InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit: Plaintiffs may proceed with citizenship status claims
On October 26, the U.S. Court of Appeals for the Ninth Circuit reversed a district court’s dismissal of civil rights claims for lack of standing, holding in an unpublished opinion that the plaintiffs satisfied Article III standing requirements by alleging that a bank discriminated against non-U.S. citizens in barring them from opening accounts online. The plaintiffs, lawful residents with valid Social Security numbers, filed a putative class action complaint claiming the bank allowed U.S. citizens to apply for new checking accounts online, but required the plaintiffs (based solely on their status as non-U.S. citizens) to apply in person at a branch office. The district court dismissed the claims, ruling that the plaintiffs failed to establish standing for their discrimination claims on the basis of citizenship status. The 9th Circuit disagreed, finding that “discrimination itself . . . can cause serious non-economic injuries to those persons who are denied equal treatment solely because of their membership in a disfavored group,” and concluding that the plaintiffs alleged a concrete injury-in-fact sufficient to confer Article III standing. “The fact that [p]laintiffs would have ultimately obtained the same checking account given to U.S. citizens does not vitiate the alleged discriminatory injury: that [the bank] imposes on non-U.S. citizens a requirement to apply in person that it does not impose on others,” the appellate court said. The 9th Circuit added that this injury was directly linked to the bank’s policy and reversed the dismissal but declined to rule on the substance of the claims.
District Court grants MTD in CFPB, NY AG debt collector case
On October 27, the U.S. District Court for the Western District of New York denied a motion to dismiss an action brought by the CFPB and the New York attorney general against the operators of a debt-collection scheme, rejecting the defendants’ argument that they did not have fraudulent intent and their actions were taken for legitimate reasons. As previously covered by InfoBytes in April, the CFPB and the AG filed a complaint against the defendants for allegedly transferring ownership of his $1.6 million home to his wife and daughter for $1 shortly after he received a civil investigative demand and learned that the Bureau and the AG were investigating his debt-collection activities. The complaint further alleged that the transfer of the property was a fraudulent transfer under the FDCPA and made with the intent to defraud (a violation of the New York Debtor and Creditor Law), and that the owner-defendant “removed and concealed assets in an effort to render the Judgment obtained by the Government Plaintiffs uncollectable.” In 2019 the Bureau and the AG settled with the debt collection operation to resolve allegations that the defendants established and operated a network of companies that harassed and/or deceived consumers into paying inflated debts or amounts they may not have owed (covered by InfoBytes here).
The court denied the defendants’ motion to dismiss, concluding that the CFPB and AG raised sufficient allegations that the debtor’s transfers and mortgage on his property were knowingly fraudulent. The court determined that fraudulent intent under the FDCPA may be determined by several factors, sometimes called “badges of fraud,” including whether “‘the transfer or obligation was to an insider,’ ‘the debtor retained possession or control of the property transferred after the transfer,’ ‘before the transfer was made or obligation was incurred, the debtor had been sued or threatened with suit,’ ‘the value of the consideration received by the debtor was reasonably equivalent to the value of the asset transferred or the amount of the obligation incurred,’ and ‘the transfer occurred shortly before or shortly after a substantial debt was incurred.’” The court held it was reasonable to infer that the defendant was aware “that he would likely face civil prosecution” and judgments “would be beyond his ability to pay.” The court noted that the defendant engaged in transferring a personally significant asset—his $1.6 million residence—to two insiders for nominal consideration, which was considered to be “highly unusual.” Additionally, the defendant alleged that he continued to “’reside at and exercise control over’ the property and is now unwilling or unable to pay off the judgment,” which indicated the conveyance was also part of a sham divorce. Further, the court noted that “the complaint plausibly alleges that the mortgage ‘was not granted in good faith’ and was ‘made with the intent to make it appear that the Property was encumbered.’”
District Court approves CCPA class action settlement
On October 27, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement resolving claims against an Illinois-based insurance provider and its subsidiary (collectively, defendants) for allegedly failing to adequately protect plaintiffs’ personal and private information when defendants were the targets of security breach incidents where an unauthorized user’s access to the defendants’ network and computer systems resulted in unauthorized access of personal, private information (PII). According to the memorandum of law in support of the plaintiffs’ motion for preliminary approval, the plaintiffs sued after learning that the defendants were targeted by hackers in December 2020, which affected over 5.8 million customers, and again in March 2021, which affected more than 324,000 customers. This conduct, the plaintiffs contended, violated the California Consumer Privacy Act, the California Consumers Legal Remedies Act, California’s Unfair Competition Law, and various state common laws. While the defendants denied allegations of wrongdoing and liability, and asserted defenses to the individual and class claims, the parties reached a proposed settlement, in which class members (defined as “all natural persons residing in the United States who were sent notice letters notifying them that their PII was compromised in the Data Incidents announced by Defendants on or about March 16, 2021 and on or about May 25, 2021”) will be provided automatic access to 18 months of credit monitoring and financial account protection. Additionally, every class member can make a claim for up to $10,000 in reimbursement for out-of-pocket losses. The preliminarily approved settlement also provides for class counsel fees and expenses not to exceed roughly $2.5 million and class representative service awards of $1,500.
