InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
3rd Circuit: No ambiguity in collection dispute notice
On April 18, the U.S. Court of Appeals for the Third Circuit affirmed the dismissal of a putative FDCPA class action debt collection lawsuit concerning allegedly misleading dispute language. A letter the plaintiff received from the defendant debt collector included the following statement:
Unless you notify this office within 30 days after receiving this notice that you dispute the validity of this debt or any portion thereof, this office will assume this debt is valid. If you notify this office in writing within 30 days after receiving this notice that you dispute the validity of this debt or any portion thereof, this office will obtain verification of the debt or obtain a copy of a judgment and mail you a copy of such judgment or verification. If you request of this office in writing within 30 days after receiving this notice[,] this office will provide you with the name and address of the original creditor, if different from the current creditor.
If you dispute the debt, or any part thereof, or request the name and address of the original creditor in writing within the thirty-day period, the law requires our firm to suspend our efforts to collect the debt until we mail the requested information to you.
The plaintiff argued that the suspended collection language in the second paragraph violated the FDCPA because it led her to believe “that she could suspend collection by disputing all or part of the debt orally outside of the 30-day window.” Doing so, the plaintiff maintained, would conflict with her rights under Section 1692g(b) of the statute, which “guarantees that, if a consumer invokes her § 1692g(a) right to request information about a debt, and the consumer invokes this right in writing and within the thirty-day period prescribed by statute, a debt collector must ‘cease collection of the debt’ until it has provided the requested information to the debtor.” While the defendant was not required to notify the plaintiff about her rights under 1692g(b), the plaintiff claimed that including inaccurate information about those rights gave her “contrary and inconsistent” information.
The district court dismissed the action for failure to state a claim on the premise that, when “read holistically,” the letter did not suggest that the plaintiff could have collection activity suspended by orally disputing the debt outside the 30-day window. On appeal, the 3rd Circuit agreed with the district court that the language that preceded the disputed statement “eliminates any ambiguity” because “it explains that a debtor who wishes to avail herself of her statutory right to validation of a debt must request validation in writing and within 30 days of receiving a collection notice.”
CFPB: ECOA prohibits discrimination in any aspect of a credit transaction
On April 14, the CFPB filed a statement of interest saying ECOA’s prohibition on discrimination applies “to any aspect of a credit transaction,” and therefore covers every aspect of a borrower’s dealings with a creditor, not just specific loans terms such as the interest rate or fees.
The case, which is currently pending in the U.S. District Court for the Southern District of Florida, concerns a putative class of Black students enrolled at a for-profit nursing school who took out credit in the form of federal and private student loans to pay for the program. Plaintiffs alleged that the school adopted new policies while they were enrolled that increased the time and money it would take to complete the program, and asserted the program was intentionally targeted to individuals on the basis of race “with the understanding that they were highly likely to require an extension of credit to pay for the program.” Plaintiffs claimed the school violated ECOA by engaging in “reverse redlining” and brought other claims under state and federal law. The school moved to dismiss, arguing that the plaintiffs failed to specify any aspect of any credit transaction that is discriminatory based on race or another protected class under ECOA, and failed to identify any specific loan term that was unfair or predatory (based on race or otherwise), the Bureau said in a corresponding blog post.
The statement of interest addressed two questions concerning ECOA’s applicability raised in the school’s motion to dismiss. First, the Bureau refuted the school’s argument that in order to state a claim for discriminatory targeting under ECOA, the plaintiff must allege that the individual (i) is a member of a protected class; (ii) applied and qualified for a loan; (iii) the loan was made on “grossly unfavorable terms”; and (iv) the lender intentionally targeted the plaintiff for unfair loans or gave more favorable terms to others. Calling this contention “mistaken,” the Bureau explained that to state a claim under ECOA, “a plaintiff need allege only facts to plausibly suggest that a defendant discriminated on a prohibited basis with respect to an aspect of a credit transaction; they need not allege the elements of a prima facie case, which is an evidentiary standard and not a pleading requirement.” The Bureau pointed to allegations showing that the school allegedly targeted Black students by, among other things, engaging in race-targeted advertising and marketing, enrolling a disproportionate number of Black students as compared to the surrounding neighborhoods’ populations, and making a greater percentage of loans in majority Black census tracts, as examples of discriminatory targeting.
