InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court allows usury claims to proceed, calling tribal immunity “irrelevant”
On July 13, the U.S. District Court for the Northern District of California denied defendants’ motion for summary judgment in a consolidated class action concerning whether a now-defunct online lender can use tribal immunity to circumvent state interest rate caps. The plaintiffs took out short-term loans carrying allegedly usurious interest rates from entities run through several federally recognized tribes. While the defendants attempted to rely on tribal immunity as a defense, the court determined that California law applies to the plaintiffs and class members who took out loans in the state. According to the court, “California, with its strong history of prohibiting usury, has the materially greater interest in enforcing its usury laws and protecting its consumers from usurious conduct than either of the relevant [t]ribal [e]ntities whose connection to the loans—while not insignificant—was temporal and whose aims were to avoid state usury laws.” Calling tribal immunity “irrelevant,” the court added that the “claims here hinge on the personal conduct of the defendants. While that conduct is based in significant part on the services defendants personally engaged in or approved to be provided to the [t]ribes, the claims do not impede on the sovereignty of the [t]ribes where the [t]ribes are not defendants in this case and no [t]ribal [e]ntities remain.”
District Court approves $35 million settlement in student debt-relief action
On July 14, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against the named defendant in a 2019 action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, which had alleged a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint asserted that the defendants violated the CFPA, the Telemarketing Sales Rule, and various state laws. A second amended complaint also included claims for avoidance of fraudulent transfers under the FDCPA and California’s Uniform Voidable Transactions Act.
In 2019, the named defendant filed a voluntary petition for Chapter 11 relief, which was later converted to a Chapter 7 case. As the defendant is a Chapter 7 debtor and no longer conducting business, the Bureau did not seek its standard compliance and reporting requirements. Instead, the finalized settlement prohibits the defendant from resuming operations, disclosing or using customer information obtained during the course of offering or providing debt relief services, or attempting “to collect, sell, assign, or otherwise transfer any right to collect payment” from any consumers who purchased or agreed to purchase debt relief services. The defendant is also required to pay more than $35 million in redress to affected consumers, a $1 civil money penalty to the Bureau, and $5,000 in civil money penalties to each of the three states.
The court previously entered final judgments against several of the defendants, as well as a default judgment and order against two other defendants (covered by InfoBytes here, here, here, and here).
Connecticut adds additional protections for student loans
On July 13, the Connecticut governor signed SB 716 to provide additional protections for student loan borrowers and impose new requirements on student loan servicers. Among other things, the act requires servicers to provide certain information to borrowers and cosigners regarding their rights and responsibilities, including cosigner release eligibility and the cosigner release application process. The law also prohibits a student loan servicer from engaging in an abusive act or practice when servicing a student loan and expands the definition of “servicing” in state student loan servicer law. The law provides a list of exempt persons, which includes banks and credit unions and their wholly-owned subsidiaries. The act states it took effect July 1.
New York expands definition of telemarketing to include text messages
On July 13, the New York governor signed S.3941, which expands the state’s definition of telemarketing to include marketing by text message. A press release issued by the governor noted that expanding the definition closes a loophole in state law that previously limited the definition to phone calls, including unwanted robocalls. “Electronic text messages to [] mobile devices have become the newest unwelcomed invasive marketing technique. Consumers should not be burdened with excessive and predatory telemarketing in any form, including text messages,” the press release stated. The act takes effect 30 days after becoming law.
District Court says retailer not an intended third-party beneficiary of a credit card arbitration provision
On July 8, the U.S. District Court for the Central District of California denied a retailer’s motion to compel arbitration in a consumer data sharing putative class action, ruling that the retailer was not an intended third-party beneficiary of an arbitration provision in a credit card agreement. The proposed class had filed an amended complaint accusing several national retailers of illegally sharing consumer transaction data in violation of the FCRA, the California Consumer Privacy Act, and California’s unfair competition law, among others. The motion at issue, filed by one of the retailers, addresses a named plaintiff’s opposition to compel arbitration. The retailer argued that as an “intended” third-party beneficiary of the contract, it had the right to enforce an arbitration clause contained in a credit card agreement purportedly signed by the plaintiff when she opened a retailer credit card account issued by an online bank.
The court disagreed, finding that the contract’s arbitration provisions specifically referred to the bank, and that the contract did not clearly “express an intention to confer a separate and distinct benefit on [the retailer].” Moreover, the court noted the contract at issue instructed the plaintiff to send any arbitration demand notices to the bank, adding that “[i]t seems unlikely that the parties would expect a demand for arbitration solely against the [retailer]—that does not involve [the bank]—to be sent to [the bank].”