10th Circuit affirms TCPA statutory damages as uninsurable
On November 2, the U.S. Court of Appeals for the 10th Circuit affirmed a district court’s decision that under Colorado law, an insurance company (plaintiff) had no duty to indemnify and defend its insured against TCPA claims seeking statutory damages and injunctive relief. According to the appellate opinion, the states of California, Illinois, North Carolina, and Ohio sued a satellite television company for telemarketing violations of the TCPA (TCPA lawsuit). The TCPA lawsuit sought statutory damages of up to $1,500 per alleged violation and injunctive relief. The satellite company submitted a claim to its insurer for defense and indemnity of the TCPA claims pursuant to existing policies. The plaintiff filed a complaint seeking a declaratory judgment that it need not defend or indemnify the satellite company in the TCPA lawsuit. The district court, relying on ACE American Insurance Co. v. DISH Network (covered by InfoBytes here), determined that, under ACE, the claim for statutory damages in the telemarketing complaint sought a penalty and therefore was “uninsurable as a matter of Colorado public policy,” and that the policies did not cover the complaint’s claim for injunctive relief because, as in ACE, they did not cover the costs of preventing future violations. Additionally, the district court determined that “the allegations did not potentially fall within the Policies’ definitions of ‘Bodily Injury’ or ‘Property Damage.’” The 10th Circuit affirmed the district court’s rulings, concluding that no coverage existed.
Texas adopts numerous mortgage-related provisions
Recently, the Texas Finance Commission promulgated amendments to regulations governing residential mortgage licensees. Specifically, rules applicable to (i) licensed Mortgage Loan Companies under the Residential Mortgage Loan Company Licensing and Registration Act, Tex. Fin. Code Ann. § 156.001 et seq., and (ii) licensed Mortgage Bankers and Mortgage Loan Originators (MLOs) under the Mortgage Banker Registration and Residential Mortgage Loan Originator Act and the Texas Fair Enforcement for Mortgage License Act, Tex. Fin. Code Ann. § 157.001 et seq., included several substantive updates.
The amendments to rules governing Mortgage Loan Company licensees include:
- 7 TAC 80.300, which provides in part that a “primary contact person” instead of the qualifying individual will receive any notice of examination.
- 7 TAC 80.101, .102, .105-.107, which sets forth new sponsorship requirements for MLOs, clarifies renewal procedures, and implements a 10-day notice requirement for any material changes made to a licensee’s Form MU1.
- 7 TAC 80.203, .204, .206, which sets forth new requirements for advertising, records storage, office locations, branch offices, and administrative offices, including requirements for licensees engaging in remote work.
- 7 TAC 80.2, which updates references to definitions.
The amendments to rules governing Mortgage Banker and Mortgage Loan Originator licensees include:
- 7 TAC 81.300, which provides in part that a “primary contact person” instead of the qualifying individual will receive any notice of examination.
- 7 TAC 81.101-.111, which sets forth new sponsorship requirements for MLOs, clarifies renewal procedures, implements a 10-day notice requirement for any material changes made to a licensee’s Form MU4, details new background check procedures for MLOs, and provides new criteria for reviewing an MLO applicant’s criminal history.
- 7 TAC 81.203, .204, .206, which sets forth new requirements for advertising, records storage, office locations, branch offices, and administrative offices, including requirements for licensees engaging in remote work.
- 7 TAC 81.2, which updates references to definitions.
These amendments are effective on November 4, 2021. It is recommended Mortgage Company, Mortgage Banker, and MLO licensees in Texas review the amendments to these new rules.
NYDFS issues proposed amendments to debt collection rules for third-parties
On October 29, NYDFS issued draft proposed amendments to 23 NYCRR 1, which regulates third-party debt collectors and debt buyers. Among on things, the proposed amendments:
- Define “communication” as “the conveying of information regarding a debt directly or indirectly to any person through any medium.”
- Amend the definition of a “debt collector” to include “as any creditor that, in collecting its own debts, uses any name other than its own that would suggest or indicate that someone other than such creditor is collecting or attempting to collect such debts.”