Second, the Bureau disagreed with the school’s assertion that plaintiffs failed to identify any aspects of the credit transactions that were discriminatory based on race, or any specific loans terms that were allegedly unfair or predatory. Emphasizing that even if the loan terms are not themselves unfair or predatory, plaintiffs may proceed with a discriminatory targeting claim because ECOA prohibits discrimination “with respect to any aspect of a credit transaction,” which encompasses more than just the loan terms in a contract, the Bureau explained. According to the Bureau, the plaintiffs alleged discrimination in relation to multiple aspects of their credit transactions with the school and have accordingly stated a claim under ECOA.
CFPB Director Rohit Chopra issued a statement emphasizing that courts have consistently upheld that discriminatory targeting violates ECOA when a company targets consumers on a prohibited basis for harmful and predatory loans. The Bureau will continue to work with the DOJ, federal agencies, and the states to ensure lenders that engage in discriminatory targeting are held accountable, Chopra said.
3rd Circuit: Card renewal notices not subject to TILA itemization requirements
On April 11, the U.S. Court of Appeals for the Third Circuit upheld the dismissal of a putative class action suit claiming a national bank’s failure to itemize fees in its credit card renewal notices violated TILA and Regulation Z. Plaintiff alleged that his 2019 card renewal notice listed the annual membership fee as $525, but did not separate the fee into itemized amounts: $450 for the primary cardholder and $75 for an additional authorized user. Stating that the annual membership fee later appeared in his 2020 renewal notice as two separate fees, he claimed that he would have only paid the $450 fee for his own card if he had known it was an option in 2019. Plaintiff sued claiming the 2019 renewal notice violated TILA and Regulation Z, which require creditors to make disclosures before and during a creditor-borrower relationship, including the existence of any annual and periodic fees. The district court rejected the bank’s argument that the plaintiff lacked standing after finding that he suffered an economic injury by paying the full $525. However, the court granted the bank’s motion to dismiss after determining that the plaintiff failed to allege a TILA violation because neither the statute nor its implementing regulation expressly require banks to itemize fees in a renewal notice.
On appeal, the 3rd Circuit issued a precedential opinion finding that while the plaintiff had standing, he failed to plead an actual TILA violation. “While there is an itemization requirement in the statutes and regulations governing periodic disclosures,” the court clarified that “the same requirement is not included in the statutes and regulations applicable to renewal notices.” The 3rd Circuit stated that “[r]enewal notices are not subject to the same disclosure requirements as solicitations and applications, which are provided to consumers before the parties have any relationship,” explaining that because “the creditor does not yet know whether the consumer will add an authorized user to the account” during the solicitation or application period, it “must disclose ‘optional’ additional card fees.” However, during the account renewal stage, TILA and Regulation Z only require creditors to “disclose terms ‘that would apply if the account were renewed.’”
Credit reporter must face FCRA suit on hard-inquiry reinvestigation
On April 10, the U.S. District Court for the Eastern District of Pennsylvania denied a credit reporting agency’s (CRA) motion for summary judgment in a certified class action suit accusing the CRA of willfully violating the reinvestigation provision in the FCRA. Plaintiff claimed that he disputed an alleged inaccurate hard inquiry on his credit report, and argued that not only did the CRA fail to remove the hard inquiry from his credit file, he was given a sales pitch for an identity theft product. The CRA conceded that it did not reinvestigate the dispute and argued, among other things, “that hard inquiries do not necessarily decrease a consumer’s credit score and, even if they did, such diminutions do not necessarily result in the denial of credit.” Experts for both parties debated the extent to which a hard inquiry affects a consumer’s credit score.
The court disagreed with the CRA’s position concerning the impact of hard inquiries on consumers’ credit scores, noting the conflict with federal regulators’ cautionary advice that “[t]hese inquiries will impact your credit score because most scoring models look at how recently and how frequently you apply for credit.” Moreover, the CRA’s own expert opined that hard inquiries usually do have a “minor impact” on consumers’ credit scores. Additionally, the court rejected the CRA’s argument that it did not willfully violate the FCRA because its process for handing hard-inquiry disputes was in line with industry-wide practices. The court cited Third Circuit precedent requiring CRAs to reinvestigate any information a consumer claims is inaccurate if the CRA does not deem the information frivolous or chooses not to delete it from the customer’s file. “When industry practices are contradicted by clear statutory language and case law giving force to that language, common practice does not save a defendant from a finding of willfulness,” the court wrote. With respect to the decertification request, the court said class members established that the time and resources spent trying to resolve disputes over inaccurate hard inquiries, and their lowered credit scores, amounted to concrete injury that can be fairly traceable to the CRA’s statutory violation.
