InfoBytes Blog

Special Alert: SCOTUS Vacates Ninth Circuit Decision in Case Alleging Procedural FCRA Violations

On May 16, the United States Supreme Court issued an opinion vacating the Ninth Circuit’s 2014 ruling that a plaintiff had standing under Article III of the Constitution to sue an alleged consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA), for alleged procedural violations of the FCRA, 15 U.S.C § 1681 et seq. Spokeo v. Robins, No. 13-1339 (U.S. May 16, 2016). According to plaintiff Thomas Robins, the reporting agency violated his individualized (rather than collective) statutory rights by reporting inaccurate credit information regarding Robins’s wealth, job status, graduate degree, and marital status in willful noncompliance with certain FCRA requirements. In a 6-2 opinion delivered by Justice Alito, the Court ruled that Robins could not establish standing by alleging a bare procedural violation because Article III requires a concrete injury even in the context of statutory violation. Here, the Ninth Circuit erred in failing to consider separately both the “concrete and particularized” aspects of the injury-in-fact component of standing. The Court opined that the Ninth Circuit’s analysis was incomplete:

[T]he injury-in-fact requirement requires a plaintiff to allege an injury that is both “concrete and particularized.” Friends of the Earth, Inc. v. Laidlaw Environmental Services (TOC), Inc., 528 U.S. 167, 180-181 (2000) (emphasis added). The Ninth Circuit’s analysis focused on the second characteristic (particularity), but it overlooked the first (concreteness). We therefore…remand for the Ninth Circuit to consider both aspects of the injury-in-fact requirement.

Relying on case law, the Court emphasized that the “irreducible constitutional minimum” of Article III’s standing to sue relies on the plaintiff demonstrating (i) an injury-in-fact; (ii) that the injury is fairly traceable to the challenged conduct of the defendant; and (iii) that the injury is likely to be redressed by a favorable judicial decision. Lujan v. Defenders of Wildlife, 504 U.S., 560-561 (U.S. June 12, 1992); Friends of the Earth, Inc., 528 U.S., at 180-181. Spokeo primarily revolves around the first element, establishing an injury-in-fact. Again relying on Lujan, the Court reasoned that to establish injury-in-fact, the plaintiff must “show that he or she suffered ‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.’” Lujan, at 560. According to the Court, the Ninth Circuit’s discussion of Robins’s standing to sue, and in particular its discussion of whether Robins had articulated an individualized statutory right rather than a collective right, concerned only the particularization element of establishing an injury-in-fact. The Court stated that the Ninth Circuit’s standing analysis was incomplete because it had failed to consider whether the “concreteness” requirement for an injury-in-fact—whether Robins had a “real” and “not abstract” injury—also had been satisfied. While the Court did make clear that a concrete injury could be intangible and that Congress may identify intangible harms that meet minimum Article III requirements, it noted that “Congress’ role in identifying and elevating intangible harms does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.”

The Court noted that because the Ninth Circuit had not fully distinguished concreteness from particularization, it had failed to consider whether the reporting agency’s procedural violations of the FCRA constituted a sufficient degree of risk to Robins to meet the concreteness standard. The Court observed that while a procedural violation of the FCRA may, in some cases, be sufficient to establish a concrete injury-in-fact, not all inaccuracies in consumer information, i.e. an incorrect zip code, cause harm or a material risk of harm. Further, because “Article III standing requires a concrete injury even in the context of a statutory violation” the Court explained that “Robins cannot satisfy the demands of Article III by alleging a bare procedural violation.”

The Court vacated the Ninth Circuit’s judgment, and remanded the case for the Ninth Circuit to consider both aspects of the injury-in-fact requirement.

* * *

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

• Amanda Raines Lawrence, (202) 349-8089
• Fredrick Levin, (310) 424-3984
• Andrew Louis, (202) 349-8061

FCRA U.S. Supreme Court Spokeo Appellate Ninth Circuit

Treasury Department Issues Marketplace Lending Report

On May 10, the U.S. Department of the Treasury (hereafter, Department or Treasury) released a report on “Opportunities and Challenges in Online Marketplace Lending.” The result of Treasury’s July 20, 2015 Request for Information (RFI) on Expanding Access to Credit through Online Marketplace Lending, the report summarizes the Department’s understanding of the online marketplace lending industry, including the potential benefits and risks of the growing industry in relation to consumers’ financial needs. Treasury’s key observations and findings are discussed in sections three through six of the report – Background and Definitions; Treasury Research Efforts and Themes from (RFI) Responses; Recommendations; Looking Forward.

