InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Supreme Court to Hear Historic FCRA Standing Case During October 2015 Term
On April 27, the United States Supreme Court granted a petition for a writ of certiorari seeking review of a hotly-debated question with potentially far-reaching implications: whether a mere violation of a federal statute, without more, satisfies the “injury-in-fact” standard required for constitutional standing under Article III. The case at issue involves a plaintiff alleging violations of the Fair Credit Reporting Act (FCRA); specifically, the plaintiff argued that he suffered actual harm when an online search engine, acting as a credit reporting agency (CRA), published inaccurate information about his background and character in violation of FCRA provisions requiring a CRA to ensure accuracy and provide notice regarding the information it disseminates. The district court ruled that plaintiff failed to demonstrate injury-in-fact without showing more than mere violations of the FCRA. The Ninth Circuit reversed, holding that the violation of federal statutory rights is sufficient to show constitutional standing, and that a plaintiff need not demonstrate any actual damages in order to file suit. Notably, the Ninth Circuit did not opine that the “harm” alleged by the plaintiff – the online search engine portrayed him as wealthier and more educated than he actually was – affected him economically by impeding his employment prospects.
The Supreme Court’s decision to hear the widely-followed case has the attention of many. Ten amicus briefs have been filed over the past year, all highlighting the “substantial impact” the Court’s decision could have. Currently, numerous federal statutes allow a plaintiff to recover damages based on statutory violations without a showing of actual or concrete injury, including those prominent in the financial industry such as the Real Estate Settlement Procedures Act (RESPA), the Fair Debt Collection Practices Act (FDCPA), and the Truth in Lending Act (TILA), among others. Despite the Solicitor General’s recommendation against hearing the case, in which the government argued that courts have traditionally provided redress for statutory violations alone, the Supreme Court’s decision will affect the degree to which consumers and classes can utilize federal statutes to recover without proving additional causal injury. A decision affirming the Ninth Circuit’s decision could arguably open the floodgates to “no-injury” lawsuits, coercing defendants to pay millions in damages without a showing of any actual harm. Oral arguments for the case will be heard this coming October, at the beginning of the Court’s 2015 term. Reply and supplemental briefs to the petition can be found here and here, respectively.
Illinois Federal Court Allows FCRA Lawsuit Against Credit Reporting Company to Move Forward
On February 5, the U.S. District Court for the Northern District of Illinois denied a credit reporting company’s motion to compel arbitration in a putative class action which alleged that the company sold credit scores to consumers that differed from the scores the company provided to lenders due to contrasting credit scoring models. The plaintiff alleged this practice violated provisions of the Fair Credit Reporting Act, Illinois Consumer Fraud and Deceptive Business Practices Act, and Missouri Merchandizing Practices Act, and that the credit reporting company was negligent in failing to inform consumers of the conflicting scores. The credit reporting company sought to compel arbitration on the basis of arbitration terms embedded in language in an online purchase agreement. As part of the purchase process, the consumer had to click on an “I Agree” button after reading agreement language in a window with a scrolling text box. The court found clicking “I Agree” did not constitute assent to the language in the text box because there was a paragraph placed between the text box and the “I Agree” button authorizing the credit reporting company to access the consumer’s personal information. Here, the authorization language was “so explicit that it was reasonable for users to assume that their click merely constituted their assent to the authorization,” not to the terms in the scrollable text box. Because of the confusion about whether the consumer provided consent to the authorization language or to the online purchase agreement’s terms, the court found the arbitration clause unenforceable and allowed the lawsuit against the credit reporting company to move forward.
CFPB Report Highlights Errors In Mortgage And Student Loan Servicing
On October 28, the CFPB released the fifth edition of its Supervisory Highlights report. The report highlighted the CFPB’s recent supervisory findings of regulatory violations and UDAAP violations relating to consumer reporting, debt collection, deposits, mortgage servicing and student loan servicing. The report also provided updated supervisory guidance regarding HMDA reporting relating to HMDA data resubmission standards. With respect to consumer reporting, the report identified a variety of violations of FCRA Section 611 regarding dispute resolution. The report noted findings of several FDCPA and UDAAP violations in connection with debt collection, including: (i) unlawful imposition of convenience fees; (ii) false threats of litigation; (iii) improper disclosures to third parties; and (iv) unfair practices with respect to debt sales. For deposits, the report identified several Regulation E violations found, including: (i) error resolution violations; (ii) liability for unauthorized transfers; and (iii) notice deficiencies. The report outlines four main compliance issues identified in the mortgage servicing industry: (i) new mortgage servicing rules regarding oversight of service providers; (ii) delays in finalizing permanent loan modifications; (iii) misleading borrowers about the status of permanent loan modifications; and (iv) inaccurate communications regarding short sales. Finally, the report outlines six practices at student loan servicers that could constitute UDAAP violations: (i) allocating the payments borrowers make to each loan, which results in minimum late fees on all loans and inevitable delinquent statuses; (ii) inflating the minimum payment due on periodic and online account statements; (iii) charging late fees when payments were received during the grace period; (iv) failing to give borrowers accurate information needed to deduct loan interest payments on tax filings; (v) providing false information regarding the “dischargeable” status of a loan in bankruptcy; and (vi) making debt collection calls to borrowers outside appropriate hours.
