InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB files action against mortgage lender for unlawful practices
On January 15, the CFPB announced a complaint filed in the U.S. District Court for the District of Connecticut against a mortgage lender and four executives (collectively, “defendants”) alleging the defendants engaged in unlawful mortgage lending practices in violation of TILA, FCRA, ECOA, the Mortgage Acts and Practices—Advertising Rule (MAP Rule), and the CFPA. According to the complaint, from as early as 2015 until August 2019 (i) unlicensed sales people would take mortgage applications and offer and negotiate mortgage terms, in violation of TILA and Regulation Z; (ii) company policy regularly required consumers to submit documents for verification before receiving a Loan Estimate, in violation of TILA and Regulation Z; (iii) employees would deny consumers credit without issuing an adverse action notice, as required by the FCRA or ECOA; and (iv) defendants regularly made misrepresentations about, among other things, the availability and cost savings of a FHA streamlined refinance loan, in violation of the MAP Rule. The Bureau is seeking an injunction, as well as, damages, redress, disgorgement, and civil money penalties.
Court dismisses data breach claims citing lack of compromised sensitive information
On January 12, the U.S. District Court for the Central District of California dismissed a data breach lawsuit brought against a hotel chain, ruling the plaintiff lacked standing. The plaintiff claimed class members were victims of a data breach when hotel employees at a franchise in Russia allegedly accessed personal information without authorization, including guests’ names, addresses, phone numbers, email addresses, genders, birth dates and loyalty account numbers. The plaintiff’s suit alleged, among other things, violations of the California Consumer Privacy Act and the state’s Unfair Competition Law. While the hotel disclosed the incident last March and admitted that class members’ personal information was compromised, the court determined that the plaintiff lacked standing to bring claims after the hotel’s investigation found that “no sensitive information, such as social security numbers, credit card information, or passwords, was compromised.” The court determined that the plaintiff failed to plausibly plead that any of the class members’ more sensitive data had fallen into the wrong hands, and that “[w]ithout a breach of this type of sensitive information, Plaintiff has not suffered an injury in fact and cannot meet the constitutional requirements of standing.”
Court says CFPB unconstitutionality argument strays from Supreme Court ruling in Seila
On January 13, the U.S. District Court for the Middle District of Pennsylvania denied a student loan servicer’s motion for judgment on the pleadings, ruling that the servicer’s argument that the CFPB is unconstitutional “strays afar” from the U.S. Supreme Court’s finding in Seila Law LLC v. CFPB. The servicer previously argued that the Supreme Court’s finding in Seila (covered by a Buckley Special Alert)—which held that that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the CFPB—meant that the Bureau “never had constitutional authority to bring this action and that the filing of [the] lawsuit was unauthorized and unlawful.” The servicer also claimed that the statute of limitations governing the CFPB’s claims prior to the decision in Seila had expired, arguing that Director Kathy Kraninger’s July 2020 ratification came too late. However, the court determined, among other things, that “[n]othing in Seila indicates that the Supreme Court intended that its holding should result in a finding that this lawsuit is void ab initio.” The court further noted that the servicer’s assertion that the Bureau “‘never had constitutional authority to bring this action’ is belied by Seila’s implicit finding that the CFPB always had the authority to act, despite the Supreme Court’s finding that the removal protection was unconstitutional.”
California appellate court concludes lender’s arbitration provision unenforceable
On January 11, the Court of Appeals of the State of California affirmed the denial of an auto lender’s motion to compel arbitration, concluding that the arbitration clause was invalid and unenforceable. According to the opinion, in May 2019, consumers filed a class action complaint alleging the lenders charged unconscionable interest rates in violation of California’s Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA). The company moved to compel arbitration, which the consumers opposed, arguing that the agreement was “procedurally and substantively unconscionable,” and that the California Supreme Court decision in McGill v. Citibank, N.A. (covered by a Buckley Special Alert here, holding that a waiver of the plaintiff’s substantive right to seek public injunctive relief is not enforceable) applied. The trial court denied the motion to compel arbitration, concluding that the McGill rule applied and that the injunctive relief provision could not be severed from the rest of the arbitration agreement because severability did not apply to the class waiver provision.
On appeal, the state appellate court agreed with the trial court, concluding that the McGill rule applied. Specifically, the appellate court concluded that the injunctive relief the consumers were seeking “encompasses all consumers and members of the public,” and “an injunction under the CLRA against [the lender]’s unlawful practices will not directly benefit the Customers because they have already been harmed and are already aware of the misconduct.” Moreover, the appellate court determined that there is no precedent holding that “the remedy of public injunctions under CLRA and UCL should be limited to false advertising claims.” The court further concluded that the class waiver was not severable, stating that the lender’s argument that the arbitration agreement could not be determined void until after an appellate court reviews the viability of the class waiver was “illogical.” Accordingly, the appellate court affirmed the denial of the motion to arbitrate.