The court denied summary judgment for two reasons. First, the court did not find that the CRA’s actions were “objectively reasonable” based on the CRA’s reliance on a “contorted and inconsistent” reading of the FCRA and its interpretation of § 1681i (which “requires a reasonable reinvestigation when consumers raise a dispute of inaccuracy”). The court also denied summary judgment “[b]ecause a jury could find that [the CRA’s] blanket policy of refusing to reinvestigate disputes of hard inquiries is not reasonable under the law.”
Divided 4th Circuit: Including GAP coverage does not eliminate auto loan exemption from MLA
On April 12, a split U.S. Court of Appeals for the Fourth Circuit held that loans borrowed in part to finance the purchase of a car are not governed by the Military Lending Act (MLA), even when the loan covers additional related costs. While the MLA’s requirements apply to the extension of consumer credit to covered members, loans procured “for the express purpose of financing” the purchase of a car (and are secured by the car) are excluded from many of the statute’s protections. Plaintiff purchased a car with an auto loan that included guaranteed asset protection coverage (GAP). The plaintiff then filed a putative class action against the defendant claiming the loan violated the MLA because it mandated arbitration (which is prohibited under the MLA) and failed to disclose certain information. The plaintiff argued that the loan should be protected under the MLA because part of his “bundled” loan went to GAP coverage. The district court disagreed and dismissed the case, ruling that the plaintiff’s contract was exempt from the MLA because GAP coverage and other add-on charges were “inextricably tied” to his purchase of the car.
On appeal, the majority concluded that loan, which was used for both an MLA-exempt and non-exempt purpose, can be treated together under the statute, because “[i]f a loan finances a car and related costs, then it is for the express purpose of financing the car purchase and the exception can apply.” The key issue was how to interpret the MLA exception that covers loans made for the “express purpose” of financing a car. “If that phrase, as used in the [MLA], means merely ‘for the specific purpose,’ [the defendant] wins. If it means ‘for the sole purpose,’ [plaintiff] wins,” the majority wrote. “We do not care and we do not ask” if the loan also financed GAP coverage, provided the loan was made for the specific purpose of financing a car, the court said, explaining that the loan is exempted from the MLA, “no matter what else it financed.”
The dissenting judge warned that the majority’s conclusion undermines the purpose of the MLA. “There is no reason to suspect that Congress regulated the marketing of financial products to service members, only to allow them to be smuggled in through a vehicle-loan back door,” the dissenting judge wrote, criticizing the majority’s conclusion and noting that opening up the MLA’s exception to include additional loans “permits lenders to piggyback virtually any financial product onto an exempt vehicle loan” at the expense to service members.
Notably, the CFPB, DOJ, and Department of Defense (DOD) filed an amicus brief last year on behalf of the United States in support of the plaintiff’s appeal, in which the agencies argued that the “hybrid” loan at issue must comply with the MLA. As previously covered by InfoBytes, the agencies wrote that GAP coverage “is not needed to buy a car and does not advance the purchase or use of the car.” The agencies noted that GAP coverage is identified as a “debt-related product that addresses a financial contingency arising from a total loss of the car” and that the coverage can be purchased as a standalone product. According to the brief, the plaintiff’s loan is a “hybrid loan—that is, a loan that finances a product bundle including both an exempt product (such as a car) and a distinct non-exempt product (such as optional GAP coverage),” and the district court erred in failing to interpret the MLA consistent with guidance issued in 2016 and 2017 by the DOD suggesting that such “hybrid loans” are consumer credit subject to the protections in the MLA. The 2017 guidance explained that “a credit transaction that includes financing for [GAP] insurance … would not qualify for the exception,” and the agencies argued that although the 2017 guidance was withdrawn in 2020, the “withdrawal did not offer a substantive interpretation of the statute that would alter the conclusion” that the plaintiff’s loan was not exempt from the MLA.
