InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
7th Circuit agrees with reduction of attorney’s fees in FDCPA action
On May 15, the U.S. Court of Appeals for the 7th Circuit held a prevailing consumer’s request for $187,410 in attorney’s fees was unreasonable in a FDCPA action. In 2014, the consumer and a debt collector settled the consumer’s FDCPA related claims for $1,001 plus attorney’s fees of $4,500. Despite the settlement agreement, the debt collector continued to attempt to collect the debt, and the consumer sued a second time alleging violations of the FDCPA and FCRA. The consumer did not respond to multiple settlement offers from the debt collector, including one in March 2015 for $3,051, proceeding to trial on the FDCPA claim, and subsequently rejected a settlement offer from the debt collector of $25,000 and reasonable attorney’s fees. At trial, the jury only awarded the consumer the $1,000 in FDCPA statutory damages, after which he sought to recover $187,410 in attorney’s fees. The district court reduced his request to $10,875, concluding that the consumer’s rejection of “meaningful settlement offers precluded a fee award in such disproportion to his trial recovery.”
On appeal, the appellate court agreed with the district court that the March 2015 settlement offer of $3,051 was reasonable, rejecting the consumer’s argument that the settlement “was not substantial and therefore should have been disregarded by the district court in determining the fee award.” The appellate court also rejected the consumer’s argument that because the settlement offer disclaimed liability for the debt collector, his results at the jury trial were much better than the settlement as it yielded judgment on the merits. The appellate court noted that settlement offers regularly disclaim liability, and by operation, judgment against the debt collector would still have been entered under Rule 68. Therefore, the appellate court concluded the district court did not abuse its discretion when reducing the attorney’s fees to $10,875 based on 29 hours’ worth of work at an hourly rate of $375 prior to the March 2015 settlement offer.
Websites settle FTC data security allegations
On April 24, the FTC announced separate settlements with the operators of an online rewards website and a dress-up games website to resolve allegations concerning poorly implemented data security measures and Children’s Online Privacy Protection Act (COPPA) violations. According to the FTC, the online rewards website operator collected personal information (PII) from users who participated in their online offerings and made promises that their account information was secure. However, the operator allegedly failed to implement data security measures or utilize encryption techniques, which granted hackers access to the network. In addition, the operator allegedly maintained PII in clear unencrypted text. As a result of the breach, hackers published and offered for sale PII for approximately 2.7 million consumers. Under the terms of the decision and order, the operator is, among other things, prohibited from misrepresenting the measures taken to protect consumers’ PII and is required to implement a comprehensive information security program for future collections of PII.
On the same day, the FTC reached a proposed settlement with a dress-up games website and its operators, who allegedly violated COPPA by failing to obtain parental consent before collecting personal information from children under 13 or provide reasonable and appropriate security for the collected data. According to the FTC, data security failures allowed hackers access to the company’s network, which stored information for roughly 245,000 users under age 13. As part of the proposed settlement filed in the U.S. District Court for the Northern District of California, the company and operators, among other things, (i) have agreed to pay $35,000 in civil penalties; (ii) will change their business practices to comply with COPPA; and (iii) are prohibited from selling, sharing, or collecting personal information until a comprehensive data security program is implemented and undergoes independent biennial assessments.
CFPB fines student loan servicer $3.9 million for unfair practices
On May 1, the CFPB announced a $3.9 million settlement with a student loan servicing company. The settlement resolves allegations that the company engaged in unfair practices by failing to make adjustments to loans made under the Federal Family Education Loan Program to account for circumstances such as deferment, forbearance, or entrance into the Income-Based Repayment (IBR) program. According to the consent order, between 2005 and 2015, certain accounts requiring manual adjustments to principal loan balances based on program participation were allegedly placed in “queues” to process the adjustments, which took, in some cases, years to process. The servicer allegedly did not inform affected borrowers that it did not complete the processing of their principal balances associated with the deferment, forbearance, or IBR participation. The queues allegedly resulted in some borrowers paying off incorrect loan amounts and other borrowers experiencing delays in loan consolidation while waiting for the servicer to adjust principal balances. In addition to the $3.9 million civil money penalty, the consent order requires the servicer to make the proper adjustments to the principal balances of the affected accounts or pay restitution to borrowers who paid off loans with inaccurate loan balances. The servicer is also required to comply with certain compliance monitoring, reporting, and recordkeeping requirements.
OFAC reaches settlement with New Jersey corporation for alleged Ukrainian sanctions violations
On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $75,375 settlement with a New Jersey corporation for two alleged violations of the Ukraine Related Sanctions Regulations. The settlement resolves potential civil liability for the company’s alleged issuance of two separate invoices for software licensing and software support services to an entity previously identified on OFAC’s Sectoral Sanctions Identification List. According to OFAC, the designated entity’s attempts to remit payment were rejected by financial institutions after it was determined that the transaction was prohibited. However, the corporation—which allegedly failed to have in place a sanctions compliance program and failed to “recognize that the delayed collection of payment was prohibited”—explored possible options to collect the payment and did not seek guidance or authorization from OFAC.
11th Circuit: Increased risk of identity theft is sufficient to bring FACTA claims
On April 22, the U.S. Court of Appeals for the 11th Circuit affirmed a district court’s ruling that including too many digits of a consumer’s credit card account number on a receipt was sufficient to constitute a concrete injury even if the consumer’s identity was not stolen. Under the Fair and Accurate Credit Transactions Act (FACTA), merchants are prohibited from including more than the final five digits of a consumer’s credit card number on a receipt. According to the opinion, the consumer filed a class action suit against a chocolate company, alleging that one of its stores printed the first six and last four digits of his account number on a receipt, which exposed the class members “to an elevated risk of identity theft.” When the parties sought approval of a proposed settlement, two unnamed class members contested the settlement on the grounds that, among other things, the consumer/class representative lacked standing to sue because he had not suffered a concrete injury as defined in the U.S. Supreme Court’s decision in Spokeo, Inc. v. Robins. The district court, however, approved the settlement.