Background and Definitions

The report provides a high-level overview of the two primary business models in online marketplace lending: (i) direct lenders originating loans to hold in their own portfolios (or balance sheet lenders); and (ii) platform lenders that partner with an issuing depository institution to originate loans, subsequently purchasing the loans and reselling them to whole-loan investors or issuing securities tied to the performance of the loans. Commenting on the various types of consumer loans offered through marketplace lending, the report identifies the unsecured consumer credit market (debt consolidation, credit card repayment, and home improvement), small business credit market, and student loan market as constituting the majority of the industry’s business. The report also notes that the industry is moving into the mortgage lending and auto loan markets. According to the report, while both direct lenders and platform lenders have altered their frameworks to allow for “flexibility in varying economic environments,” neither has demonstrated an ability to perform well in a less than favorable economic environment: “[o]nline marketplace lenders have demonstrated their ability to improve operational efficiencies, but neither the durability of technology-driven operations and credit underwriting, nor the sustainability of investor demand for loans, have yet been tested during a downturn in the credit cycle.”

Treasury Research Efforts and Themes from RFI Responses

The report summarizes approximately 100 industry responses to the RFI. According to Treasury, the overarching topics that emerged from the comments included:

• Data and Modeling Techniques for Underwriting: While the industry’s use of data as an underwriting tool to provide loans in targeted market areas expedites credit assessment and reduces cost, the report suggests that it also poses disparate impact risk in credit outcomes and could lead to fair lending violations. Many commenters highlighted the efficiency benefits of automated data sources, while others expressed concern for the lack of transparency when using “big data.”
• Access to Credit: Industry stakeholders maintain that online marketplace lending is expanding access to credit by lending to borrowers who otherwise might not qualify for loans from traditional financial institutions.
• Operational Challenges: According to commenters, a gap in lenders’ servicing and collection capabilities exist. In addition to concern that new underwriting models have not been tested through a full credit cycle, consumer advocates expressed concern for the industry’s reliance on servicing and collections firms: “[w]here depository institutions have tended [to] perform most functions internally, many online marketplace lenders are choosing to specialize in certain core functions while outsourcing other services.” Since new underwriting models and underlying operations of the industry have not been tested in deteriorated credit conditions, commenters’ main concern in relation to the “heavy” reliance on outsourcing services to collections and servicing firms lies in the possibility of a rise in delinquencies and defaults.
• Consumer Protection: RFI commenters addressed a need for “uniform consumer protections across financial institutions and online marketplace lenders,” with many consumer advocates arguing for enhanced safeguards for small business borrowers: “[s]mall business loans do not currently operate under all of the same consumer protection laws and regulations as personal loans, but may receive protection only under contract law or the enforcement of fair lending laws under ECOA. Consumer advocates argued that many small business borrowers should be treated as consumers.”
• Transparency: Most commenters agreed that greater transparency in disclosure forms would benefit industry participants, borrowers and investors alike.
• Secondary Market Activity: Commenters acknowledged that the secondary market for whole loans is underdeveloped, noting that although trading platforms for online marketplace securities have emerged, they’re not widely used. Generally, commenters agreed that the industry would benefit from a transparent and “well-functioning securitization market with active repeat issuance.”
• Regulation: Commenters’ views regarding the regulatory regime surrounding the industry varied. Some argued for a uniform regulatory regime, others recommended an ongoing interagency working group, and several argued that existing regulations sufficiently address industry risk. A need for greater regulatory clarity was expressed in many comments, with commenters drawing attention to the following areas: (i) consumer protection; (ii) small business protection; (iii) cybersecurity and fraud; (iv) true lender designation in the platform business model; (v) BSA/AML requirements; and (vi) risk retention.