District Court upholds arbitration in website terms of use
On March 28, the U.S. District Court for the Western District of North Carolina ruled that class members must arbitrate their claims against an online lending marketplace relating to a 2022 data breach that affected current, former, and prospective customers. The court found that a mandatory arbitration clause contained in the defendant’s terms of use agreement “is broad enough to encompass the claims” brought by class members, and adopted recommendations made by a magistrate judge in February, who found that the agreement not only requires users to agree to be bound by its terms of use when they make their accounts, but also requires that users consent, acknowledge, and agree to its terms of use any time they submit consumer loan searches on the website. The plaintiff argued that there was not a binding contract between the parties because he did not “fully and clearly” understand that he had agreed to arbitrate disputes with the defendant. He further attested that because he never saw the terms of use, he “lacked actual or inquiry notice.” In particular, the plaintiff complained about the placement and font size of the notice, which he claimed no reasonable consumer would have seen “as there is no reason to scroll down the page after seeing the ‘Create Account’ tab.” The magistrate judge disagreed, stating that the “[p]laintiff had multiple opportunities to read and decline the terms if he chose,” and that “[t]his is not the needle in a haystack search that [p]laintiff depicts.” In agreeing with the recommendations, the court concluded that the plaintiff failed to show that the magistrate judge’s determination “was clearly erroneous or contrary to law” and said the plaintiff is bound by the arbitration clause.
9th Circuit: Law firm did not violate FCRA by accessing credit report
On March 17, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s grant of summary judgment in favor of a defendant law firm that allegedly accessed a plaintiff’s credit report to obtain her current address after it was hired to collect unpaid homeowner association (HOA) assessments. The plaintiff filed a class action lawsuit claiming, among other things, that the defendant violated the FCRA by accessing her credit report without her consent and that neither the HOA nor the defendant are creditors within the meaning of the FCRA. The district court disagreed, concluding that the HOA was in fact a creditor for purposes of the FCRA. “Under the [a]greement, the HOA determines the assessment amount for a full year and then makes it payable in installments over the course of the year. Thus, it regularly extends credit,” the district court wrote, explaining that because the HOA is a creditor, its attorneys, in collecting on the account, have the right to review a consumer’s credit report without consent. Moreover, the district court determined that the defendant had established the requisite “direct link” between the credit transaction and its request for the plaintiff’s credit report.
The 9th Circuit concluded that the “[d]efendant’s reading of the statute was not objectively unreasonable” because the plaintiff “had a grace period during which she could receive half a month’s services that she had not yet paid for,” which “could be considered an extension of credit.” While concurring with the panel, one of the judges commented, however, that “[i]t is hard to imagine that Congress intended FCRA, a statute that protects consumer privacy, to empower HOAs composed of neighboring homeowners to run their neighbors’ credit reports if homeowners fall two weeks behind in their payments.” The judge recommended that the appellate court “revisit the issue,” noting that it is unclear under current case law whether an HOA assessment qualifies as a “credit transaction” under the FCRA.
District Court approves $1.75 million data breach settlement
On March 3, the U.S. District Court for the Central District of California granted final approval of a $1.75 million class action settlement resolving allegations related to a 2020 data breach that compromised nearly 100,000 individuals’ personally identifiable information, including financial information, social security numbers, health records, and other personal data. The affected individuals are students, parents, and guardians who were enrolled in a system used to manage student data in a California school district. According to class members, by failing to adequately safeguard users’ login credentials and by failing to timely notify individuals of the breach, the company violated, among other things, California’s unfair competition law, the California Customer Records Act, and the California Consumer Privacy Act.
Under the terms of the settlement, the company is required to pay a non-reversionary settlement amount of $1.75 million, which will be used to compensate class members and pay for attorney fees and costs, service awards, and administrative expenses. Additionally, as outlined in the motion for preliminary approval of the class action settlement, class members are eligible to submit claims for “ordinary losses” (capped at $1,000 per person), as well as “extraordinary losses” (capped at $10,000 per person). Ordinary losses include expenses such as bank fees, long distance phone charges, certain cell phone charges, postage, gasoline for local travel, “[f]ees for additional credit reports, credit monitoring, or other identity theft insurance products,” and up to 40 hours of time, at $25/hour, for at least one full hour used to deal with the data breach. Extraordinary losses are described as those “arising from financial fraud or identity theft” where the “loss is an actual, documented, and unreimbursed monetary loss” and is “fairly traceable to the data breach” and not already covered by another reimbursement category. Class members must also show that they made “reasonable efforts to avoid, or seek reimbursement for, the loss.” All class members will be offered 12 months of credit monitoring and identity theft protection at no cost, and the company will implement “information security enhancements” to prevent future occurrences.
