InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court approves $13.8 million class settlement for loan modifications
On March 14, the U.S. District Court for the Western District of North Carolina issued an order certifying a settlement class of individuals who alleged that, while they were subject to Chapter 13 bankruptcy proceedings, a national bank imposed “no-application loan modifications” (NAMs) to their mortgages without consent. The class members claimed that the bank filed payment change notices in their bankruptcy proceedings around the time it sent out the NAM solicitations, which asserted that the mortgage payments had been adjusted to the amount of the proposed NAM payment, even though borrowers had not requested or accepted the changes. As a result, class members’ mortgage loans went into contractual default. According to the class, the bank has since ended the alleged practice. Under the terms of the settlement approved by the court, the bank has agreed to pay approximately $13.8 million into a common fund that will go to class members, account remediation, and attorneys’ fees and costs, as well as to injunctive relief.
FTC report highlights 2018 privacy and data security work
On March 15, the FTC released its annual report highlighting the agency’s privacy and data security work in 2018. Among other items, the report highlights consumer-related enforcement activities in 2018, including:
- an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices (covered by InfoBytes here).
- a settlement with a global online payments system company to resolve allegations that its payment and social networking service failed to adequately disclose to consumers that transfers to external bank accounts were subject to review and that funds could be frozen or removed based on a review of the underlying transaction (covered by InfoBytes here).
- a settlement with a Texas-based company over allegations that it violated the FCRA by failing to take reasonable steps to ensure the accuracy of tenant-screening information furnished to landlords and property managers (covered by InfoBytes here).
The report also highlighted the FTC’s hearings on big data, privacy, and competition conducted through its Hearings on Competition and Consumer Protection in the 21st Century initiative. (Covered by InfoBytes here and here.)
DOJ announces $1.59 million settlement with real estate management company for alleged SCRA violations
On March 15, the DOJ announced a $1.59 million settlement with a real estate management company resolving allegations that the company and its entities violated the Servicemembers Civil Relief Act (SCRA) by obtaining unlawful court judgments and charging unlawful lease termination fees. According to the complaint, from 2006 to 2017, the company obtained at least 152 default judgments against 127 “SCRA-protected servicemembers” by failing to accurately disclose their military status in affidavits filed with the court. Additionally, the DOJ alleged that the company wrongfully withheld security deposits and imposed early lease termination fees on servicemembers who sought termination due to qualifying military orders under the SCRA. Under the terms of the settlement, the company will pay (i) nearly $1.5 million to compensate 127 servicemembers who had allegedly unlawful default judgments entered against them; (ii) nearly $35,000 to compensate 10 servicemembers who were charged early lease termination fees; and (iii) a civil money penalty of $62,000. The settlement also requires the company to develop policies and procedures related to SCRA lease terminations and default judgments, conduct SCRA compliance training for employees involved with lease issues, and request that major credit reporting agencies delete trade lines and negative credit information for the affected servicemembers.
CFTC, SEC settle with foreign trading platform conducting Bitcoin transactions without proper registration
On March 4, the CFTC resolved an action taken against a foreign trading platform and its CEO (defendants) for allegedly offering and selling security-based swaps to U.S. customers without registering as a futures commission merchant or designated contract market with the CFTC. The CFTC alleged that the platform permitted customers to transact in “contracts for difference,” which were transactions to exchange the difference in value of an underlying asset between the time at which the trading position was established and the time at which it was terminated. The transactions were initiated through, and settled in, Bitcoin. The CFTC alleged that these transactions constituted “retail commodity transactions,” which would have required the platform to receive the proper registration.
According to the CFTC, the defendants, among other things, (i) neglected to register as a futures commission merchant with the CFTC; and (ii) failed to comply with required anti-money laundering procedures, including implementing an adequate know-your-customer/customer identification program. The consent order entered by the U.S. District Court for the District of Columbia imposes a civil monetary penalty of $175,000 and requires the disgorgement of $246,000 of gains. The consent order also requires the defendants to certify to the CFTC the liquidation of all U.S. customer accounts and the repayment of approximately $570,000 worth of Bitcoins to U.S. customers.
In a parallel action, the SEC entered into a final judgment the same day to resolve claims that, among other things, the defendants failed to properly register as a security-based swaps dealer. The defendants are permanently restrained and enjoined from future violations of the Securities Act of 1933 and are required to pay disgorgement of approximately $53,393. This action demonstrates the potential application of CFTC and SEC registration requirements to non-U.S. companies engaging in covered transactions with U.S. customers.
Proposed settlement would resolve claims in Madden v. Midland Funding, LLC
On March 1, plaintiffs filed a proposed class action settlement agreement with a debt collection firm in the U.S. District Court for the Southern District of New York, which would potentially end litigation dating back to 2011 concerning alleged violations of state usury limitations. The proposed settlement would resolve claims originally brought by the plaintiffs alleging that the defendants violated the FDCPA and New York state usury law when it attempted to collect charged-off credit card debt, purchased from a national bank, from borrowers with interest rates above the state’s 25 percent cap. As previously covered by InfoBytes, in 2015, the 2nd Circuit reversed the district court’s 2013 decision, and held that a nonbank entity taking assignment of debts originated by a national bank is not entitled to protection under the National Bank Act from state-law usury claims. This ruling contradicted the “Valid-When-Made Doctrine,” which is a longstanding principle of usury law that if a loan is not usurious when made, then it does not become usurious when assigned to another party. Following the U.S. Supreme Court’s decision to decline to hear the case, the district court issued a ruling in 2017 (covered by InfoBytes here) holding that New York’s fundamental public policy against usury overrides a Delaware choice-of-law clause in the plaintiff’s original credit card agreement. The court granted the plaintiff’s motion for class certification, and allowed the FDCPA and related state unfair or deceptive acts or practices claims to proceed. However, the court did not allow the plaintiff’s claims for violations of New York’s usury law to proceed, as it held that New York’s civil usury statute does not apply to defaulted debts and that the plaintiff cannot directly enforce the criminal usury statute.