- Require collectors to clearly and conspicuously send written notification within five days after an initial communication with a consumer letting the consumer know specific information about the debt, including (i) the name of the creditor to which the debt was originally owed or alleged to be owed; (ii) account information associated with the debt; (iii) merchant/affinity/facility brand association; (iv) the name of the creditor to which the debt is currently owed; (v) the date of alleged default; (vi) the date the last payment (including any partial payment) was made; (vii) the statute of limitations, if applicable; (viii) an itemized accounting of the debt, including the amount currently due; and (ix) notice that the consumer “has the right to dispute the validity of the debt, in part or in whole, including instructions for how to dispute the validity of the debt.”
- State that disclosures may not be sent exclusively through an electronic communication, and that a formal pleading in a civil action shall not be treated as an initial communication.
- Prohibit collectors from communicating by telephone or other means of oral communication when attempting to collect on debts for which the statute of limitations has expired.
- Require collectors to provide consumer written substantiation of a debt within 30 days of receiving a written request via mail (consumers who consent to receiving electronic communications must still receive substantiation via mail).
- Limit collectors to three contact attempts via telephone in a seven-day period. Only one conversation with a consumer is permitted unless a consumer requests to be contacted.
- Permit collectors to communicate with consumers through electronic channels only if the consumer has voluntarily provided consent directly to the debt collector.
Comments on the proposal are due November 8.
New York expands CRA requirements to non-depository mortgage lenders
On November 1, the New York governor signed S5246A, which expands the New York Community Reinvestment Act (New York CRA) to cover non-depository lenders. Under the act, nonbank mortgage providers’ lending and investment in low- and moderate-income communities will be subject to NYDFS review. The anti-redlining law—which previously only measured banks’ activities in low- to moderate-income communities—is intended to “ensure everyone has fair and equal access to lending options in their pursuit of purchasing a home, especially in communities of color which continue to be impacted by the effects of the pandemic and have historically faced many more hurdles when seeking a mortgage,” Governor Kathy Hochul stated. The act follows a report issued by NYDFS in February, which examined redlining in the Buffalo metropolitan area and concluded that there is a “distinct lack of lending by mortgage lenders, particularly non-depository lenders” to majority-minority populations and to minority homebuyers in general. (Covered by InfoBytes here.) At the time, the report made numerous recommendations, including a recommendation to amend the New York CRA to cover nonbank mortgage lenders and a request that the OCC and the CFPB investigate federally regulated institutions serving the Buffalo area for violations of fair lending laws. The act takes effect in a year.
District Court denies defendant’s motion to dismiss Illinois BIPA class action
On October 28, the U.S. District Court for the Northern District of Illinois denied a Delaware-based technology management service defendant’s motion to dismiss a putative class action that alleged it stored and collected biometric data from employees of companies that utilized the defendant’s timekeeping services. The court also granted the plaintiff’s motion to remand two of her three claims to state court because the plaintiff had not alleged an injury in fact sufficient to establish Article III standing in federal court for those claims.
The plaintiff alleged that the defendant violated the Illinois’ Biometric Information Privacy Act (BIPA) by selling time and attendance solutions to Illinois employers, including biometric-enabled hardware such as fingerprint and facial recognition scanners that collected and stored employee biometrics data. The plaintiff alleged that the defendant violated Section 15(a) of BIPA by failing to publish a retention schedule for the biometric data, violated Section 15(b) of BIPA by obtaining the plaintiff’s biometric data without first providing written disclosures and obtaining written consent, and violated section 15(c) of BIPA, by participating in the dissemination of her biometric data among servers. According to the district court, the plaintiff lacked standing regarding the Section 15(a) claim because the harm resulting from the defendant’s failure to publish a retention policy was not sufficiently particularized and the plaintiff had not otherwise alleged a concrete injury resulting from the violation. The district court concluded that the plaintiff’s Section 15(c) claim also lacked standing because, though she alleged that the defendant profits off its biometric data collection practices by marketing its biometric time clocks that utilize the software as “superior options” and “gains a competitive advantage”, the “complaint doesn't allege an injury in fact stemming from [the defendant’s] profiting off of [the plaintiff’s] biometric data.”
With regard to the Section 15(b) claim, the district court rejected the defendant’s argument that the requirement to inform clients regarding its biometric data collection and receiving written consent did not apply, noting that the defendant is right that it “doesn’t penalize mere possession of biometric information.” However, that does not help the defendant “because the complaint alleges that defendant did more than possess [the plaintiff’s] biometric information: it says that [the defendant] collected and obtained it.” Additionally, the district court rejected the defendant’s argument that it is not liable as a third-party vendor who lacks the power to obtain the required written releases from its clients’ employees. The district court stated that “while it’s probably true that [the defendant] wasn’t in a position to impose a condition of employment on its clients’ employees, the statutory definition of a written waiver doesn’t excuse vendors like [the defendant] from securing their own waivers before obtaining a person’s data.”
DFPI addresses MTA licensure requirements in new letters
Recently, the California Department of Financial Protection and Innovation (DFPI) released two new opinion letters covering aspects of the California Money Transmission Act (MTA) related to bitcoin automated teller machines (ATMs) and kiosks and the Agent of Payee exemption.