District Court says EFTA applies to cryptocurrency
On February 22, the U.S. District Court for the Southern District of New York partially granted a cryptocurrency exchange’s motion to dismiss allegations that its inadequate security practices allowed unauthorized users to drain customers’ cryptocurrency savings. Plaintiffs claimed the exchange and its former CEO (collectively, “defendants”) failed to correctly implement a two-factor authentication system for their accounts and misrepresented the scope of the exchange’s security protocols and responsiveness. Plaintiffs filed a putative class action alleging violations of the EFTA and New York General Business Law, along with claims of negligence, negligent misrepresentation, breach of contract, breach of warranty, and unjust enrichment. The defendants moved to dismiss, in part, by arguing that the EFTA claim failed because cryptocurrency does not constitute “funds” under the statute. The court denied the motion as to the plaintiffs’ EFTA claim, stating that the EFTA does not define the term “funds.” According to the court, the ordinary meaning of “cryptocurrency” is “a digital form of liquid, monetary assets” that can be used to pay for things or “used as a medium of exchange that is subsequently converted to currency to pay for things.” In allowing the claim to proceed, the court referred to a final rule issued by the CFPB in 2016, in which the agency, according to the court’s opinion, “expressly stated that it was taking no position with respect to the application of existing statutes, like the EFTA, to virtual currencies and services.” In the final rule, the Bureau stated that it “continues to analyze the nature of products or services tied to virtual currencies.” The court dismissed all of the remaining claims, citing various pleading deficiencies, and finding, among other things, that the “deceptive acts or practices” claim under New York law failed because plaintiffs did not identify specific deceptive statements the defendants made or deceptive omissions for which the defendants were responsible.
4th Circuit remands privacy suit to state court
On February 21, the U.S. Court of Appeals for the Fourth Circuit held that a proposed class action over website login procedures belongs in state court. Plaintiff alleged that after a nonparty credit reporting agency experienced a data breach, it used the defendant subsidiary’s website to inform customers whether their personal data had been compromised. Because the defendant’s website required the plaintiff to enter six digits of his Social Security number to access the information, the plaintiff alleged violations of South Carolina’s Financial Identity Fraud and Identity Theft Protection Act and the state’s common-law right to privacy. Under the state statute, companies are prohibited from requiring consumers to use six digits or more of their Social Security number to access a website unless a password, a unique personal identification number, or another form of authentication is also required. According to the plaintiff, the defendant’s website did not include this requirement.
The defendant moved the case to federal court under the Class Action Fairness Act and requested that the case be dismissed. Plaintiff filed an amended complaint in federal court, as well as a motion asking the district court to first determine whether it had subject matter jurisdiction, given the U.S. Supreme Court’s ruling in TransUnion LLC v. Ramirez, which clarified the type of concrete injury necessary to establish Article III standing (covered by InfoBytes here). Although the district court held that the plaintiff had alleged “an intangible concrete harm in the manner of an invasion of privacy,” which it said was enough to give it subject-matter jurisdiction “at this early stage of the case,” it dismissed the case after determining the plaintiff had not plausibly stated a claim.
In reversing and remanding the action, the 4th Circuit found that the plaintiff alleged only a bare statutory violation and had not pled a concrete injury sufficient to confer Article III standing in federal court. The appellate court vacated the district court’s decision to dismiss the case and ordered the district court to remand the case to state court. The 4th Circuit took the position that an intangible harm, such as a plaintiff “enduring a statutory violation” is insufficient to confer standing unless there is a separate harm “or a materially increased risk of another harm” associated with the violation. “[Plaintiff] hasn’t alleged—even in a speculative or conclusory fashion—that entering six digits of his SSN on [defendant’s] website has somehow raised his risk of identity theft,” the 4th Circuit said. In conclusion, the 4th Circuit wrote: “We offer no opinion about whether the alleged facts state a claim under the Act. Absent Article III jurisdiction, that’s a question for [plaintiff] to take up in state court.”