Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court says bank’s arbitration clauses apply to PPP loans


    On November 23, the U.S. District Court for the District of New Jersey granted a national bank’s motion to compel arbitration in an action concerning the bank’s alleged mishandling of Paycheck Protection Plan (PPP) loan applications. The plaintiff filed a lawsuit claiming the bank’s PPP loan disbursement process allegedly favored wealthy clients over smaller, less wealthy clients to maximize the bank’s origination fees. The plaintiff alleged that because the bank did not process applications on a “first-come, first-served” basis, the plaintiff did not receive its PPP loan in a timely manner. The bank moved to compel arbitration, “arguing that questions of arbitrability are for the arbitrator to decide in the first instance.” The plaintiff argued that the arbitration clauses in the bank’s agreements applied only to disputes regarding bank deposit accounts, and not to other financial products such as PPP loans. The court stayed the case and granted the bank’s motion to compel arbitration, noting that the bank’s deposit account agreement and online services agreement both include arbitration clauses. These clauses, the court stated, are “clear evidence” that the bank intended an arbitrator to decide questions related to scope. “Accordingly, Plaintiff must bring its claim before the arbitrator in the first instance, even if it contests the scope of arbitrability,” the court wrote.

    Courts Covid-19 SBA Arbitration CARES Act State Issues Small Business Lending

    Share page with AddThis
  • District Court dismisses PPP putative class action against nonbank


    On November 24, the U.S. District Court for the Central District of California dismissed, with prejudice, a putative class action alleging that a nonbank lender prioritized high-dollar Paycheck Protection Program (PPP) loan applicants. The plaintiff’s complaint—which alleged claims of fraudulent concealment, fraudulent deceit, unfair business practices, and false advertising—claimed, among other things, that the lender (i) was not licensed to make loans in California when she applied; (ii) did not have adequate funding to make the loans; and (iii) advertised it would process loan requests on a first-come, first-served basis, but actually prioritized favored customers and higher-value loans that yielded higher lending fees. The court granted the lender’s motion to dismiss. According to the court, the plaintiff’s allegation that the parties were “transacting business in order to enter into a contractual, borrower-lender relationship” was not supported by any facts, and that while the plaintiff claimed she submitted a PPP loan application to the lender, a confirmation e-mail from the lender did not mention a submitted application—only a loan request. “This court cannot, therefore, assume the truth of Plaintiff’s allegation that she submitted a loan application, let alone her conclusory allegation that the parties entered into a borrower-lender relationship or engaged in any other transaction,” the court stated. The court also determined that the plaintiff’s fraudulent deceit claim failed because her allegation, made on information and belief, that the lender prioritized large loans had no factual foundation, and the plaintiff failed to plead the elements of that claim.

    Courts Covid-19 Small Business Lending SBA Class Action CARES Act Nonbank State Issues California

    Share page with AddThis
  • Virginia Consumer Data Protection Act Work Group issues final report

    Privacy, Cyber Risk & Data Security

    Recently, the Virginia Consumer Data Protection Act Work Group (Work Group) released its final report addressing several privacy topics related to enforcement, definitions and rulemaking authority, and consumer rights and education. The Virginia Consumer Data Protection Act (VCDPA), enacted in March and covered by InfoBytes here, created the Work Group to study findings, best practices, and recommendations before the VCDPA’s January 1, 2023 effective date. The report summarizes information that arose during six Work Group meetings held this year, including the following:

    • Establishing an education initiative led by leadership outside of the Office of Attorney General (OAG) to help small to medium-sized businesses comply with the VCDPA.
    • Allowing the OAG to pursue actual damages, should they exist, based on consumer harm.
    • Employing an “ability to cure” option for violations where a potential cure is possible.
    • Authorizing consumers to assert, and requiring companies to honor, a global opt-out setting as a single-step for consumers to opt-out of data collection.
    • Sunsetting the “right to cure” provision following the first few years after the VCDPA’s enactment to prevent companies from exploiting the provision.
    • Amending “‘the right to delete’ provision to be a ‘right to opt out of sale’ in order to promote compliance and restrict further dissemination of consumer personal data.”
    • Studying specific data privacy protections for children.
    • Encouraging the development of third-party software and browser extensions to enable users to universally opt out of data collection instead of opting out on each website.
    • Recruiting nonprofit consumer and privacy organizations to address concerns related to the VCDPA’s definitions of “sale,” “personal data,” and “publicly available information,” and whether general demographic data used when promoting diversity and outreach to underserved populations should be included in the definition of “sensitive personal information.”
    • Creating an education website containing information about consumers’ rights under the VCDPA. Additionally, the website could provide guidance for smaller businesses seeking to comply with the VCDPA, including sample data protection forms.
    • Directing an agency to promulgate regulations because the VCDPA does not currently grant the OAG such authority.

