InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
States reach $1.25 million data breach settlement with cruise line
On June 22, a coalition of state attorneys general from 45 states and the District of Columbia announced a $1.25 million settlement with a Florida-based cruise line, resolving allegations that it compromised the personal information of employees and consumers as a result of a data breach. According to the announcement, in March 2020 the company publicly reported that the breach involved an unauthorized actor gaining access to certain employee email accounts. The breach notifications sent to the AGs' offices stated the company first became aware of suspicious email activity in late May of 2019, approximately 10 months before it reported the breach. An ensuing multistate effort focused on the company’s email security practices and compliance with state breach notification statutes. The announcement explained that “’unstructured’ data breaches, like the [company’s] breach, involve personal information stored via email and other disorganized platforms” and that “[b]usinesses lack visibility into this data, making breach notification more challenging and causing further risks for consumers with the delays.”
Under the terms of the settlement, the company has agreed to provisions designed to strengthening its email security and breach response practices, including, among other things: (i) implementing and maintaining a breach response and notification plan; (ii) requiring email security training for employees; (ii) instituting multi-factor authentication for remote email access; (iii) requiring the use of strong, complex passwords, password rotation, and secure password storage for password policies and procedures; (iv) maintaining enhanced behavior analytics tools to log and monitor potential security events on the company’s network; and (v) undergoing an independent information security assessment, consistent with past data breach settlements.
5th Circuit remands nonjudicial foreclosure suit back to state court
On June 16, the U.S. Court of Appeals for the Fifth Circuit held that a plaintiff borrower’s requested damages in a foreclosure lawsuit did not exceed the federal jurisdictional threshold amount of $75,000, and sent the case back to Texas state court. The plaintiff sued the financial institution in state court after it sought a nonjudicial foreclosure on his house, asserting violations of the Texas Debt Collection Act, breach of the common-law duty of cooperation, fraud, and negligent misrepresentation. The suit was removed to the U.S. District Court for the Northern District of Texas, with the defendant arguing that the suit automatically stayed its nonjudicial foreclosure sale, thus putting the value of the house ($427,662) as the amount in dispute, instead of the plaintiff’s requested relief of $74,500. The plaintiff moved to remand the case to state court on the premise “that the amount in controversy could not exceed the stipulated maximum of $74,500.” The district court denied the plaintiff’s motion, ruling that it “had to measure the amount in controversy ‘by the value of the object of the litigation,’” and not by what the plaintiff’s complaint says the damages were not to exceed.
In reversing and remanding the case to state court, the 5th Circuit concluded that, because the defendant did not show that the automatic stay brought the house’s value into controversy, it “failed to establish by a preponderance of the evidence that the amount in controversy exceeded $75,000.” The appellate court agreed with the plaintiff’s assertion that the house was simply collateral and “thus irrelevant to the amount in controversy,” writing that “[i]t is well-settled that neither the collateral effect of a suit nor the collateral effect of a judgment may count toward the amount in controversy.” The 5th Circuit also determined that the plaintiff expressly stipulated in both his original state-court petition and in a declaration “that he is seeking total damages not to exceed $74,500,” and that this stipulation is legally binding.
California appeals court says lender cannot move bitcoin loan suit to Delaware
On June 14, the California Court of Appeal for the Second Appellate District reversed a trial court’s decision staying a suit against a lender and its loan payment processor (collectively, “defendants”) and enforcing a Delaware forum selection clause. The appeals court held that the plaintiff borrower’s unwaivable right to a jury trial under California law could be violated if the case proceeded in Delaware. According to the opinion, the plaintiff obtained $2.275 million in loans secured by bitcoin from the lender (a Delaware LLC that is licensed and regulated by California’s Department of Financial Protection and Innovation). When the value of bitcoin dropped, the lender sold the plaintiff’s bitcoin under the terms of the governing loan agreements. The plaintiff sued, “seeking, among other things, damages, return of his bitcoin, and cancellation of the loan agreements.” The defendants moved to stay the case because the Delaware forum selection clause required the case to be litigated in Delaware. The plaintiff countered that transferring the case to Delaware would “substantially diminish” his unwaivable rights under California law. The trial court eventually concluded that transferring the case to Delaware would not diminish the plaintiff’s rights and granted the stay pending litigation in Delaware. The trial court also stayed a second suit brought by the plaintiff alleging violations of California’s Unfair Competition Law and False Advertising Law, holding that the second suit involved the same primary rights as the first suit.