On appeal, the 11th Circuit held that an increased risk of identity theft is sufficient to bring claims under FACTA, and that the class representative’s “alleged injury is ‘particularized’ because the heightened risk of identity theft affected him ‘in a personal and individual way’—it was his credit card number that appeared on the receipt.” Moreover, the appellate court noted, “In our view, if Congress adopts procedures designed to minimize the risk of harm to a concrete interest, then a violation of that procedure that causes even a marginal increase in the risk of harm to the interest is sufficient to constitute a concrete injury.”
Maryland settles with reverse mortgage servicer for alleged illegal inspection fees
On April 16, the Maryland Attorney General announced a settlement with a reverse mortgage servicer for allegedly charging homeowners illegal inspection fees. According to the Attorney General, from 2010 through 2016, the servicer passed the cost of inspecting properties in default on to homeowners, which Maryland law does not allow. In 2013, the Maryland Commissioner of Financial Regulation put the servicer on notice that it was charging prohibited inspection fees, but the servicer did not cease the activity until January 1, 2017. The servicer has since refunded or reversed nearly $44,000 in property inspection fees charged to consumers. The settlement agreement requires the servicer to (i) refund inspection fees that have not yet been refunded; (ii) provide notice to any sub-servicer that the inspection fees should be refunded or not collected; (iii) pay $5,000 to the state for costs associated with the investigation; and (iv) pay $50,000 in civil money penalties.
District Court approves final $7.5 million TCPA class action settlement with payment processor
On April 16, the U.S. District Court for the Northern District of California granted final approval to a $7.5 million class action settlement resolving allegations that a payment processor and its sales representative violated the TCPA by using an autodialer for telemarketing purposes without first obtaining consumers’ prior express consent. The settlement terms also require the defendants to pay roughly $1.8 million in attorneys’ fees. According to the second amended complaint, the sales representative placed pre-recorded calls to potential clients on behalf of the payment processor through the use of an autodialer, including consumers who had not consented to receiving the calls. The plaintiff further alleged that the payment processor also violated the TCPA by sending facsimile advertisements that did not contain a “Compliant Opt Out Notice” to recipients. The parties reached a preliminary settlement last August following discovery and mediation.
German-headquartered financial institution to pay $1.3 billion for Iran sanctions violations
On April 15, U.S. regulators announced settlements totaling $1.3 billion with several banking units of a German-headquartered financial institution to resolve allegations by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the DOJ, the Federal Reserve Board, the New York Department of Financial Services (NYDFS), and the New York County District Attorney’s Office of apparent violations of multiple sanctions programs, including those related to Burma, Cuba, Iran, Libya, Sudan, and Syria. According to OFAC’s announcement, between January 2007 and December 2011, the institution’s banking units in Germany, Austria, and Italy processed thousands of payments through U.S. financial institutions on behalf of sanctioned entities “in a manner that did not disclose underlying sanctioned persons or countries to U.S. financial institutions which were acting as financial intermediaries.”
According to the settlement agreements (see here, here, and here), OFAC considered various aggravating factors, and noted, among other things, that the institution’s banking units failed to sufficiently enforce policies addressing OFAC sanctions concerns or restrict the processing of transactions in U.S. dollars involving persons or countries subject to sanctions programs administered by OFAC. Additionally, OFAC asserted that the Austrian banking unit claimed on several occasions that OFAC’s sanctions programs “were not legally binding or relevant to [the bank].” OFAC further stated that while the banking units failed to voluntarily self-disclose the alleged violations, they have each agreed to implement and maintain compliance commitments to minimize the risk of the recurrence of the alleged conduct.
DOJ settles with multinational corporation for $1.5 billion over RMBS
On April 12, the DOJ announced that a multinational corporation will pay $1.5 billion in a settlement resolving claims brought under the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) that a financial services subsidiary of the corporation misrepresented the quality of loans it originated in connection with the marketing and sale of residential mortgage-backed securities (RMBS). According to the DOJ, between 2005 and 2007, the majority of the mortgage loans sold by the subsidiary for inclusion in RMBS did not comply with the quality representations made about the loans. Specifically, the loan analysts allegedly approved mortgage loans that did not meet criteria outlined in the company’s underwriting guidelines, as they would receive additional compensation based on the number of loans they approved. The DOJ asserts that there were inadequate resources and authority for the subsidiary’s quality control department, resulting in deficiencies in risk management and fraud controls. Additionally, if an investment bank were to reject a loan due to defects in the loan file, the DOJ alleges the subsidiary would attempt to find a new purchaser, without disclosing the previous rejection or identifying the alleged defects. The corporation does not admit to any liability or wrongdoing, but agreed to pay a $1.5 billion civil money penalty to resolve the matter.
FTC permanently bans payment processor
On April 11, the FTC announced that a payment processing company and its owner agreed to a $1.8 million settlement resolving allegations that the company repeatedly violated a 2009 court order. That order found that the payment processer knowingly or consciously avoided knowing that debit card transactions it processed, on behalf of an allegedly fraudulent enterprise, were not authorized by the consumers. The FTC alleged that the company violated the 2009 order by, among other things, (i) failing to engage in a reasonable investigation of prospective clients before processing payments on their behalf; (ii) failing to monitor clients’ transactions to ensure that clients were not engaged in illegal behavior; and (iii) failing to adhere to administrative requirements of the order, including submitting a written compliance report to the agency. In addition to the monetary penalty, the new settlement permanently bans the company from working as a payment processor and subjects the company to reporting and recordkeeping requirements.