InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI releases report one year after enactment of CCFPL
On March 24, the California Department of Financial Protection and Innovation (DFPI) released a statutory report regarding measures the Department has taken since expanding its authority under the California Consumer Financial Protection Law (CCFPL). As previously covered by a Buckley Special Alert, the California Legislature passed Assembly Bill 1864, enacting the CCFPL, which, among other things: (i) established UDAAP authority for DFPI; (ii) authorized DFPI to impose penalties of $2,500 for “each act or omission” in violation of the law without a showing that the violation was willful, arguably representing an enhancement of the Department of Business Oversight’s enforcement powers in contrast to Dodd-Frank and existing California law; and (iii) provided that administration of the law will be funded through the fees generated by the new registration process as well as fines, penalties, settlements, or judgments. According to the report, over the past year DFPI has collected nearly $1 million in restitution for consumers, fielded hundreds of additional complaints related to the law, and launched more than 100 investigations. DFPI also created new divisions which expanded oversight and outreach, including the Consumer Financial Protection Division, Office of Financial Technology Innovation, Office of the Ombuds, and a Targeted Outreach Team responsible for working with historically underserved communities that include veterans, senior citizens, students, and immigrants. Other key takeaways from the report include, among other things, that DFPI (i) issued four invitations for comments to solicit stakeholder feedback on various aspects of implementation of the CCFPL and received 76 comment letters; (ii) opened 106 investigations that resulted in 49 public actions under the CCFPL; and (iii) established a research team to help identify emerging financial activities; scout for unlawful, unfair, deceptive, and abusive practices; and make policy recommendations based on consumer impact.
District Court approves $50 million class action settlement over recorded calls
On Auguts 4, the U.S. District Court for the Northern District of Illinois approved a class action settlement, resolving allegations that a call center hired by a national bank and its merchant processing servicer (collectively, “defendants”) violated the California Invasion of Privacy Act (CIPA) by recording calls without receiving customers’ permission. According to the plaintiff’s motion for preliminary approval, a lawsuit was filed in 2016 on behalf of a proposed class of small businesses in California who received calls from call center companies attempting to sell credit and debit card payment processing services, alleging, among other things, that the defendants were in a principal-agent relationship with the companies that violated the CIPA by recording telemarketing calls without any warning that the recording was occurring. As previously covered by InfoBytes, class members, comprising California businesses who did not sign a contract for merchant processing services with the servicer, filed suit against another national bank in 2016 claiming the call center placed sales appointment calls to the businesses without disclosing that the calls were being recorded. The preliminarily approved settlement in that case required the defendants to pay $28 million, of which up to $5,000 was paid for each eligible call that a class member received during the class period, which was estimated to be 192,836 individuals. The recent preliminarily approved settlement will require the defendants to pay $50 million, of which up to $5,000 will be paid for each eligible call that a class member received during the class period.
New York Court of Appeals narrows trust’s RMBS repurchase action
On March 17, the New York Court of Appeals majority narrowed the scope of a 2013 repurchase action brought by the trustee of a residential mortgage-backed securities trust (trustee) against the trust’s sponsor (sponsor). The trustee filed suit after flagging roughly 1,204 nonconforming loans that were allegedly “in breach of the representations and warranties based on, among other things, borrower misrepresentation of income and occupancy status, miscalculations of borrowers’ debt to income ratios, and the charging of high-cost interest on the loans.” The trustee demanded that the sponsor buy back the defective loans as contractually promised. A separate, smaller set of loans was eventually added to the suit after being identified as defective during the discovery phase. The trustee contended that the original repurchase demands were sufficient under the repurchase protocol to satisfy the notice requirement for all allegedly problematic loans in the trust, including loans flagged after litigation had begun.
The sponsor moved for partial summary judgment on the trustee’s claims, arguing that the trustee could not pursue recovery for loans “not specifically identified in the pre-suit letters to the extent that the trustee relied on a notice, rather than an independent discovery, theory.” The sponsor also sought summary judgment with respect to the method of calculation of the repurchase price. The New York Supreme Court denied the sponsor’s motion for partial summary judgment, concluding, among other things, that “‘because the repurchase letters identified some timely claims, the later identified claims relate back to the original filing.’” The appellate division affirmed, stating that the trustee’s December 2011 letter timely informed the sponsor “that a substantial number of identified loans were in breach, and that the pool of loans remained under scrutiny, with the possibility that additional nonconforming loans might be identified.” The appellate division also agreed “that ‘interest could be calculated on liquidated loans, at the applicable mortgage rate, up until the repurchase date.’”