National bank settles merchant processing fee class action for $40 million
On January 12, a national bank’s merchant services division agreed to pay up to $40 million to settle a class action alleging that the bank overcharged for payment processing services. According to the November 2017 amended complaint filed in the U.S. District Court for the Eastern District of New York, six small businesses alleged that the bank fraudulently induced merchant customers to enter into contracts by failing to properly disclose rates and charges that applied to their accounts. Specifically, the plaintiffs alleged that the bank induced merchants to retain its card payment processing services by promising low card processing fees at the time of enrollment but then charged higher rates and surcharges for the “vast majority of transactions.” Plaintiffs also alleged that the bank used an “upcharge” method, in which customers contract for “fixed” processing fees, but that the vast majority of transactions are ultimately deemed “non-qualified” and charged at higher rates than disclosed. Additionally, the bank allegedly told potential merchant customers that they could “cancel at any time without penalty,” when merchant customers that canceled prior to the expiration of the contract term were charged an “early termination fee [] of several hundred dollars.”
Under the proposed settlement, the bank will pay up to $40 million—and no less than $27 million—to class members and cover attorneys’ fees and expenses, service awards, and settlement administration costs. Additionally, the bank, among other things, has agreed to (i) continue to allow customers to switch, penalty-free to a newer standard pricing plan from the fixed pricing plan; and (ii) modify contract terms to allow customers to leave without termination fees within 45 days of being assessed new or increased fees.
National bank settles DACA discrimination class action
On January 8, the U.S. District Court for the Northern District of California granted final approval to a settlement resolving allegations brought by a national class and a California class against a national bank concerning the denial of credit to recipients who held valid and unexpired Deferred Action for Childhood Arrivals (DACA) status. In a motion for preliminary settlement filed last June, the plaintiffs claimed that the bank allegedly determined DACA recipients to be ineligible for direct auto financing because of their noncitizen status, even though “[t]here is no federal or state law or regulation that prohibits banks from lending to non-citizens generally, or DACA recipients specifically, based on their status as non-citizens.” The bank moved to dismiss, claiming the plaintiffs failed to plead facts sufficient to state claims under the Equal Credit Opportunity Act and the Fair Credit Reporting Act. The parties engaged in discovery, but ultimately agreed to stay the case and engaged a mediator to assist with settlement discussions.
Under the terms of the settlement, the bank is required to provide verified California class members up to $2,500 per claim and national class members up to $300 pending submission of a valid claim. The settlement also provides injunctive relief, a service award to the class representative, attorneys’ fees and costs, and settlement administration costs. Additionally, the bank will amend its direct auto lending practices in order “to extend loans to current and valid DACA recipients on the same terms and conditions as U.S. citizens,” and will provide class counsel an annual status report detailing the status of its programmatic relief for a two year period.
States seek to invalidate OCC true lender rule
On January 5, the New York attorney general, along with the attorneys general from six other states and the District of Columbia filed a complaint against the OCC in the U.S. District Court for the Southern District of New York challenging the OCC’s “true lender” final rule. As previously covered by InfoBytes, in October 2020, the OCC issued a final rule addressing when a national bank or federal savings association is the “true lender” in the context of a partnership between a bank and a third party to provide certainty about key aspects of the legal framework that applies. The final rule amends 12 CFR Part 7 to state that a bank makes a loan when it, as of the date of origination, (i) is named as the lender in the loan agreement, or (ii) funds the loan. The complaint argues, among other things, that the OCC exceeded its statutory authority, and “acted in a manner contrary to centuries of case law [and] the OCC’s own prior interpretation of the law.” The attorneys general reject the OCC’s contention that the final rule is intended to address “‘ambiguity’ in provisions of three federal banking statutes that generally authorize National Banks to make loans,” and instead argue that the rule seeks to preempt state usury law and “infringe on the States’ historical police powers and facilitate predatory lending.” The complaint seeks a declaratory judgment that the OCC violated the Administrative Procedures Act and requests the court set aside the final rule as unlawful.