    The Work Group’s recommendations will be presented during the upcoming legislative session.

    Privacy/Cyber Risk & Data Security State Issues Virginia

    Share page with AddThis
  • District Court grants preliminary approval of privacy class action settlement


    On November 19, the U.S. District Court for the Northern District of California granted preliminary approval of a $58 million settlement in a class action against a fintech company (defendant) alleged to have accessed the personal banking data of users without first obtaining consent, in violation of California privacy, anti-phishing, and contract laws. The plaintiffs alleged the defendant obtained data from class members’ financial accounts without authorization. The plaintiffs also claimed the defendant collected class members’ bank login information through a user interface that made it appear as if class members were interfacing directly with their financial institution, when they were actually interfacing with the defendant.

    In granting preliminary approval of the settlement, the court determined it was unclear whether the plaintiffs would have prevailed on the merits at trial, particularly with regard to the “relatively untested” claim that the defendant practices breached California’s anti-phishing law. Several other claims originally brought by the plaintiffs were dismissed in May, including allegations that the defendant breached the Stored Communications Act, the Computer Fraud and Abuse Act, and California’s Unfair Competition Law. In addition to the $58 million settlement fund, the proposed settlement would also provide for injunctive relief.

    Courts California Class Action Privacy/Cyber Risk & Data Security State Issues Settlement

    Share page with AddThis
  • New York reaches $1.2 million settlement with debt collectors

    State Issues

    On November 16, the New York attorney general announced a settlement with an illegal debt collection scheme operation and its operator (collectively, “respondents”) to resolve allegations that the respondents used illegal tactics to collect consumer debt, which included false threats of criminal action, wage garnishment, driver’s license suspension, and lawsuits. According to the AG, the operator started his debt collection career collecting debts with a network of New York-based debt collectors that settled with the CFPB and New York AG in 2019 to resolve allegations that the defendants engaged in improper debt collection tactics in violation of the CFPA, the FDCPA, and various New York laws. (Covered by InfoBytes here.) Using different names, the operator allegedly continued to use deceptive and illegal threats to collect on consumer debts. In addition, the AG claimed the operator was a debt broker, “selling debts to and placing debts for collection with other collectors that engaged in egregious violations of the law.”

    Under the terms of the settlement agreement, the respondents, among other things, must pay $1.2 million to the office of the AG in restitution and penalties and must dissolve all of the associated debt collection companies. The respondents are also permanently banned from engaging in consumer debt collection, consumer debt brokering, consumer lending, debt settlement, credit repair services, and payment processing.

    State Issues New York Debt Collection Consumer Finance Enforcement State Attorney General Settlement

    Share page with AddThis
  • DFPI issues proposed rulemaking under CCFPL

    On November 17, the California Department of Financial Protection and Innovation (DFPI) issued an invitation for comments on proposed rulemaking under the California Consumer Financial Protection Law (CCFPL). The CCFPL provides DFPI with the authority to require companies that provide financial products and services to California consumers to register with the agency. DFPI is also able to “require registrants to generate and provide records to facilitate oversight of registrants and detect risks to California consumers.” The draft rule proposes requiring registration for industries that engage in the following financial products and services: debt settlement, student debt relief, education financing, and wage-based advances. According to DFPI’s notice, with respect to education financing, the proposed rulemaking covers providers of any form of credit where the credit’s purpose is to fund postsecondary education. It also covers “credit regardless of whether the provider labels the credit a loan, retail installment contract, or income share agreement, and regardless of whether the credit recipient’s payment obligation is absolute, contingent, or fixed.” Additionally, DFPI notes that “[w]ith respect to education financing with income-based payments, including contracts sometimes referred to as income share agreements,” DFPI proposes “reporting requirements that in some cases diverge from the reporting requirements for education financing with fixed payments.”