CFPB Enforcement Action Targets Auto Finance Company's Credit Reporting Practices
On August 20, the CFPB announced a consent order with a Texas-based auto finance company to address alleged deficiencies in the finance company’s credit reporting practices. The company offers both direct and indirect financing of consumer auto purchases, and, according to the CFPB, specializes in lending to consumers with impaired credit profiles. In general, the CFPB took issue with the finance company’s alleged failure to implement policies and procedures regarding the accuracy and integrity of information furnished to consumer credit reporting agencies (CRAs) and alleged deceptive acts in the finance company’s representations regarding the accuracy of furnished information.
The CFPB’s action specifically alleged that the finance company violated the Fair Credit Reporting Act (FCRA) by providing inaccurate information to credit reporting agencies regarding how its borrowers were performing on their accounts, including by: (i) reporting inaccurate information about how much consumers were paying toward their debts; (ii) reporting inaccurate “dates of first delinquency,” which is the date on which a consumer first became late in paying back the loan; (iii) substantially inflating the number of delinquencies for some borrowers when it reported borrowers’ last 24 months of consecutive payment activity; (iv) informing CRAs that some of its borrowers had their vehicles repossessed, when in fact those individuals had voluntarily surrendered their vehicles back to the lienholder. The CFPB claims this activity took place over a three-year period, even after the company was made aware of the issue. The CFPB believes the company furnished incorrect information to the CRAs on as many as 118,855 accounts.
The consent order requires the company to pay a $2.75 million penalty to the CFPB. In addition, the finance company must: (i) review all previously reported accounts for inaccuracies and correct those accounts or delete the tradeline; (ii) arrange for consumers to obtain a free credit report; and (iii) inform all affected consumers of the inaccuracies, their right to a free consumer report, and how consumers may dispute inaccuracies. The order also directs the company to sufficiently provide the staffing, facilities, systems, and information necessary to timely and completely respond to consumer disputes in compliance with the FCRA.
Bankruptcy Court Refuses To Dismiss Class Suit Claiming Bank's Credit Reporting Practices Violated Bankruptcy Code
On July 22, the U.S. Bankruptcy Court for the Southern District of New York rejected a bank’s motion to dismiss a putative class action adversary proceeding alleging that certain of the bank’s credit reporting practices violated U.S. bankruptcy law. In re Haynes, No. 11-23212, 2014 WL 3608891 (S.D.N.Y. Jul. 22, 2014). The named plaintiff-debtor alleged that the bank charged off and sold his debt, which was subsequently discharged in bankruptcy, but failed to correct his credit report that listed the debt, post-discharge, as being only “charged off,” rather than being “discharged in bankruptcy.” The bank moved to dismiss for failure to state a claim, arguing that because it sold the debt pre-bankruptcy, it did not have an obligation under the FCRA or Sections 727 and 524(a) of the Bankruptcy Code to correct the debtor’s credit report. The court denied the bank’s motion on the grounds that (i) the bank continues to have an economic interest in the debt—notwithstanding its sale—because the bank continues to receive a percentage payment of the proceeds of each debt repaid to it and forwarded to the debt’s purchaser; and (ii) by failing to correct the credit reports, the bank is enhancing its purchasers’ ability to collect on the debt.
Federal Reserve Board Repeals Duplicative Regulations, Finalizes Red Flag Rule Amendments
On May 22, the Federal Reserve Board repealed its Regulation DD, which implements TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued rules implementing them. The Board also finalized amendments to the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of FCRA. Generally, the Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The revision excludes from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The repeals and Red Flags rule amendments take effect June 30, 2014.
CFPB Proposes Limited Relief From Annual Privacy Notice Delivery Requirements
On May 7, the CFPB issued a proposed rule that would provide financial institutions an alternative method for delivering annual privacy notices. The Gramm-Leach-Bliley Act (GLBA) and Regulation P require financial institutions to, among other things, provide annual privacy notices to customers—either in writing or electronically with consumer consent. Industry generally has criticized the current annual notice requirement as ineffective and burdensome, with most financial institutions providing the notices by U.S. postal mail. The proposed rule would allow financial institutions, under certain circumstances, to comply with the GLBA annual privacy notice delivery requirements by (i) continuously posting the notice in a clear and conspicuous manner on a page of their websites, without requiring a login or similar steps to access the notice; and (ii) mailing the notices promptly to customers who request them by phone.
