InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Tenth Circuit Permits Trade Group Challenge to New Mexico Fair Credit Reporting Act
On May 7, the U.S. Court of Appeals for the Tenth Circuit published an opinion that a trade group has standing to sue the Attorney General of New Mexico over that state’s credit reporting and identify theft requirements. Consumer Data Industry Assoc. v. King, No. 11-2085, 2012 WL 1573563 (10th Cir. May 7, 2012). In 2010, New Mexico enacted the Fair Credit Reporting and Identity Security Act, which, among other things, requires consumer reporting agencies (CRAs) to oblige a consumer’s request to remove credit report information resulting from identify theft until told otherwise by a court or the requesting consumer. The Consumer Data Industry Association challenged the law on behalf of its members, arguing that the state law is preempted by the federal Fair Credit Reporting Act (FCRA). Under FCRA, a CRA can deny a consumer request to remove information based on identify theft if the CRA reasonably determines that the request is fraudulent or erroneous. The district court held that the CDIA failed to prove redressability and therefore lacked constitutional standing to sue. The Tenth Circuit vacated the district court holding and ordered further proceedings. It found that federal courts consistently have found a case or controversy in suits between private parties subject to enforcement and the state entity responsible for enforcement and that if a plaintiff faces a credible threat of enforcement, redressability is established. Here, the court held, the threat of enforcement faced by the CDIA members is sufficient to provide standing to sue for both injunctive and declaratory relief.
Federal Appeals Court Limits Review of FTC Interpretation of FCRA
Recently, the U.S. Court of Appeals for the District of Columbia Circuit held that the FTCs interpretation of a Fair Credit Reporting Act (FCRA) provision is not subject to direct review by the federal appeals court. Natl Auto. Dealers Assoc. v. FTC, 670 F.3d 268 (D.C. Cir. 2012). In July 2011, the FTC promulgated a rule to implement changes made by the Dodd-Frank Act to FCRAs risk-based pricing protections. Those protections entitle consumers to a notice when they are offered credit at materially less favorable terms based on information contained in their credit reports. As part of the July 2011 rule, the FTC provided supplementary information that included an interpretation of the scope and applicability of the rule, stating that automobile dealers are subject to the rule, even when dealers rely on third-party financing sources and not directly on credit reports obtained from a consumer reporting agency. The National Association of Automobile Dealers (NADA) filed a petition asking the appeals court to review the FTCs interpretation. NADA concurrently filed a complaint in district court seeking a review of the rule under the Administrative Procedures Act. The appeals court held that direct appellate review of an agency action is only permissible when a statute unambiguously grants such a review. In this case, the direct review provision of the FTC Act is not ambiguous and clearly does not apply to the FCRA interpretation at issue. Under the FTC Act, direct review is only available for challenges to trade regulation rules and substantive amendments thereto. NADA is not challenging a substantive amendment, but rather an interpretation, and in any case the FCRA interpretive statement is not related to a trade regulation rule. Therefore, the appeals court dismissed the petition without prejudice to the parallel district court action.
SEC and CFTC Propose Rules Regarding Detecting Identity Theft
On February 28, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC, together with the SEC, the Commissions) jointly issued proposed rules that would require entities subject to the Commissions’ jurisdiction to address identity theft in two ways: (i) financial institutions and creditors would be required to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identify theft with either certain existing accounts or opening new accounts, and (ii) credit and debit card issuers subject to the Commissions’ jurisdiction would be required to assess the validity of change-of-address notifications under certain circumstances. Section 1088 of the Dodd-Frank Act transferred authority over certain parts of the Fair Credit Reporting Act from the Federal Trade Commission to the Commissions for entities they regulate. The Commissions’ proposed rules are substantially similar to rules adopted in 2007 by the FTC and other federal financial regulatory agencies that previously were required to adopt such rules. The proposed rules set out the four elements that regulated entities would be required to include in their identify theft prevention programs: (i) identify relevant red flags, (ii) detect the occurrence of red flags, (iii) respond appropriately to the detected red flags, and (iv) periodically update the program to reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft. The Commissions issued jointly proposed guidelines in an appendix to the proposed rules to assist regulated entities in formulating and maintaining a Program that would satisfy the proposed rule requirements. The Commissions are accepting comments on the proposal through May 7, 2012.