In reviewing the consolidated cases, the appeals court determined, among other things, that the Delaware forum selection clause in this case contains a predispute jury waiver. “Because California has a fundamental policy against such a waiver, Defendants carry the burden of proving that Delaware would not diminish this important right,” the appeals court wrote, adding that under Delaware law “contractual provisions that waive the contracting parties’ right to trial by jury have been upheld, and relevant case law provides insufficient assurance that Delaware courts will apply California’s important public policy to this dispute.” Additionally, the appeals court concluded that the defendants’ proposed “offer to stipulate that the Delaware court should apply California law” provides “little assurance that a Delaware court would enforce such a stipulation under the facts present here.”
6th Circuit reverses and remands judgment in debt collection suit
On June 15, the U.S. Court of Appeals for the Sixth Circuit reversed and remanded a district court’s summary judgment ruling in favor of a defendant-appellee law firm, holding that it did not first exhaust all of its efforts to collect from the actual debtor. According to the opinion, the plaintiff’s husband was convicted of embezzlement and willful failure to pay taxes and was sent invoices for his legal fees by another law firm, which he did not pay. The law firm hired the defendant to collect on the debt. The defendant filed a lawsuit against the plaintiff and her husband, arguing under the Ohio Necessaries Statute that the husband was liable to third parties for necessaries, such as food, shelter, and clothing that were provided to his wife. An Ohio state court ruled in favor of the plaintiff, and an interlocutory appeal by the defendant was denied. The plaintiff then filed suit against the defendant, alleging that defendant’s underlying suit violated the FDCPA by attempting to collect under the claim that she was liable for her spouse’s debt. The district court granted the defendant’s summary judgment motion, which the plaintiff appealed.
On the appeal, the 6th Circuit found that the defendant did not follow the express commands of the Ohio Supreme Court's 2018 decision in Embassy Healthcare v. Bell, which held that spouses who are not debtors are liable only if the debtor does not have the assets to pay the debt themselves. The 6th Circuit found that the defendant did not satisfy those prerequisites to collect from the plaintiff when it filed a joint-liability suit against her and her husband. Thus, the collection efforts against the spouse who incurred the debt must be exhausted “before attempting to collect from a spouse.” The 6th Circuit reversed the district court’s judgment and remanded for further proceedings with instructions to enter judgment in favor of the plaintiff.
3rd Circuit affirms decision that creditors can collect after issuing 1099-C notice
On June 14, the U.S. Court of Appeals for the Third Circuit affirmed a district court’s dismissal of a class action alleging a national bank (defendant) violated state laws in New Jersey by attempting to collect on a debt after it had issued a 1099-C notice to the plaintiff to cover the debt that was discharged. According to the opinion, the defendant obtained a judgment against the plaintiff and his wife for an unpaid debt, which the plaintiff did not satisfy. The defendant issued an IRS 1099-C form to the plaintiffs, indicating that $199,427.80 of the $244,248.49 was discharged. After issuing the 1099-C, the defendant notified the plaintiff that such filing had not caused the defendant to release the judgment and that the plaintiff needed to either pay the judgment or reach a settlement. The plaintiff sued, alleging the defendant violated the New Jersey Consumer Fraud Act and other state laws based on defendant’s issuance of a 1099-C IRS Form for cancellation of debt. The district court granted a motion to dismiss filed by the defendant, which the plaintiff appealed.