- Bitcoin ATM Kiosk. The redacted opinion letter explains that the sale and purchase of bitcoin through ATMs/kiosks described by the inquiring company is not activity that is subject to licensure under the MTA. DFPI states that the customer’s purchase of bitcoin directly from the company “does not involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” In each instance, the transaction would only be between the customer using the ATM/kiosk and the company, the bitcoin would be sent directly to the customer’s virtual currency wallet, no third parties are involved in the transmission, and the company does not hold digital wallets on behalf of customers. DFPI reminds the company that its determination is limited to the presented facts and circumstances and that any change could lead to a different conclusion. Moreover, the letter does not relieve the company from any FinCEN or federal regulatory obligations.
- Agent of Payee Exemption. The redacted opinion letter analyzes a proposed future service to be provided by the inquiring company and determines whether the service meets the agent of payee exemption from the MTA. The company and its global affiliates “provide a global, fully integrated suite of back-end service, including sales compliance management, fraud prevention, risk management, tax and regulatory fee calculation, billing optimization, and remittance services to manufacturers, merchants, and retailers” (collectively, “brands”) that want to sell or license products and services to shoppers. The company proposes a future service, which will allow brands to sell products directly to shoppers and transfer the products to the shoppers. The company will not take title to or purchase the products and will continue to provide its suite of back-end services including payment processing, tax and regulatory fees calculations, and refund processing. The company’s contracts with the brands appoint the company as the agent of the brands for facilitating product sales and receiving payments and funds from shoppers. Agreements will also be entered between the company and the shoppers with terms that state a shopper’s payment to the company is considered payment to the brand, which extinguishes the shopper’s payment liability. The company will accept funds for the sale of products on behalf of the brands, and at the conclusion of the sale, will settle the funds paid by the shoppers and remit sales taxes to the appropriate authorities. The company will be the entity responsible for paying and reporting taxes accrued by the sales to shoppers.
DFPI states that the company will “receive[] money for transmission,” thus triggering the license requirement in the MTA, by receiving funds from the shoppers in the sales transactions. However, the company qualifies for the Agent of Payee exemption because the company will be the recipient of money from the shoppers as an agent of the brands pursuant to a written contract, and payments from the shoppers to the company as the agent will satisfy the shoppers’ payment obligation to the brands. DFPI further notes that refunds facilitated by the company on behalf of the brands will be a reversal of the original transactions with the shoppers, and therefore will not require licensure. Finally, DFPI notes that by contract, the company will be legally responsible for paying local sales taxes on transactions. According to the agreement, because the company will pay taxes on its own behalf, and will not be paying taxes owed by the shoppers, its tax payments will not constitute money transmission. DFPI reminds the company that its determination is limited to the presented facts and circumstances and that any change could lead to a different conclusion.
9th Circuit denies bid to block Arizona’s dealer data privacy law
On October 25, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s order denying a motion for preliminary injunction against enforcement of an Arizona statute designed to strengthen privacy protections for consumers whose data is collected by auto dealers. Under the Dealer Law, database providers are prohibited from limiting access to dealer data by dealer-authorized third parties and are required to create a standardized framework to facilitate access. The plaintiffs—technology companies that license dealer management systems (DMS)—sued the Arizona attorney general and the Arizona Automobile Dealers Association in an attempt to stop the Dealer Law from taking effect. The plaintiffs contended that the Dealer Law is preempted by the Copyright Act because it gives dealers the right to access plaintiff’s systems and create unlicensed copies of its dealer management system, application programming interfaces, and data compilations. The plaintiffs further claimed the Dealer Law is a violation of the U.S. Constitution’s contracts clause.
On appeal, the 9th Circuit agreed that the plaintiffs were not entitled to a preliminary injunction. The appellate court concluded that the Dealer Law was not preempted by the Copyright Act, because, among other things, the plaintiffs could comply with the Dealer Law without having to create a new copy of its software to process third-party requests. Moreover, the 9th Circuit noted that even if the plaintiffs had to create copies of their DMS on their servers to process third-party requests, they failed to established that those copies would infringe their reproduction right, and the copies the plaintiffs took objection to “would be copies of its own software running on its own servers and not shared with anyone else.” The appellate court further held that the Dealer Law was not a violation of the U.S. Constitution’s contracts clause because, among other things, plaintiffs did not show that complying with the Dealer Law prevented them from being able to keep dealer data confidential. “Promoting consumer data privacy and competition plainly qualify as legitimate public purposes,” the appellate court wrote. “[Plaintiffs] point[] out that the Arizona Legislature did not make findings specifying that those were the purposes motivating the enactment of the statute, but it was not required to do so. The purposes are apparent on the face of the law.”