Court vacates mandatory disclosures and 30-day credit linking restriction in Prepaid Accounts Rule
On December 30, the U.S. District Court for the District of Columbia granted a payment company’s motion for summary judgment against the CFPB, vacating two provisions of the agency’s Prepaid Account Rule: (i) the short-form disclosure requirement “to the extent it provides mandatory disclosure clauses”; and (ii) the 30-day credit linking restriction. As previously covered by InfoBytes, the company filed a lawsuit against the Bureau alleging, among other things, that the Bureau’s Prepaid Account Rule exceeds the agency’s statutory authority “because Congress only authorized the Bureau to adopt model, optional disclosure clauses—not mandatory disclosure clauses like the short-form disclosure requirement.” The Bureau countered that it had authority to enforce the mandates under federal regulations, including the Electronic Fund Transfer Act (EFTA), TILA, and Dodd-Frank, arguing that the “EFTA and [Dodd-Frank] authorize the Bureau to issue—or at least do not foreclose it from issuing—rules mandating the form of a disclosure.” The Bureau also claimed that its general rulemaking power under either TILA or Dodd-Frank provides authority for the 30-day credit-linking restriction.
With respect to the mandatory disclosure clauses of the short-form requirement in 12 CFR section 1005.18(b), the court concluded, among other things, that the Bureau acted outside of its statutory authority. The court stated that “Congress underscored the need for flexibility by requiring the Bureau to ‘take account of variations in the services and charges under different electronic fund transfer systems’ and ‘issue alternative model clauses’ for different account terms where appropriate” and it could not “presume—as the Bureau does—that Congress delegated power to the Bureau to issue mandatory disclosure clauses just because Congress did not specifically prohibit them from doing so.”
In striking the mandatory 30-day credit linking restriction under 12 CFR section 1026.61(c)(1)(iii), the court determined that “the Bureau once again reads too much into its general rulemaking authority.” First, the court determined that neither TILA nor Dodd-Frank vest the Bureau with the authority to promulgate substantive regulations on when consumers can access and use credit linked to prepaid accounts. Second, the court deemed the regulatory provision to be a “substantive regulation banning a consumer’s access to and use of credit” under the disguise of a disclosure, and thus invalid.
CSBS challenges OCC’s pending fintech charter
On December 22, the Conference of State Bank Supervisors (CSBS) filed a complaint in the U.S. District Court for the District of Columbia opposing the OCC’s impending approval of a national bank charter for a financial services provider (company), arguing that the OCC is exceeding its chartering authority. According to the complaint, the company’s charter is close to being formally approved by the OCC after being “solicited, vetted and in November 2020 accepted as complete” by the agency. The complaint asserts the company will continue its lending and payment activities (which are currently state-regulated) without obtaining deposit insurance from the FDIC. The complaint alleges that the company is applying for the OCC’s nonbank charter, which was invalidated by the U.S. District Court for the Southern District of New York in October 2019 (which concluded that the OCC’s Special Purpose National Bank Charter (SPNB) should be “set aside with respect to all fintech applicants seeking a national bank charter that do not accept deposits,” covered by InfoBytes here). CSBS argues that “by accepting and imminently approving” the company’s application, the “OCC has gone far beyond the limited chartering authority granted to it by Congress under the National Bank Act (the “NBA”) and other federal banking laws,” as the company is not engaged in the “business of banking.” CSBS seeks to, among other things, have the court declare the agency’s nonbank charter program unlawful and prohibit the approval of the company’s charter under the NBA without obtaining FDIC insurance.
Court grants preliminary approval of CCPA class action settlement
On December 29, the U.S. District Court for the Northern District of California granted preliminary approval of a proposed settlement in a class action alleging a children’s clothing company and cloud technology service provider (collectively, “defendants”) violated, among other things, the California Consumer Privacy Act (CCPA) after suffering a data breach and potentially exposing customers’ personal information (PII) used to purchase products from the company’s website. After the company issued a notice of the security incident in January 2020, the plaintiffs filed the class action alleging the company failed to (i) “adequately protect its users’ PII”; (ii) “warn users of its inadequate information security practices”; and (iii) “effectively monitor [the company]’s website and ecommerce platform for security vulnerabilities and incidents.”
After mediation, the plaintiffs filed an unopposed motion for preliminary approval of class action settlement, which provides for a $400,000 settlement fund to cover approximately 200,000 class members who made purchases through the company’s website from September 16, 2019 to November 11, 2019. Class members have the option of claiming a cash payment of up to $500 for a Basic Award or of up to $5,000 for a Reimbursement Award, with amounts increasing or decreasing pro rata based on the number of claimants. Additionally, the company agreed to certain business practice changes, including conducting a risk assessment of its data assets and environment and enabling multi-factor authentication for all cloud services accounts. When granting preliminary approval, the court concluded that the agreement does “not improperly grant preferential treatment to any individual or segment of the Settlement Class and fall[s] within the range of possible approval as fair, reasonable, and adequate.”