Appeals for the Ninth Circuit concluded that limited digital data uncovered online that was not collected at the behest of the government did not violate the Fourth Amendment, which protects individuals from unreasonable government searches and seizures. According to the opinion, the defendant, who was convicted of child exploitation, argued that his Fourth Amendment rights were violated when two electronic service providers (ESPs) investigated his accounts without a warrant and reported the evidence of child sexual exploitation. He further maintained that evidence seized upon his arrest should have been suppressed because the ESPs were “acting as government agents when they searched his online accounts,” and that “he had a right to privacy in his digital data and that the government’s preservation requests and subpoenas, submitted without a warrant, violated the Fourth Amendment.”
The 9th Circuit disagreed, concluding first that the federal Stored Communications Act and the Protect Our Children Act “transformed the ESPs’ searches into governmental action” and “that the government was sufficiently involved in the ESPs’ searches of the defendant’s accounts to trigger Fourth Amendment protection.” The appellate court also determined that the government’s preservation requests for the private communications did not amount to unreasonable seizure and that “the defendant did not have a legitimate expectation of privacy in the limited digital data sought in the government’s subpoenas, where the subpoenas did not request any communication content from the defendant’s accounts and the government did not receive any such content in response to the subpoenas.” Moreover, the 9th Circuit stated that the defendant agreed to terms of use that granted the ESPs’ contractual rights under agreed upon privacy policies “to investigate, prevent, or take action regarding illegal activities,” and consented to the ESPs honoring of preservation requests from law enforcement.
District Court partially affirms summary judgment in interest case
On April 28, the U.S. District Court for the Southern District of New York granted in part and denied in part parties’ motions for summary judgment in a suit challenging the retroactive application of a New York statute reducing the state’s statutory interest rate on money judgments arising out of consumer debt. In doing so, the court considered S5724A, the Fair Consumer Judgment Interest Act. As previously covered by InfoBytes, the New York governor signed S5724A in December 2021, which amended the civil practice law and rules relating to the rate of interest applicable to money judgments arising out of consumer debt. Specifically, the bill provides that the interest rate that can be charged on unpaid money judgments is 2 percent and applies to judgments involving consumer debt, which is defined as “any obligation or alleged obligation of any natural person to pay money arising out of a transaction in which the money, property, insurance or services which are the subject of the transaction are primarily for personal, family or household purposes […], including, but not limited to, a consumer credit transaction, as defined in [section 105(f) of the civil practice law and rules].” The bill became effective April 30. According to the suit, a group of credit unions (plaintiffs) filed a federal class action lawsuit seeking to enjoin the enforcement or implementation of S5724A. The plaintiffs sought to invalidate the retroactive portion of S.5724A, arguing that it is an unconstitutional taking in violation of the Fifth Amendment and violative of their substantive due process rights guaranteed under the Fourteenth Amendment. The plaintiffs claimed that they are collectively owed about $3.8 million of outstanding consumer judgments, which includes approximately $1 million in interest, and sought a preliminary injunction enjoining the effective date of S572A. The plaintiffs brought suit against the Chief Administrative Judge of the New York State Courts, and the sheriffs of three New York counties in their official capacity on the basis that those parties “will be involved in enforcement of the Amendment.” The district court issued the preliminary injunction with respect to the sheriffs, relying on the credit unions’ arguments that retroactive application will “eradicate millions of dollars from the balance of judgments lawfully due and owing to judgment creditors.” The district court noted that “[r]egulatory takings … involve government regulation of private property [that is] . . . so onerous that its effect is tantamount to a direct appropriation or ouster. Thus, ‘while property may be regulated to a certain extent, if regulation goes too far it will be recognized as a taking.’”
Special Alert: Federal court says state bank, fintech partner must face Maryland’s allegation of unlicensed lending before state ALJ
A federal court late last month told a state-chartered bank and its fintech partner that they must return to a state administrative law proceeding to fight a Maryland enforcement action alleging that their failure to obtain a license to lend and collect on loans violated state law — potentially rendering the terms of certain loans unenforceable.
The Missouri-chartered bank and its partners attempted to remove an action brought by the Office of the Maryland Commissioner of Financial Regulation to the U.S. District Court for the District of Maryland, but the district court determined that removal was not proper and that Maryland’s Office of Administrative Hearings was the appropriate venue.
OCFR initially filed charges in January 2021 in Maryland’s Office of Administrative Hearings against the bank and its partner asserting the bank made installment and consumer loans and extended open-ended or revolving credit in the state without being licensed or qualifying for an exception to licensure. As a result, OCFR said they “‘may not receive or retain any principal, interest, or other compensation with respect to any loan that is unenforceable under this subsection.’” It said that not only are the bank’s loans to all Maryland consumers possibly unenforceable, but also that the bank, or its agents or assigns, could in the alternative be “prohibited from collecting the principal amount of those loans from any of these consumers or from collecting any other money related to those loans.”