Recommendations

Based on its understanding of the marketplace lending industry and review of responses to the RFI, Treasury makes the following policy recommendations in the report: (i) support greater small business borrower protections and effective oversight; (ii) adopt industry servicing standards that ensure sound borrower experience from customer acquisition through collections in the event a loan becomes delinquent; (iii) promote a transparent marketplace by, among other things, creating a “private sector driven registry for tracking data on transactions, including the issuance of notes and securi­tizations, and loan-level performance”; (iv) expand access to credit through sound partnerships with traditional financial institutions and Community Development Financial Institutions; (v) support the expansion of safe and affordable credit through government held data by promoting the use of smart disclosures (the release of information in standard machine readable formats that third-party software can easily process)  and data verification sources; and (vi) facilitate interagency coordination by creating a standing working group to include the Treasury, CFPB, FDIC, Federal Reserve, FTC, OCC, Small Business Administration, and SEC that would, among other things, identify areas where additional regulatory clarity could benefit consumers.

Looking Forward

In its final section, the report addresses trends and developments that Treasury believes “should be closely watched.” Regarding evolving credit scoring models, the report expressed concern on behalf of consumer advocates that increased automation and accuracy of credit scoring may “create a vicious cycle where those already disadvantaged will pay more for credit, and therefore be more likely to become financially fragile and default, and the cycle will repeat itself.” Referencing an increase in delinquency rates from January to December 2015, as well as an increase in charge off rates from October 2015 to December 2015, Treasury further stresses the need to monitor how the industry tests and adapts models in an unfavorable credit environment. Additional areas to monitor highlighted in the final section include: (i) the investment community, noting that as securitization activity increases, “[p]rudent loan underwriting, securitization transaction pricing, and robust governance and disclosures are necessary to ensure market soundness”; (ii) cybersecurity, encouraging financial sector firms to develop sufficient baseline protections and best practices to mitigate the risk of cyber incidents and to protect consumers; (iii) Bank Secrecy Act requirements, emphasizing that FinCEN will continue to monitor the industry for money laundering and terrorist financing risks; and (iv) mortgage and auto loan markets, with Treasury continuing to monitor the origination volumes and loan performance as these sectors within the industry develop.

Department of Treasury Online Lending

FTC Issues Guidance on Consumer Reporting Obligations under the FCRA

On May 10, the FTC released new guidance on consumer reporting obligations under the FCRA. The guidance is intended to assist companies in understanding whether or not they are subject to consumer reporting requirements under the FCRA. According to the FTC, a company that sells or provides “consumer reports” as defined in Section 603 of the FCRA, 15 U.S.C. § 1681a(d), is considered a “consumer reporting agency” bound by FCRA requirements: “even if you don’t think of your company as a consumer reporting agency, it may be one if it provides information about people to employers for use in hiring or other employment decisions.” The guidance further notes that employment background screening companies are typically subject to FCRA requirements, such as: (i) establishing and following “‘reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates’”; (ii) obtaining certifications that verify, among other things, their clients are legitimate and that the credit report will only be used for employment purposes; (iii) providing clients with information regarding their responsibilities under the FCRA, as well as a summary of consumer rights under the FCRA; and (iv) honoring certain rights of applicants and employees, including providing access to files upon request and conducting a reasonable investigation of consumer disputes.

FTC FCRA

OCC Updates Comptroller's Handbook to Include New Student Lending Booklet

On May 9, the OCC updated its Comptroller’s Handbook to include a new booklet titled “Student Lending.” Despite banks having to alter their private student lending strategies as a result of the 2008 financial crisis, the OCC’s booklet maintains that banks can still benefit from the wider array of consumer products and the broader business model that the private student lending industry offers. The new booklet contains information related to banks’ participation in the private student lending industry, including, but not limited to:

• Inherent credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risks in the industry.
• Unique aspects of private student loans, such as the “significant time lag between loan advances and repayment, and the student borrower’s lack of certainty in finding a stable, reliable primary source of repayment after graduation.”
• Regulatory expectations for safe and sound operations, cautioning that banks should adhere to the credit underwriting and documentation standards as stated in 12 CFR 30, appendix A, “Safety and Soundness Standards.”
• Risk management practices, reminding banks that use third parties to market, solicit, or originate private student loans to have in place risk management frameworks that include due diligence in selecting third parties, written contracts that have been vetted for duties, obligations, and responsibilities of all parties (compensation parameters included), and ongoing monitoring and quality assurance programs.