Under the terms of the proposed settlement, the defendants are required to, among other things, (i) provide class members with $555,000 in monetary relief; (ii) provide $9.2 million in credit balance reductions; (iii) pay $550,000 in attorneys’ fees and costs; and (iv) agree to comply with all applicable laws, regulations, and case law regarding the collection of interest, including the collection of usurious interest.
DOJ proposes SCRA settlement for auto lender
On March 6, the DOJ announced it reached a proposed $80,000 settlement with a California-based indirect auto lending company for allegedly repossessing servicemembers’ vehicles in violation of the Servicemembers Civil Relief Act (SCRA). As previously covered by InfoBytes, the DOJ filed a lawsuit against the company in March 2018, alleging that an investigation revealed the company failed to have policies or practices in place to verify borrowers’ military status before repossessing vehicles. As such, the DOJ argued that the defendant may have repossessed vehicles of other servicemembers without obtaining the necessary court orders or verifying military status. The investigation was triggered after an Army Private submitted a complaint about the company to the DOJ in 2016. The proposed consent order would require the company to pay a $50,000 civil penalty and issue $30,000 in compensation to a different Army Specialist, whose credit, according to the DOJ, was severely damaged as a result of a repossession by the company. In addition, the company would be required to develop policies and procedures to ensure compliance with the SCRA in the future. The consent order has not yet been approved by the court.
Class settles data breach claims over compromised payment card data
On February 26, the U.S. District Court for the Middle District of Florida granted final approval and class certification, following a final approval hearing, to a settlement resolving class action allegations concerning a data breach involving an international fast-food chain. According to the amended motion for final approval, the data breach occurred in 2016 and involved third-party malware installation on certain franchises’ point of sale systems, which targeted and compromised customer payment card related data. The class ultimately asserted the following claims—breach of implied contract, negligence, and violations of several state consumer laws—and requested reimbursement for (i) costs associated with time spent addressing identity theft or fraud; (ii) losses caused by restricted access to funds; (iii) costs associated with credit reports and credit monitoring; (iv) bank and payment card fees; (v) unauthorized charges; and (vi) documented time spent dealing with the repercussions of the data breach. Under the terms of the settlement, the fast-food chain will pay up to $5,000 per eligible class member as reimbursement for documented out-of-pocket expenses, and up to $15 an hour for up to two hours of undocumented time spent dealing with the repercussions of the data breach. The court also approved $1.02 million in attorneys’ fees and approximately $139,000 in costs to class counsel.
Video social networking app settles COPPA allegations
On February 27, the FTC announced a $5.7 million settlement with the operators of a video social networking app concerning alleged violations of the Children’s Online Privacy Protection Act (COPPA). Among other things, the FTC claims the operators failed to provide parents notice of its information collection practices, illegally collected personal information from children under the age of 13 without first obtaining verifiable parental consent, failed to delete personal information when parents requested, and retained information “longer than reasonably necessary to fulfill the purpose for which the information was collected.” Under COPPA, operators of websites and online services directed at children are prohibited from collecting personal information of children under the age of 13, unless the company has explicit parental consent. The FTC alleges that the operators knew a “significant percentage” of its users were under 13 and received thousands of complaints from parents that their children under 13 had created accounts on the app. While neither admitting nor denying the allegations, the operators have agreed to the monetary penalty, will change their business practices to comply with COPPA, and will remove all videos made by children younger than 13. According to the FTC, this settlement is the largest civil penalty obtained to date by the agency for COPPA violations.
FTC hits online student loan lender with order
On February 25, the FTC announced it has approved a final consent order with an online student loan refinance lender resolving allegations that the lender violated the FTC Act by misrepresenting in television, print, and internet advertisements how much money student loan borrowers can save from refinancing their loans with the company. As previously covered by InfoBytes, the FTC alleged that the lender inflated the average savings consumers have achieved by refinancing through the lender, in some instances doubling the average savings by selectively excluding certain groups of consumers from the data. Additionally, the FTC also alleged that in some instances, the lender’s webpage misrepresented instances where a loan option would result in the consumer paying more on a monthly basis or over the lifetime of the loan, simply stating the savings would be “0.00.” In October 2018, without admitting or denying the allegations, the lender agreed to a consent order that required it to cease the alleged misrepresentations and agree to compliance monitoring and recordkeeping requirements. Following a public comment period, the FTC Commission voted 5-0 to approve the final consent order.
SEC: No fine for self-reported unregistered ICO
On February 20, the SEC announced a cease-and-desist order with a cybersecurity startup for conducting an unregistered Initial Coin Offering (ICO), which the company self-reported. According to the order, in late 2017, the startup conducted an unregistered ICO, which raised approximately $12.7 million in digital assets. The money was used to finance the startup’s plan to “develop[] a network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks.” The SEC noted that the tokens offered and sold were considered securities because a purchaser would have a reasonable expectation of obtaining a future profit from the investment. The startup did not register the ICO nor did it qualify for an exemption to the registration requirements. The SEC did not impose a monetary penalty because, according to the order, in the summer of 2018 the startup self-reported the unregistered ICO and offered to take prompt remedial actions. The order requires the startup to return the funds to investors who purchased the tokens and register the tokens as securities.