The OCFR’s charge letter also said the fintech company that provided services to the bank violated the Maryland Credit Services Business Act by providing advice and/or assistance to consumers in the state “with regard to obtaining an extension of credit for the consumer when accepting and/or processing credit applications on behalf of the Bank without a credit services business license.” Additionally, the OCFR alleged violations of the Maryland Collection Agency Licensing Act related to whether the fintech company engaged in unlicensed collection activities, thus subjecting it to the imposition of fines, restitutions, and other non-monetary remedial action.
The defendants filed a notice of removal to federal court last year while the enforcement action was still pending before the OAH; OCFR moved to remand the case back to the agency.
In granting the OCFR’s motion to remand, the court concluded that the OCFR persuasively argued that the defendants have not properly removed this case from the OAH for several reasons, including that the OAH does not function as a state court. “Pursuant to 28 U.S.C. § 1441, a defendant may remove to federal court ‘any civil action brought in a State court of which the district courts of the United States have original jurisdiction.’” However, the court determined that, while defendants correctly observed that the OAH possesses certain “court-like” attributes, its limitations clearly showed that it does not function as a state court.
In reaching this conclusion, the court considered several undisputed facts, including that the OCFR is a unit of the Maryland Department of Labor “responsible for, among other things, issuing licenses to entities wishing to issue loans to consumers in Maryland and investigating violations of Maryland’s consumer loan laws.” The court also said that, while OCFR has authority under Maryland law to investigate potential violations of law or regulation and has the ability to issue cease and desist orders, revoke an individual’s license, or issue fines, it cannot enforce its own subpoenas or orders — and that its decisions are not final and may be appealed to a state circuit court.
The defendants had argued that the case involved a federal question as a result of the complete preemption of state usury laws by Section 27 of the FDI Act. The court said licensure, not state usury law claims, was the issue at hand.
During a status conference held last month to discuss OCFR’s motion to remand, defendants requested an opportunity to file a motion certifying the case for appeal. The court will hold in abeyance its remand order pending resolution of that motion. Parties’ briefings are due by the end of May.
If you have any questions regarding the ruling or its ramifications, please contact a Buckley attorney with whom you have worked in the past.
District Court approves final class action privacy settlement
On April 29, the U.S. District Court for the Western District of New York granted final approval of a class action settlement resolving privacy and data security allegations against a health insurance company and several related health insurance entities (collectively, “defendants”). According to the plaintiffs’ memorandum of support, the plaintiff filed suit in 2015, alleging that the defendants compromised the personal identifying information, Social Security numbers, and medical and financial data of approximately 9.3 million policy holders from a 2013 data breach. After the security incident was announced, 14 lawsuits were filed, which were consolidated with this case. Under the terms of the final settlement, the defendants are required to implement information security and compliance measures, and comprehensively address security risks. The settlement also includes $3.6 million in attorneys’ fees and $700,000 in litigation costs. Class representatives will be awarded service awards that range between $1,000-$7,500 each, which will total approximately $95,500.
5th Circuit: CFPB enforcement may proceed but funding questions remain
On May 2, the U.S. Court of Appeals for the Fifth Circuit issued an en banc decision vacating a district court’s interlocutory decision denying the plaintiff payday lenders’ motion for judgment on the pleadings, and holding that the CFPB can continue its enforcement action against a Mississippi-based payday lending company subject to further order of the district court. As previously covered by InfoBytes, the CFPB filed a complaint against two Mississippi-based payday loan and check cashing companies for allegedly violating the CFPA’s prohibition on unfair, deceptive, or abusive acts or practices. In March 2018, a district court denied the payday lenders’ motion for judgment on the pleadings, rejecting the argument that the structure of the Bureau is unconstitutional and that the agency’s claims violate due process. The 5th Circuit agreed to hear an interlocutory appeal on the constitutionality question. And, prior to the U.S. Supreme Court’s ruling in Seila Law LLC v. CFPB, a divided panel held that the CFPB’s single-director structure is constitutional, finding no constitutional defect with allowing the director of the Bureau to only be fired for cause (covered by InfoBytes here).
The 5th Circuit voted sua sponte to rehear the case en banc and issued an opinion in which the majority vacated the district court’s opinion as contrary to Seila Law. The majority did not, however, direct the district court to enter judgment against the Bureau because, though the Supreme Court had found that the director’s for-cause removal provision was unconstitutional, it was severable from the statute establishing the Bureau (covered by a Buckley Special Alert). The majority determined that the “time has arrived for the district court to proceed” and stated it “place[s] no limitation on the matters that that court may consider, including, without limitation, any other constitutional challenges.”