Designed for examiners to use in their examination and supervision of banks involved in the private student lending industry, the booklet outlines two sets of examination procedures: (i) primary examination, when an examiner’s objective is to “assess risk level, evaluate the quality of risk management, and determine the aggregate level and direction of risk of the bank’s student lending activities”; and (ii) supplemental examination, when examiners “determine whether student lending marketing activities are consistent with the bank’s business plans, strategic plans, and risk appetite, and that appropriate controls and systems are in place before the bank rolls out new products or new-product marketing initiatives.” Finally, the booklet advises examiners reviewing banks’ student lending activities to “remain alert for lending practices and product terms that could indicate discriminatory, unfair, deceptive, abusive, or predatory issues.”

Examination OCC Student Lending Comptroller's Handbook Risk Management

Congressman Luetkemeyer Proposes Bill to Eliminate "Abusive" in CFPB's UDAAP Authority

Recently, Representative Blaine Luetkemeyer (R-MO) introduced H.R. 5112, the Unfair or Deceptive Acts or Practices Uniformity Act, to make the authority of the CFPB and FTC more consistent and similar, and to encourage greater communication among regulators. Specifically, the Act would amend Section 1031 of the Dodd-Frank Act by removing the CFPB’s ability to regulate “abusive” conduct from its current authority to regulate “unfair, deceptive or abusive” acts or practices (UDAAP). In addition, the bill would insert the following language at the end of Section 1031: “[i]n prescribing any rule under this subsection, the Bureau shall comply with the requirements of section 18 of the Federal Trade Commission Act (15 U.S.C. 57a) applicable to the Federal Trade Commission when the Commission prescribes rules and general statements of policy under that section with respect to unfair or deceptive acts or practices in or affecting commerce.”

CFPB FTC UDAAP U.S. House

Senate Judiciary Committee Holds Hearing to Discuss FCC's Proposed Privacy Rules

On May 11, the Subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee held a hearing titled “Examining the Proposed FCC Privacy Rules.” Present at the hearing were witnesses FCC Chairman Thomas Wheeler, FCC Commissioner Ajit Pai, FTC Chairwoman Edith Ramirez, and FTC Commissioner Maureen Ohlhausen. The focal point of the hearing was the FCC’s proposed rule (which comes after its Open Internet Order released in February 2015, designed to preserve net neutrality) on broadband internet services, which is, according to proponents of the proposal, intended to ensure that consumers’ personal information is adequately protected when Internet Service Providers (ISP) collect information on consumers using their products. According to FCC Chairman Wheeler’s opening remarks, the FCC’s proposed rule governing the privacy and security of consumer data is built on “transparency, choice, and security.” Commission members Pai and O’Reilly oppose the proposal, with Commissioner Pai commenting at the hearing that the proposal imposes “stringent regulation” on ISPs, in spite of Commissioner Wheeler’s November 2015 statement before the House Energy and Commerce Committee’s Subcommittee on Communications and Technology that the FCC “would ‘not be regulating the edge providers differently’ from ISPs.” In contrast to the FCC’s proposal, the FTC maintains a unified approach toward regulating ISPs and other online actors. Speaking to the FTC’s efforts to protect consumer information, Chairwoman Ramirez’s and Commissioner Ohlhausen’s joint testimony summarized the FTC’s enforcement, policy, and education work related to consumer privacy and highlighted recent FTC and FCC joint enforcement actions. According to Senator Leahy’s (D-VT) opening remarks, the FCC’s recent proposal raises the question as to whether FCC regulation of specialized broadband privacy issues is “unnecessary in light of the FTC’s general enforcement power.” Advocates of the FCC’s proposal, such as Senator Leahy, maintain that the FTC’s case-specific enforcement power cannot be a substitute for the FCC’s “expert rulemaking process”; while those in opposition, such as FCC Commissioner Pai, argue that the proposal “makes little, if any, sense.” Comments on the FCC’s proposal are due by May 27, 2016, with the reply comment period ending June 27, 2016.