Colorado enacts Colorado Nonbank Mortgage Servicers Act
On July 12, Colorado enacted HB 1282, which creates the Colorado Nonbank Mortgage Servicers Act under Article 21 and provides additional consumer protections through the regulation of mortgage servicers. Under the act, a mortgage servicer does not include, among others: supervised financial organizations; certain regulated mortgage loan originators; a federal agency or department; a collection agency whose debt collection business involves collecting on defaulted mortgage loans; agencies, instrumentalities, or political subdivisions of the state; supervised lenders that do not service residential mortgages; servicers that service fewer than 5,000 residential mortgage loans annually; nonprofit organizations; government agencies; originators or servicers using a subservicer that does not act under their direction; and persons servicing loans held for sale. The act stipulates that on or after January 31, 2022, a person may not act as a mortgage servicer without providing notice to the administrator and paying the required fees within 30 days after it begins servicing in the state, and on or before January 31 annually thereafter. The act also outlines provisions related to renewal requirements, record retention, and compliance with federal laws and regulations. Under specified administrator powers and duties, the administrator is allowed to bring an enforcement action against a mortgage servicer, seek restitution and civil money penalties, and request an injunction. While the act provides a four-year statute of limitations, an additional one-year extension may be granted if it is proven that a mortgage servicer engaged in calculated conduct to delay commencement of the action. The act, however, does not create a private right of action or “affect[] any remedy that a borrower may have pursuant to law other than this Article 21.”
Connecticut incentivizes businesses to adopt cybersecurity standards
On July 6, the Connecticut governor signed HB 6607, which is intended to incentivize businesses to adopt cybersecurity standards. Among other things, the act provides a complete defense to punitive damages for a cause of action founded in tort claiming a business’ failure to “implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.” The defense is available when an action is brought under Connecticut law or in Connecticut state court and where a business’ cybersecurity program conforms to an “industry recognized cybersecurity framework,” including the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity and the Payment Card Industry Data Security Standard. A business can also take advantage of the defense if it is regulated by the state or federal government and is subject to, and conforms its cybersecurity program to, current versions of the following federal laws: (i) HIPAA; (ii) Title V of the Gramm-Leach-Bliley Act; (iii) the Federal Information Security Modernization Act; or (iv) the Health Information Technology for Economic and Clinical Health Act. Additionally, should one of the identified frameworks or provided laws be amended, a business has six months after publication to conform to the revisions. The act requires a business’ cybersecurity program to, among other things, protect both “restricted information” and “personal information,” and be based on a business’ size and complexity, the nature and scope of its conducted activities, the sensitivity of the protected information, and the cost and availability of tools to improve information security measures and reduce vulnerabilities. The defense will not apply if a business’ “failure to implement reasonable cybersecurity controls was the result of gross negligence or wilful or wanton conduct.” The act takes effect October 1.
Virginia expands military service member housing protections
On July 1, the Virginia governor signed SB 1410, which, among other things, amends the state’s anti-discrimination statutes to prohibit discrimination in public accommodations, employment, and housing based on military status. The bill amends the Virginia Fair Housing Law to prohibit discrimination in the sale or rental of dwellings by any person or entity, and prohibit discrimination by “any person or other entity, including any lending institution, whose business includes engaging in residential real estate-related transactions.” The bill also provides that “the term ‘residential real estate-related transaction’ means any of the following: [t]he making or purchasing of loans or providing other financial assistance (i) for purchasing, constructing, improving, repairing, or maintaining a dwelling or (ii) secured by residential real estate; or [t]he selling, brokering, insuring, or appraising of residential real property.” The bill is effective immediately.
Colorado limits credit and debit card surcharges
On July 7, the Colorado governor signed SB 91, which, among other things, repeals a prior ban on surcharges for credit or debit card transactions. The bill limits the maximum surcharge amount per transaction to 2 percent of the payment amount or the actual fee. Merchants are required to display a specified notice regarding the surcharge on their premises or, for online purchases, before a customer’s completion of the transaction. The act becomes effective July 1, 2022.
Massachusetts regulator allows work from home for some entities
On July 12, the Division of Banks of the Massachusetts Office of Consumer Affairs and Business Regulations (Division) issued guidance that authorizes its licensees and registrants to continue permitting their personnel to operate remotely from non-licensed locations subject to certain conditions and restrictions. Among other things, the licensee or registrant: (i) cannot hold the unlicensed location out to the public as a place of business; (ii) must ensure that the individual working remotely only engages in activities that can be completed safely and in compliance with all applicable laws, regulations, and Division guidance; (iii) must ensure that the individual working remotely is strictly prohibited from engaging in any in-person customer interactions at the remote location; (vi) must have established security protocols to securely access systems through a virtual privacy network or other secure system; (v) must have policies and procedures to protect data; (vi) must protect sensitive customer information; and (vii) must ensure adequate supervision of remote personnel. The guidance also notes that the work location for mortgage loan originators (MLOs) has been the subject of various inquiries over the years and clarifies that MLOs are not required to live within a certain distance of a branch office and that “the Division will look to determine that the [branch] manager is able to provide adequate supervision for the given number and location of MLOs under his/her supervision.” The guidance replaces any previous guidance issued by the Division regarding telework and will continue, unless modified or withdrawn.