In narrowing the scope of the loans subject to repurchase, the Court of Appeals majority held that it would be “inconsistent” with the contractual language of the repurchase protocol to conclude that loan-specific notice is not required, adding that the trustee could not rely on the relation back doctrine “to avoid the consequences of its failure to comply with the contractual condition precedent with respect to the loans in question prior to commencing this action.” “The parties agreed to a limited remedy for the inclusion of nonconforming loans in the trust and made that remedy available only if the trustee first complied with certain loan-specific notice requirements, providing the sponsor an opportunity to cure or repurchase the identified loans,” the majority wrote. “We cannot rewrite the contract by substituting a different, post-suit notice procedure in place of the one chosen by the parties.” The majority further concluded that under the parties’ agreement, interest recoverable on liquidated loans was limited to interest that accrued prior to liquidation.
The dissenting judge disagreed, stating that “[i]t could not have been the intent of the parties to provide a remedy for a few defective loans but allow for systemwide breaches affecting thousands of loans in the pool—allegedly 80% here—or to permit the sponsor to escape the contractual cure and repurchase obligations simply because [the sponsor] was informed there was a significant problem with its securitization but not given the corresponding number for every loan it allegedly failed to properly vet.”
District Court enters $2.8 million judgment in CFPB student debt relief action
On March 22, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against one of the defendants in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, alleging a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint asserted that the defendants violated the CFPA, the Telemarketing Sales Rule, and various state laws. Amended complaints (see here and here) also added new defendants and included claims for avoidance of fraudulent transfers under the Federal Debt Collection Procedures Act and California’s Uniform Voidable Transactions Act, among other things. A stipulated final judgment and order was entered against the named defendant in July (covered by InfoBytes here), which required the payment of more than $35 million in redress to affected consumers, a $1 civil money penalty to the Bureau, and $5,000 in civil money penalties to each of the three states. The court also previously entered final judgments against several of the defendants, as well as a default judgment and order against two other defendants and a settlement with two non-parties (covered by InfoBytes here, here, here, here, and here).
The final judgment issued against the settling defendant, who neither admitted nor denied the allegations except as specifically stated, permanently bans the defendant from participating in telemarking services or offering or selling debt-relief services, and prohibits it from misrepresenting benefits consumers may receive from a product or service. The defendant is also permanently restrained from violating applicable state laws, and may not disclose, use, or benefit from customer information obtained in connection with the offering or providing of the debt relief services. The settlement orders the defendant to pay more than $2.8 million in consumer redress, as well as a $1 civil money penalty to the Bureau and $5,000 to each of the three states.
Utah becomes fourth state to enact comprehensive privacy legislation
On March 24, the Utah governor enacted the Utah Consumer Privacy Act (UCPA), which establishes a framework for controlling and processing consumers’ personal data in the state. Utah is now the fourth state in the nation to enact comprehensive consumer privacy measures, following California, Colorado, and Virginia (covered by Buckley Special Alerts here and here and InfoBytes here). As previously covered by InfoBytes, under the UCPA, consumers will have rights to, among other things (i) confirm whether their personal data is being processed and access their data; (ii) delete their data; (iii) obtain a copy of their previously provided data; and (iv) opt out of the processing of their data for targeted advertising and the sale of their data. The UCPA also outlines data controller responsibilities, including a requirement that data processors must adhere to a controller’s instructions and enter into a contract with clearly specified instructions for processing personal data. The UCPA also requires controllers to provide privacy notices to consumers disclosing certain information regarding data collection and sharing practices. While the UCPA explicitly prohibits its use as the basis for a private right of action, it does grant the state attorney general excusive authority to enforce the law and seek penalties of up to $7,500 per violation. Additionally, upon discovering a potential violation of the UCPA, the attorney general must give the controller or processor written notice and 30 days to cure the alleged violation before the attorney general can file suit. The UCPA takes effect December 31, 2023.