On appeal, the plaintiff argued the creditors should not send 1099-C notices unless the debt has actually been canceled, and that sending such a notice while still intending to collect on the debt constitutes an “unlawful practice.” The 3rd Circuit disagreed, holding that the text of the governing IRS regulation, 26 C.F.R. § 1.650P-1(a)(1), indicates that “the filing of a Form 1099-C is a reporting requirement that does not depend on whether the debt has been ‘actually discharged,’ or the debtor has actually been released from his obligations on the underlying debt.” The appellate court further noted that “[t]he satisfaction of this reporting requirement, additionally, does not operate to forgive or extinguish a debtor’s obligations to repay the debt at issue.”
NYDFS proposes check-cashing fee regulations
On June 15, NYDFS issued a proposed check cashing regulation following an emergency regulation announced in February that halted annual increases on check-cashing fees and locked the current maximum fee set last February at 2.27 percent (covered by InfoBytes here). The proposed regulation establishes a new fee methodology which evaluates the needs of licensees and consumers who use check cashing services. Two tiers of fees for licensed check cashers are recommended: (i) the maximum fee that a check casher may charge for a public assistance check issued by a federal or state government agency (including checks for Social Security, unemployment, retirement, veteran’s benefits, emergency relief, housing assistance, or tax refunds) is set at 1.5 percent; and (ii) the maximum fee a check casher is permitted to charge for all other checks, drafts, or money orders is $1 or 2.2 percent, whichever is greater. NYDFS added that starting January 31, 2027 (and annually every five years thereafter), licensed check cashers may request an increase in the maximum fees established. Comments on the proposed regulation will be accepted for 60 days.
District Court issues judgment against student debt relief operation
On June 10, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief operation. As previously covered by InfoBytes, in 2019, the Bureau, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015, the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by, among other things, misrepresenting: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments.
Under the terms of the final judgment, in addition to various forms of injunctive relief, the individual defendant must pay a $1 civil money penalty to the Bureau and $5,000 each to Minnesota, North Carolina, and California. The individual defendant is also “liable, jointly and severally, in the amount of $95,057,757, for the purpose of providing redress to Affected Consumers,” although his obligation to pay this amount is “suspended based on [his] inability to pay.”
CA approves commercial financing disclosure regs
On June 9, the California Office of Administrative Law (OAL) approved the Department of Financial Protection and Innovation’s (DFPI) proposed commercial financial disclosure regulations. The regulations implement commercial financing disclosure requirements under SB 1235 (Chapter 1011, Statutes of 2018). (See also DFPI press release here.) As previously covered by InfoBytes, in 2018, California enacted SB 1235, which requires non-bank lenders and other finance companies to provide written, consumer-style disclosures for certain commercial transactions, including small business loans and merchant cash advances.
Notably, SB 1235 does not apply to (i) depository institutions; (ii) lenders regulated under the federal Farm Credit Act; (iii) commercial financing transactions secured by real property; (iv) a commercial financing transaction in which the recipient is a vehicle dealer, vehicle rental company, or affiliated company, and meets other specified requirements; and (v) a lender who makes no more than one applicable transaction in California in a 12-month period or a lender who makes five or fewer applicable transactions that are incidental to the lender’s business in a 12-month period. The act also does not cover true leases (but will apply to bargain-purchase leases), commercial loans under $5,000 (which are considered consumer loans in California regardless of any business-purpose and subject to separate disclosure requirements), and commercial financing offers greater than $500,000.
California released four rounds of draft proposed regulations between 2019 and 2021 to solicit public comments on various iterations of the proposed text (covered by InfoBytes here). In conjunction with the approved regulations, DFPI released a final statement of reasons that outlines specific revisions and discusses the agency’s responses to public comments.
Among other things, the regulations:
- Clarify that a nondepository institution providing technology or support services to a depository institution’s commercial financing program is not required to provide disclosures, provided “the nondepository institution has no interest, or arrangement or agreement to purchase any interest in the commercial financing extended by the depository institution in connection with such program, and the commercial financing program is not branded with a trademark owned by the nondepository institution.”