FTC FCC U.S. Senate Privacy/Cyber Risk & Data Security

DOJ Sentences Founder of Money Laundering Operation to 20 Years Imprisonment

On May 6, the DOJ announced that U.S. District Judge Denise L. Cote sentenced the founder of a Costa Rica-based virtual currency company to 20 years imprisonment and ordered him to pay a $500,000 fine for charges related to illegal money laundering. According to the DOJ, the individual owner, at all relevant times, directed and supervised the company’s operations and was aware that cybercriminals, such as credit card traffickers and identity thieves, were using the “digital currency empire” to launder the proceeds of illegal activity. The DOJ further asserts that the company “grew into a financial hub for cybercriminals around the world, trafficking the criminal proceeds of Ponzi schemes, credit card trafficking, stolen identity information and computer hacking.” When the government shut the company down in May 2013, it had more than 5.5 million user accounts worldwide and more than 78 million financial transactions processed, valued at more than $8 billion. Prior to the sentencing hearing, the owner pleaded guilty to one count of conspiring to commit money laundering; four other co-defendants also pleaded guilty, with two individuals being sentenced to five and three years in prison and two others awaiting sentencing.

DOJ Virtual Currency

Deputy Attorney General Yates Expands on Individual Accountability Policy

On May 10, Deputy U.S. Attorney General Sally Yates spoke at the New York City Bar Association’s White Collar Crime Conference and expanded on the DOJ’s Individual Accountability Policy, which informally bears Yates’ name (the Yates Memo). The DOJ issued the Yates Memo in September 2015, and Yates’ remarks were focused on why the DOJ issued the policy and how it has been working in practice. Yates made clear that “holding individuals accountable for corporate wrongdoing has always been a priority for” the DOJ, but that the policy memorandum was necessary to overcome “real world challenges” that the DOJ encounters (e.g., convoluted corporate structures and lines of authority, data privacy laws, and inability to compel foreign witness testimony) so that it can hold individuals responsible for corporate wrongdoing.

In practice, Yates said that the policy has not caused the parade of horrors that defense attorneys and client alerts have predicted. For example, she stated that she was not aware of any company refusing to cooperate with the DOJ as a result of the policy. She further added that “no one has told us that they will be forced to waive privilege in order to comply with the policy.” Instead, she said that the policy already has caused a shift toward higher compliance standards within companies.

Yates also highlighted how DOJ attorneys are focused on individuals from the outset of an investigation: “[t]he first thing the lawyers briefing me discuss is what we are doing to identify the individuals involved and what the company is doing during the course of its cooperation to meet its obligation to provide all the facts about individual conduct.” In addition, civil enforcement efforts have broadened to focusing on individuals. According to Yates, “[a]bility to pay is one of the factors considered, but it’s no longer the determinative factor in deciding whether to bring an action in the first instance.

DOJ

Former Currency Manufacturer Manager Convicted and Sentenced In UK for Making Corrupt Payments

On May 11, following a five-week trial in a London court, a former manager of an Australia-based banknote manufacturer was convicted of four counts of making corrupt payments to a foreign official in violation of the Prevention of Corruption Act 1906. Peter Chapman, the former manager of the polymer banknote manufacturer’s Africa office, was acquitted on two other counts. Chapman was convicted of bribing an agent of Nigerian Security Printing and Mining PLC in order to secure contracts for the purchase of reams of polymer substrate from the banknote manufacturer. The total amount of bribes to the agent equaled approximately $205,000. On May 12, Chapman was sentenced to two and a half years (30 months on each convicted count, to be served concurrently).

The UK Serious Fraud Office (SFO) prosecuted the case following a joint investigation by the SFO and the Australian Federal Police, which initiated the investigation in May 2009.

Anti-Corruption

FinCEN Finalizes Long-Awaited Customer Due Diligence Rule

On May 6, FinCEN issued a final rule imposing standardized customer due diligence requirements for banks, broker-dealers, mutual funds, futures commission’s merchants and introducing brokers in commodities. Subject to exceptions for certain types of entities deemed low risk by FinCEN, beginning on May 11, 2018, covered institutions must identify any natural person that owns, directly or indirectly, 25% or more of a legal entity customer or that exercises control over the entity. Covered financial institutions would also have to take measures to verify that they know the true identity of each person identified as a beneficial owner (but would not be required to verify that such persons are in fact beneficial owners). The requirement will apply to new accounts opened by legal entity customers, and will not be retroactive. Additionally, the final rule adds a standardized set of four customer due diligence requirements as a “fifth pillar” of an effective anti-money laundering program. In addition to identification and verification of beneficial owners of legal entities, the requirements include: (i) identification and verification of customers; (ii) understanding the nature and purpose of the customer relationship; and (iii) ongoing monitoring for reporting suspicious transactions and, on a risk basis, updating customer information.

FinCEN Agency Rule-Making & Guidance