Specifically, under the CFPB’s proposal, a financial institution subject to the GLBA privacy notice requirements would be permitted to post annual notices online, provided the institution:
- Does not share the customer’s nonpublic personal information with nonaffiliated third parties in a manner that triggers GLBA opt-out rights;
- Does not include on its annual privacy notice a Fair Credit Reporting Act (FCRA) § 603(d)(2)(A)(iii) notice regarding the ability to opt out of information sharing with the institution’s affiliates;
- Does not use its annual privacy notice as the only notice provided to satisfy affiliate marketing opt-out notice requirements under section 624 of FCRA;
- Has not changed the information included in the privacy notice since the customer received the previous notice;
- Uses the model form provided in Regulation P; and
- Inserts a clear and conspicuous statement, at least once per year on a notice or disclosure the institution issues under any other provision of law, announcing that the annual privacy notice is available on the institution’s website, such notice has not changed since the previous notice, and a copy of such notice will be mailed to customers who request it by calling a toll-free telephone number.
The CFPB cites the following benefits of the proposed rule:
- Provides consumers with constant access to privacy policies;
- Incentivizes financial institutions to limit their data sharing with unaffiliated third parties;
- Allows consumers who are concerned about their personal information to comparison shop before deciding which financial institution to use; and
- Reduces the cost for companies to provide annual privacy notices.
The proposed rule would provide some relief to industry, particularly where broader bipartisan legislative solutions have failed to gain substantial traction. Last year, the House passed legislation that would fully exempt a financial institution from the annual notice requirement if it (i) provides nonpublic personal information only in accordance with specified requirements, and (ii) has not changed its policies and practices with regard to disclosing nonpublic personal information from its most recent disclosure. A similar Senate bill introduced early last year has not moved forward, though its sponsor, Senator Sherrod Brown (D-OH), pressed the CFPB director about the issue during a hearing last fall.
The CFPB’s proposal will remain open for comment for 30 days following its publication in the Federal Register.
Federal Reserve Board Proposes To Repeal Duplicative Regulations Amend Identity Theft Red Flags Rule
On February 12, the Federal Reserve Board proposed to repeal its Regulation DD, which implements the TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued interim final rules implementing them. The Board also proposed to amend the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of the FCRA. Generally, the Indemnity Theft Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The proposed revision will exclude from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The Board will accept comments on the proposal for 60 days from publication in the Federal Register.
Ninth Circuit Holds Alleged Statutory Violations Sufficient For Standing Under FCRA
On February 4, the U.S. Court of Appeals for the Ninth Circuit held that a plaintiff’s claim against a data broker alleged to have published inaccurate information about him has standing by virtue of the alleged violation of his statutory rights and need not demonstrate injury. Robins v. Spokeo, Inc., No. 11-56843, 2014 WL 407366, (9th Cir. Feb. 4, 2014). The district court held that the plaintiff failed to allege an injury in fact because his claims that the inaccurate information harmed, among other things, his ability to obtain employment did not sufficiently allege any actual or imminent harm. Applying its own precedent established in a long-running RESPA case that the U.S. Supreme Court declined to review in 2012, the court held that the violation of a statutory right usually is a sufficient injury to confer standing and that statutory causes of action do not require a showing of actual harm. The court determined that violations of statutory rights created by FCRA are concrete injuries that Congress can elevate to the status of legally cognizable injuries and are therefore sufficient to satisfy Article III’s injury-in-fact requirement. Further, the plaintiff adequately pled causation and redressability because (i) an alleged violation of a statutory provision caused the violation of a right created by that provision; and (ii) FCRA provides for monetary damages to redress the violation. The court reversed the trial court and remanded.
CFPB Reports On Impacts Of Regulations For Banks
On November 22, the CFPB released findings of a study the Bureau conducted on the impact of certain deposit regulations on the day-to-day operations of banking institutions, focusing on compliance costs related to checking accounts, traditional savings accounts, debit cards, and overdraft programs. The study collected information from seven banks about activities related to compliance with regulations implementing the Truth in Savings Act, the Electronic Fund Transfer Act, the financial privacy requirements of the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act (Regulations DD, E, P, and V, respectively), as well as FCRA’s adverse action requirements, which are not implemented by regulation. According to the Bureau, compliance costs were concentrated in the Operations, Information Technology, Human Resources, Compliance, and Retail functions, and banks incurred the most substantial costs complying with rules related to authorization rights, error resolution requirements, disclosure mandates, and advertising standards.
The report identifies the compliance-related activities that entailed the highest costs across business functions and suggests that “authorization rights” (i.e., opt-ins and opt-outs) and error-resolution requirements are the most costly to administer. The report also discusses the potential for the study—which the Bureau characterizes as representing “some of the most rigorous information currently available” on compliance costs—to advance research on the cost of compliance, influence the ultimate understanding of regulatory impacts on consumers and markets, and inform the CFPB’s ongoing efforts to avoid unnecessary compliance costs. The Bureau states that estimating the operational effects of consumer financial services regulation alone has “limited value to policymaking” and is mainly helpful in determining the impact of a specific regulation on product pricing and availability or market structure and competition. The Bureau concluded that research on the effects of regulations will remain an ongoing priority, but it will nevertheless continue to address problems observed in the marketplace — “mindful that, whatever the costs of regulation, the costs of not regulating adequately can be even larger.”
The full report, Understanding the Effects of Certain Deposit Regulations on Financial Institutions' Operations: Findings on Relative Costs for Systems, Personnel, and Processes at Seven Institutions, is available here.