- Provide detailed instructions for the content and layout of disclosures, including specific rows and columns that must be used for a disclosure table and the terms that must appear in each section of the table, that are to be delivered at the time a specific type of commercial financing offer equal to or less than $500,000 is extended.
- Cover the following commercial loan transactions: closed-end transactions, commercial open-end credit plans, factoring transactions, sales-based financing, lease financing, asset-based lending transactions. Disclosure formatting and content requirements are also provided for all other commercial financing transactions that do not fit within the other categories.
- Require disclosures to provide, among other things, the amount financed; itemization of the amount financed; annual percentage rate (the regulations provide category-specific calculation instructions); finance charges (estimated and total); payment methods, including the frequency and terms for both variable and fixed rate financing; details related to prepayment policies; and estimated loan repayment terms.
The regulations take effect December 9.
Illinois amends Collection Agency Act provisions
On May 27, the Illinois governor signed HB 5220, which makes various amendments to provisions related to the state’s Collection Agency Act. Among other things, the amendments strike language repealing specified provisions and add, amend, and strike certain definitions, including amending “financial institution” to include “consumer installment lenders, payday lenders, sales finance agencies, and any other industry or business that offers services or products that are regulated under any Act administered by the [Director of the Division of Financial Institutions].” The amendments further provide that an adjudicated finding by the FTC or other federal or state agency that shows a licensee violated the FDCPA or its rules is grounds for disciplinary action. Also, at the discretion of the Secretary (after having first received the recommendation of the Collection Agency Licensing and Disciplinary Board), an “accused person’s license may be suspended or revoked, if the evidence constitutes sufficient grounds for such action.” Moreover, the amendments restore language providing that the Department of Financial and Professional Regulation may obtain written recommendations from the Collection Agency Licensing and Disciplinary Board “regarding standards of professional conduct, formal disciplinary actions, and the formulation of rules affecting these matters.” The Act takes effect January 1, 2023.
Massachusetts amends mortgage lender/broker licensing provisions
Recently, the Massachusetts Office of Consumer Affairs and Business Regulation, Division of Banks announced final amendments effective May 27 to certain provisions of Regulation 209 CMR 42.00, which establishes procedures and requirements for the licensing and supervision of mortgage lenders under M.G.L. c. 255E. (See also redlined version of the final amendments here.) Specifically, the amendments:
- Add and amend certain definitions. The amendments add new terms such as “Bona Fide Nonprofit Affordable Homeownership Organization” and “Instrumentality Created by the United States or Any State,” and amend “Mortgage Broker” to also include a “person who collects and transmits information regarding a prospective mortgage loan borrower to a third party” that conducts any one or more of the following activities: (i) collects a prospective borrower’s Social Security number; (ii) views a prospective borrower’s credit report; (iii) obtains a prospective borrower’s authorization to access or view the borrower’s credit report or credit score; (iv) accepts an application; or (v) issues a prequalification letter.
- Add licensing exemptions. The amendments provide a list of persons that are not required to be licensed in the state as a mortgage broker or mortgage lender. These include: (i) lenders making less than five mortgage loans and persons acting as mortgage brokers fewer than five times within a 12 consecutive-month period; (ii) banks, national banking associations, federally chartered credit unions, federal savings banks, or any subsidiary or affiliate of the above; (iii) banks, trust companies, savings banks, and credit unions “organized under the laws of any other state; provided, however, that such provisions shall apply to any subsidiary or affiliate, as described in 209 CMR 42.0”; (iv) nonprofit, public, or independent post-secondary institutions; (v) charitable organizations; (vi) certain real estate brokers or salesmen; and (vii) persons whose activities are “exclusively limited to collecting and transmitting” certain quantities of specified information regarding a prospective borrower to a third party.
The amendments also specifically provide that “a person who collects and transmits any information regarding a prospective mortgage loan borrower to a third party and who receives compensation or gain, or expects to receive compensation or gain, that is contingent upon whether the prospective mortgage loan borrower in fact obtains a mortgage loan from the third party or any subsequent transferee of such information, is required to be licensed as a mortgage broker.”