FTC Warns That Mobile Background Screening Apps May Violate FCRA
On February 7, the FTC announced that it had warned three mobile application marketers that their mobile background screening applications may be violating the Fair Credit Reporting Act (FCRA). The FTC described some of the six applications at issue as including criminal record histories, which are a type of information typically used in employment and tenant screening. While the FTC has not made a determination as to whether these firms are violating FCRA, it reminded the companies that if they have reason to believe the mobile applications include information about individuals’ character, reputation, or personal characteristics that is used or expected to be used for purposes such as employment, housing or credit, the marketers and their customers must comply with FCRA. Under FCRA, firms that assemble or evaluate such information to provide to third parties qualify as consumer reporting agencies and are required to (i) take reasonable steps to ensure the user of each report has a “permissible purpose” to use the report, (ii) take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports, and (iii) provide users of its reports with information about their obligations under the FCRA.
Nineteen States Settle With Debt Collector Over Collection Practices
On February 6, nineteen state attorneys general announced a multi-state settlement with NCO Financial Systems, a debt collection company, to resolve allegations of misleading and deceptive debt collection practices. Under the agreement, the company must set aside $950,000 ($50,000 for each state) for consumer restitution, and will pay $575,000 for state consumer protection enforcement efforts. Restitution will go to consumers who paid the company for debts the consumers did not owe, who overpaid interest, or who overpaid a debt beyond what the company had agreed to settle an account. The company also agreed to (i) comply with the Fair Debt Collection Practices Act, the federal Fair Credit Reporting Act, and all applicable state laws, (ii) notify credit reporting agencies within 30 days of consumer disputes and results of investigations into disputes, (iii) provide notice to consumers about their debt collection rights under federal and state law, and (iv) monitor compliance, create written policies and procedures for handling consumer complaints, and submit periodic compliance reports.
FTC and DOJ Obtain Settlement of Claims Against Debt Buyer
On January 30, the FTC and the DOJ announced that a Michigan-based debt buyer had agreed to pay a $2.5 million civil penalty to settle allegations of misconduct in connection with the company's debt collection activities. The FTC alleged that the debt buyer violated the FTC Act, the Fair Debt Collection Practices Act, and the Fair Credit Reporting Act by, among other things, (i) misrepresenting without substantiation that consumers owed a debt, (ii) failing to disclose that certain time-barred debt did not have to be repaid, (iii) knowingly providing false information to credit reporting agencies, and (iv) failing to investigate disputes raised by credit reporting agencies. In addition to paying the civil penalty, the company must address the failures and misconduct alleged by the FTC. For example, it must inform consumers when a debt is too old to be legally enforceable. Further, the company is prohibited from engaging in certain conduct, such as placing debt on consumer credit reports without notifying the consumer. Concurrent with the announcement, the FTC released a publication to help consumers understand their rights with regard to time-barred debt.
Oklahoma District Court Dismisses Most Claims in Putative Wrongful Foreclosure Class Action
On January 6, the U.S. District Court for the Western District of Oklahoma dismissed the majority of claims brought by two borrowers seeking to represent a class of borrowers against Bank of America Corporation, Bank of America N.A., and BAC Home Loans Servicing, LP (collectively BAC) for alleged wrongful foreclosure practices. Risener v. Bank of Am. Corp., No. 10-1110 (W.D. Okla. Jan 6, 2012). In this case, the borrowers claim that after their original servicer ceased operations, their loan servicing was assigned to BAC and their loan was inaccurately recorded as being in default. According to the borrowers, multiple attempts to prove that the borrowers were not in default were ignored by the defendants. Further, according to the borrowers, BAC Home Loans Servicing, LP, continued to send default notices and threatened to foreclose, refused to verify the borrowers’ default status, and reported false information about borrowers to credit reporting agencies.
As such, the borrowers allege that defendants (i) violated the Fair Debt Collections Practices Act (FDCPA) by using false, deceptive, or misleading representations in the collection of debts and by failing to provide certain required notices; and (ii) violated the Fair Credit Reporting Act (FCRA) by providing false information to credit reporting agencies and by failing to investigate the disputed default loan status. Agreeing with a recent Georgia decision involving a similar fact pattern, the court held that because the borrowers allege their loan was not in default, BAC could not have been “debt collectors” subject to the FDCPA, because the FDCPA requires a loan to be “in default”, not “allegedly in default.” Further, the borrowers do not allege that Bank of America Corporation or Bank of America, N.A. ever attempted to collect a debt and, therefore, regardless of their status as a debt collector, cannot be found in violation of the FDCPA. With regard to the borrowers’ FCRA claims, the court held that the FCRA does not include a cause of action for the act of providing false information but that borrowers’ claims that BAC Home Loans Servicing failed to investigate were sufficiently supported by the allegations in the complaint and therefore could proceed.