    The proposed rulemaking provides definitions to implement the CCFPL registration regulations and addresses several registration provisions including the following:

    • Provides that a person must not engage in the business of offering or providing the designated products and services without first registering with the commissioner unless exempt. The DFPI’s notice stipulates that registering with the commissioner “does not constitute a determination that other laws, including other licensing laws under the commissioner’s jurisdiction, do not apply” and the proposed rulemaking further provides that “granting registration to an applicant does not constitute a determination that the applicant’s acts, practices, or business model complies with any law or regulation.”
    • Outlines registration requirements and designates NMLS to handle all applications, registrant filings, and fee payments on behalf of the commissioner. The proposed rulemaking lays out information that must be submitted and maintained as part of the registration application, as well as notices required by state law, and steps registrants must take when making changes to an application filing. An applicant’s failure to provide all or any part of the requested information may prevent approval, DFPI states.
    • Outlines requirements for registrants seeking to conduct business at a new branch office or at a new location for an existing branch. Requests must be filed with NMLS within 30 calendar days of the date a registrant engages in business at the new branch office or new location.
    • Addresses procedures related to annual assessments and pro rata payment requirements, as well as annual reporting requirements for registrants based on the products and services they provide.
    • Outlines procedures and requirements for rescinding a summary revocation order when a former registrant submits a written request for reinstatement to the commissioner.
    • Discusses procedures related to the effectiveness, surrender, and revocation of a registration. DFPI provides that a “registration issued under this subchapter is effective until it is revoked by the commissioner, is surrendered by the registrant, or becomes inoperative under subdivision (b) of Financial Code section 90009.5.”

    DFPI’s notice also seeks comments on proposals to streamline the registration process and improve transparency and clarification on matters related to, among other things: (i) the types of information that may be subject to public disclosure; (ii) annual reporting requirements not included in the proposed rulemaking; and (iii) certain registration requirements that may be applicable to DFPI licensees and licensees and registrants of other state agencies. In addition, DFPI seeks stakeholder feedback on the economic impact of the draft rules on businesses and consumers in California.

    Comments on the proposed rulemaking are due December 20.

    Licensing State Issues State Regulators DFPI CCFPL Consumer Finance Debt Settlement Student Lending Debt Relief Earned Wage Access NMLS

    Share page with AddThis
  • NYDFS issues final guidance for insurers on climate change financial risks

    State Issues

    On November 15, NYDFS issued final guidance to New York regulated-domestic insurers on managing climate change-related financial risks. The final guidance reflects the agency’s consideration of stakeholder comments from proposed guidance issued in March, and was informed by NYDFS’s collaboration with the insurance industry and international regulators. Building on a 2020 insurance circular letter addressing climate change and financial risks, the final guidance outlines expectations that insurers begin “integrating the consideration of the financial risks from climate change into their governance frameworks, business strategies, risk management processes and scenario analysis, and developing their approach to climate-related financial disclosure.” Specifically, an insurer should (i) incorporate into its governance structure, at either “the group or insurer entity level,” climate-risk considerations; (ii) consider current and forward-looking climate-related implications on its operations through “time horizons” appropriately tailored to the insurer’s activities and decisions; (iii) incorporate in its current financial risk management framework analyses of the effect of climate risks on existing risk factors; (iv) employ scenario analysis to inform business strategy decisions, risk assessments, and identification; and (v) disclose its climate risks and engage with NYDFS’s Task Force on Climate-related Financial Disclosures when developing climate disclosure approaches. NYDFS will monitor insurers’ progress in implementing these expectations with respect to organizational structures, which insurers must have in place by August 15, 2022. The NYDFS noted it will provide further guidance on timing for implementing “the more complex expectations outlined in the guidance.”

    State Issues State Regulators NYDFS Insurance Climate-Related Financial Risks Risk Management Bank Regulatory

    Share page with AddThis
  • 4th Circuit: Tribal lenders must face usury claims


    On November 16, the U.S. Court of Appeals for the Fourth Circuit upheld a district court’s ruling denying defendants’ bid to dismiss or compel arbitration of a class action concerning alleged usury law violations. The plaintiffs—Virginia consumers who defaulted on short-term loans received from online lenders affiliated with a federally-recognized tribe—filed a putative class action against tribal officials as well as two non-members affiliated with the tribal lenders, alleging the lenders violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent. The defendants moved to compel arbitration under a clause in the loan agreements and moved to dismiss on various grounds, including that they were exempt from Virginia usury laws. The district court denied the motions to compel arbitration and to dismiss, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.” However, the district court dismissed the RICO claim against the tribal officials, ruling that RICO only authorizes private plaintiffs to sue for money damages and not injunctive or declaratory relief.