In dissent, several judges issued an opinion arguing that the case should be dismissed because the agency’s funding structure violates the Constitution’s separation of powers and “is doubly removed from congressional review.” The dissenting judges explained that the Bureau is not subject to the Congressional appropriations process for its budget, unlike most federal agencies, but rather receives its funding directly from the Federal Reserve Board. This budgetary process was intended to ensure full independence from Congress and prevent future congresses from using budget cuts to influence the Bureau’s agenda and priorities. The dissenting judges argued, however, that such a structure violates the Appropriations Clause of the Constitution. “The CFPB’s double insulation from Article I appropriations oversight mocks the Constitution’s separation of powers by enabling an executive agency to live on its own in a kingly fashion,” the dissent stated. “The Framers warned that such an accumulation of powers in a single branch of government would inevitably lead to tyranny. Accordingly, I would reject the CFPB’s novel funding mechanism as contravening the Constitution’s separation of powers. And because the CFPB funds the instant prosecution using unconstitutional self-funding, I would dismiss the lawsuit.”
District Court orders evidence showing customer agreed to arbitration clause in clickwrap agreement
On April 15, the U.S. District Court for the Northern District of California ordered a defendant “teledentristry” practice to file a declaration evidencing a clickwrap agreement that shows that the plaintiff assented to an arbitration agreement in an addendum to a retail installment contract. The plaintiff filed a putative class action claiming the defendant failed to comply with consumer protection licensing requirements and made misleading and false representations to consumers about the scope of its services and the provided dental care. The defendant moved to compel arbitration, stating that when customers create an account on the defendant’s website, they are required to affirmatively check a clickwrap checkbox to provide informed consent and must agree to the defendant’s terms and conditions before finalizing the registration process. The checkbox is not pre-checked, the defendant stated, and customers can view the full terms and conditions when clicking on the hyperlinks for each policy. The defendant maintained that if the plaintiff had clicked on the “Informed Consent” hyperlink, he would have been presented with the arbitration clause. The defendant also claimed that its servers log customers’ electronic assent to the terms and conditions and provided evidence purportedly showing that the plaintiff accepted the terms and conditions. The plaintiff countered that he did not assent to the arbitration agreement.
The arbitration dispute concerns whether the plaintiff assented to the arbitration agreement, whether the agreement is valid and enforceable, and whether the agreement delegates questions of arbitrability to the arbitrator and not the court. According to the court, the defendant failed to show sufficient evidence that the plaintiff agreed to the arbitration agreement and stated it will issue a ruling once the defendant provides additional evidence showing what the plaintiff would have seen when he allegedly assented to the clickwrap agreement, as well as “the circumstances under which [plaintiff] received and allegedly assented to the addendum to the retail installment contract.” The court’s order also granted plaintiff’s motion to further amend the complaint but denied plaintiff’s motion to remand on the grounds that the Class Action Fairness Act of 2005 conferred subject-matter jurisdiction upon the court.
EU Court of Justice rules consumer protection agencies can sue companies for GDPR violations
On April 28, the Court of Justice of the European Union (CJEU) issued an opinion concluding that consumer protection associations are permitted to bring representative actions against infringements of personal data protection “independently of the specific infringement of a data subject’s right to the protection of his or her personal data and in the absence of a mandate to that effect.” According to the judgment, Germany’s Federal Union of Consumer Organisations and Associations brought an action for an injunction against a global social media company’s Ireland division for allegedly infringing on General Data Protection Regulation (GDPR) rules governing the protection of personal data, the combat of unfair commercial practices, and consumer protection when offering users free games provided by third parties. Germany’s Federal Court of Justice called into question whether a consumer protection association has standing to bring proceedings in the civil courts against infringements of the GDPR without obtaining a mandate from users whose data was misused. Germany’s Federal Court of Justice also observed that the GDPR could be inferred to read that “it is principally for the supervisory authorities to verify the application of the provisions of that regulation.”
In its ruling, CJEU concluded that consumer protection associations in the EU can bring representative actions against the social media company for alleged violations of the GDPR, writing that the GDPR “does not preclude national legislation which allows a consumer protection association to bring legal proceedings, in the absence of a mandate conferred on it for that purpose and independently of the infringement of specific rights of the data subjects, against the person allegedly responsible for an infringement of the laws protecting personal data . . . where the data processing concerned is liable to affect the rights that identified or identifiable natural persons derive from that regulation.” Permitting associations to bring representative actions is “consistent with the objective pursued by the GDPR . . . in particular, ensuring a high level of protection of personal data,” CJEU stated.