2nd Circuit remands case to determine whether loans that violate New York’s criminal usury law are void ab initio
On March 15, the U.S. Court of Appeals for the Second Circuit vacated a district court ruling that had declined to treat an option that permits a lender, in its sole discretion, to convert an outstanding balance to shares of stock, at a fixed discount, as interest for purposes of New York’s criminal usury law. The district court had also observed, though it had no need to reach the issue, that even if the loan was usurious, it would not necessarily be void ab initio. After the case was appealed, the 2nd Circuit certified both issues to the New York Court of Appeals, which concluded, contrary to the district court, that such an option should be treated as interest for purposes of the usury statute and that loans made in violation of the usury statute are void ab initio. In light of the New York Court of Appeals holdings on these issues of state law, the 2nd Circuit vacated the district court’s order, and remanded to the district court to determine, in the first instance, whether the value of the option rendered the loan usurious.
Indiana enacts data breach disclosure requirements
On March 18, the Indiana governor signed HB 1351, which provides that in the event of the discovery of a data breach, persons are required to disclose or provide notification “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” The bill provides for specific reasonable delays, including circumstances that are “necessary to restore the integrity of the computer system” or “to discover the scope of the breach,” or in certain instances where the attorney general or a law enforcement agency states that disclosure of the breach will impede a criminal or civil investigation or jeopardize national security. The statute amends an existing provision of Indiana law, IC-24-4.9.3-3, by making clear that notification must be within 45 days. HB 1351 takes effect July 1.
Colorado reaches agreements with credit unions over unused GAP fees violations
Recently, the Colorado attorney general announced three separate settlements (see here, here, and here) with three credit unions resolving allegations that they neglected to refund unearned Guaranteed Automobile Protection (GAP) fees to Colorado consumers. The administrator of the Uniform Consumer Credit Code (UCCC), who is part of the Consumer Protection Division of the Department of Law and who led this investigation, concluded that the credit unions engaged in unfair and deceptive trade practices under the Colorado Consumer Protection Act by failing to provide GAP refunds automatically without waiting for a request from the consumer. Under the terms of the assurances of discontinuance, the credit unions have agreed to comply with all legal obligations and issue refunds to affected borrowers, and: (i) must comply with the UCCC rule’s GAP refund requirements; (ii) are subjected to an audit to verify the accuracy of their self-audits; and (iii) must send a confirmation letter pre-approved by the administrator to each consumer to whom a GAP refund was paid because of the self-audits. The AG noted that the “settlements are part of our office’s efforts to ensure lending institutions follow Colorado law and do not cheat hardworking consumers out of money they are entitled to under their lending and coverage agreements.”
Mississippi passes debt management provisions
Recently, the Mississippi governor signed HB 687, which establishes debt management services and licensing requirements. According to the bill, debt management service is defined as “[t]he receiving of money from a consumer for the purpose of distributing one or more payments to or among one or more creditors of the consumer in full or partial payment of the consumer's obligation,” among other things. A debt management service provider is “a person that provides or offers to provide to a consumer in this state any debt management services, in return for a fee or other consideration.” A debt management service provider does not include “[a]ny institution that is regulated, supervised or licensed by the department or any out-of-state institution that is insured by the Federal Deposit Insurance Corporation or the National Credit Union Administration,” among other things. Additionally, one cannot operate as a debt management service provider with respect to consumers who are residents of this state without a license. The bill is effective July 1.
Indiana passes loan broker provisions
On March 18, the Indiana governor signed HB 1092, which amends the provisions regarding loan brokers that include requirements for licensing, as well as contract for the services of a loan broker. Among other things, the bill establishes that a loan processing company notice filing must be made on a form prescribed by the commissioner and include the: (i) loan processing company's business name, address, and state of incorporation or business registration; (ii) names of the owners, officers, members, or partners who control the loan processing company; and (iii) name of each individual who is employed by the loan processing company, including the unique identifier from the Nationwide Multistate Licensing System (NMLS) of each loan processor. Additionally, when a contract for the services of a loan broker is assigned, the loan broker shall provide a copy of the signed contract and a written disclosure of any agreement entered into by the loan broker to procure loans exclusively from one lender to each party to the contract. The bill is effective July 22.