    On appeal, the 4th Circuit concluded that the arbitration clauses in the loan agreements impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent. As such, the appellate court stated that the entire arbitration provision is unenforceable. “The [t]ribal [l]enders drafted an invalid contract that strips borrowers of their substantive federal statutory rights,” the appellate court wrote. “[W]e cannot save that contract by revising it on appeal.” The 4th Circuit also declined to extend tribal sovereign immunity to the tribal officials, determining that while “the tribe itself retains sovereign immunity, it cannot shroud its officials with immunity in federal court when those officials violate applicable state law.” The appellate court further noted that the “Supreme Court has explicitly blessed suits against tribal officials to enjoin violations of federal and state law.” The 4th Circuit ultimately affirmed the district court’s judgment, noting that the loan agreement provisions were unenforceable because “tribal law’s authorization of triple-digit interest rates on low-dollar, short-term loans violates Virginia’s compelling public policy against unregulated usurious lending.”

    The appellate court also agreed with the district court that RICO does not permit private plaintiffs to seek an injunction. “Congress’s use of significantly different language” to define the scope of governmental and private claims under RICO “compels us to conclude” that “private plaintiffs may sue only for treble damages and costs,” the appellate court stated. While plaintiffs “urge us to consider by analogy the antitrust statutes,” provisions outlined in the Clayton Act (which explicitly authorize injunction-seeking private suits) have “no analogue in the RICO statute,” the appellate court wrote, adding that “nowhere in the RICO statute has Congress explicitly authorized private actions for injunctive relief.”

    Courts Fourth Circuit Appellate Tribal Lending Tribal Immunity RICO State Issues Interest Usury Online Lending Class Action Consumer Finance

    Share page with AddThis
  • Bank to pay $3.5 million to settle debt collection call suit

    State Issues

    On November 15, a statewide team of California district attorneys announced a $3.5 million settlement to resolve allegations concerning a Utah-based bank’s debt collection activities. The California Debt Collection Task Force handled the investigation and charged the bank and its agents with allegedly placing harassing and unreasonably excessive collection calls, sometimes even after consumers informed the bank they no longer wished to receive the calls. While the bank did not admit to wrongdoing, it agreed to pay $3.5 million, including $2 million in civil penalties and $975,000 in investigation costs. The bank will also pay $525,000 to a charitable trust fund to go towards additional consumer protection efforts. Additionally, the judgment requires the bank to “implement and maintain policies and procedures to prevent unreasonable and harassing debt collection calls to California consumers, including limiting the total number of calls to each debtor and honoring consumer requests for calls to stop.”

    State Issues Settlement Debt Collection Consumer Protection Consumer Finance

    Share page with AddThis
  • DFPI proposes additional changes to definitions under Debt Collection Licensing Act

    On November 15, the California Department of Financial Protection and Innovation (DFPI) issued a second draft of proposed regulations under the Debt Collection Licensing Act (the Act). As previously covered by InfoBytes, California enacted the Act in 2020 to require a person engaging in the business of debt collecting in the state, as defined by the Act, to be licensed. The Act also provides for the regulation and oversight of debt collectors by DFPI. In April 2021, DFPI issued a notice of proposed rulemaking (NPRM) and proposed regulations to adopt new requirements for debt collectors seeking to obtain a license to operate in the state, and issued a notice of modifications to the NPRM in June to incorporate changes to its debt collection license requirements and application. (Covered by InfoBytes here and here.) Among other things, the proposed modifications:

    • Amend the definition of “branch office” to include any location other than an applicant’s or licensee’s principal place of business “if activity related to debt collection occurs at the location and the location is held out to the public as a business location or money is received at the location or held at the location.” The definition of “holding a location out to the public” includes receiving postal correspondence, meeting with the public, including the location on correspondence, letterhead, or business cards, and including signage at the location, or making any other representation that the location is a business location.  
    • Amend the definition of “debt collector” to align with the Act, which defines “debt collector” as “any person who, in the ordinary course of business, regularly, on the person’s own behalf or on behalf of others, engages in debt collection. The term includes any person who composes and sells, or offers to compose and sell, forms, letters and other collection media used or intended to be used for debt collection. The term ‘debt collector’ includes ‘debt buyer’ as defined in Section 1788.50 of the Civil Code.”

    Comments on the second draft of modifications must be received by December 2.

    Licensing State Issues State Regulators DFPI Debt Collection California

    Share page with AddThis