InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court Finds that Texts Sent Via Mobile App Not Subject to TCPA Due to Users' "Affirmative Choices" to Send Messages
On August 24, a California district court ruled in favor of a rewards-based app company, rejecting plaintiffs’ arguments that the company violated the Telephone Consumer Protection Act (TCPA). Huricks v. Shopkick, Inc., No. c-14-2464-mmc (N.D. Cal. Aug. 24, 2015). In Huricks, plaintiffs brought a putative class action, arguing that the company’s mobile app sent spam text messages with links to the company’s website to mobile phones without consumers’ consent in violation of the TCPA and a derivative claim under the California Business and Professions Code. In rejecting plaintiffs’ claims and granting summary judgment on all counts, the court relied on a recent FCC Order where the FCC ruled, among other matters, that a company was not the maker or initiator of invitational text messages subject to the TCPA’s requirements when users of the app make a series of “affirmative choices” in order for the text messages to be sent. The court ruled that, even though the company controlled the text message’s content, the company’s evidence established that a user of its app “must [have] proceed[ed] through a multi-step invitation flow within the app” to cause text messages to be sent to the user’s contacts. The court noted that users of the app had to (i) tap a button to invite friends, (ii) choose which contacts to invite, and (iii) choose to send the text message by selecting another button. The court concluded the company was not the initiator of these texts under the TCPA and granted the company’s motion for summary judgment.
Federal Reserve Bank of Boston's Payment Strategies Team Provides Snapshot of Mobile Banking Landscape
On August 17, the Federal Reserve Bank of Boston published a report that outlines the results of a 2014 survey intended to capture “a point-in-time snapshot of mobile banking and payments at [financial institutions]” across five Federal Reserve bank districts. One of the largest U.S. surveys completed on mobile banking and payment services at financial institutions, the collected data mostly came from banks and credit unions – a combined total of more than 600 – with less than $500 million in assets. The survey showed that with the rise of smartphones, consumers are more easily able to use mobile devices for payments, and they demonstrate “growing comfort with mobile and digital wallets as well as willingness to pay with mobile-based solutions.” As competing mobile technologies emerge, such as non-bank technology service providers, the report found the need for financial institutions to “create mobile banking and payment strategies to respond to [the] changing environment” becomes more relevant. The report highlighted that roughly 75 percent of the financial institutions surveyed offer the following mobile services, with a majority of the remaining 25 percent planning to offer them by 2016: (i) checking balances; (ii) transferring funds between a single owner’s account; (iii) viewing statements and transaction history; (iv) ATM / branch locator; and (v) bill payment. The report further suggested that financial institutions should “keep pace” with the growing mobile banking market and “be proactive and help make the best solutions succeed.”
Russian Nuclear Official Pleads Guilty in FCPA-Related Case
On August 31, the DOJ announced that Vadim Mikerin, the former president of TENAM Corporation and a director of the Pan American Department of JSC Techsnabexport (TENEX), pleaded guilty to conspiracy to commit money laundering in connection with arranging over $2 million in bribes for contracts with the Russian state-owned nuclear energy corporation. TENEX, a subsidiary of Russia’s State Atomic Energy Corporation, is based in Moscow and acts as the sole supplier and exporter of Russian Federation uranium and uranium enrichment services to nuclear power companies worldwide. Mr. Mikerin admitted to conspiring to transfer funds from the United States to offshore accounts with the intent to perpetuate a bribery scheme in violation of the FCPA. These bribes were made to influence the award of contracts to transport down-blended uranium to US nuclear utility providers. As part of Mr. Mikerin’s plea agreement, he agreed to forfeit over $2.1 million he received in bribes. Mr. Mikerin is expected to be sentenced in December, and faces up to five years in prison and a $250,000 fine.
In addition to Mr. Mikerin, two other individuals, Darren Condrey and Boris Rubizhevsky, have pleaded guilty for their respective involvement in the scheme, including conspiracy to violate the FCPA and commit wire fraud, and conspiracy to commit money laundering, respectively.
Former Chief Credit Officer Sentenced to Over Eight Years in Prison for Role in Securities Fraud Scheme
On September 1, Ebrahim Shabudin, the former Chief Credit Officer of a San Francisco-based bank, was sentenced to 97 months in prison for his involvement in a securities fraud scheme stemming from the bank’s 2009 financial collapse. In 2008, the Troubled Asset Relief Program (TARP) gave the bank roughly $298 million in federal funds. The FDIC took over the bank in 2009 and stated that it was “the ninth largest failure since 2007 of a bank insured by the FDIC’s Deposit Insurance Fund.” In 2013, the FDIC estimated that the bank would accrue losses exceeding $1.1 billion; however, with the United States’ economic recovery, the estimated loss dropped to approximately $677 million.
The DOJ charged Shabudin with “conspiring with others within the bank to falsify key bank records as part of a scheme to conceal millions of dollars in losses and falsely inflate the bank’s financial statements.” Shabudin allegedly falsified records filed with the SEC and the FDIC pertaining to the bank’s 2008 third and fourth quarters and year-end earnings per share. On March 25, 2015, Shabudin was found guilty on seven charges: (i) conspiracy to commit securities fraud; (ii) securities fraud; (iii) falsifying corporate books and records; (iv) false statements to accountants; (v) circumventing internal accounting controls; (vi) conspiracy to commit false bank entries; and (vii) false bank entries. In addition to the prison sentence, U.S. District Judge White ordered the former Chief Credit Officer to undergo three years of supervised release and pay $348,000 in restitution. Both the bank’s CFO and Senior Vice President pleaded guilty to similar charges last year and currently await sentencing.
FDIC-Insured Financial Institutions Report Record Second Quarter Earnings
On September 2, the FDIC issued its latest Quarterly Banking Profile. The Profile indicates that community banks and savings institutions reported an aggregate net income of $43 billion in the second quarter of 2015, the highest quarterly income on record. The FDIC attributed this rise in second quarter income to steady loan growth at most institutions along with a sharp increase in community bank earnings as compared to the second quarter of 2014. In a statement, FDIC Chairman Martin Gruenberg provided a mixed assessment surrounding the second quarter results of FDIC-insured institutions. Specifically, Gruenberg noted, “the industry experienced a continuation of positive trends observed over recent quarters. Revenue and income growth was broad-based, asset quality improved, loan balances increased, there were fewer problem banks, and only one bank failed during the quarter. However, the banking industry continues to face challenges. Revenue growth has lagged behind asset growth, as exceptionally low interest rates put downward pressure on net interest margins.”
California Governor Signs Executive Order Aimed At Strengthening Cybersecurity Strategy
On August 31, California Governor Edmund G. Brown signed Executive Order B-34-15. A response to recent cyber-attacks, this order is intended to bolster the state’s preparedness, to improve inter-agency, cross-sector coordination, and to reduce the likelihood and severity of such attacks. Specifically, the order establishes the California Cybersecurity Integration Center (Cal-CSIC) and explains that the Cal-CSIC “will work closely with the California State Threat Assessment System and the U.S. Department of Homeland Security and will facilitate more integrated information sharing and communication with local, state and federal agencies, tribal governments, utilities and other service providers, academic institutions and non-governmental organizations.”
Under the order, the Cal-CSIC will also establish a multi-agency Cyber Incident Response Team, which will be comprised of personnel from agencies, departments, and organizations from the Cal-CSIC. The Response Team will serve as California’s “primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state.”
Special Alert: Third Circuit Gives FTC Green Light to Continue Enforcing Corporate Data Security
On August 24, the U.S. Court of Appeals for the Third Circuit affirmed the Federal Trade Commission’s authority to hold companies accountable for their data security practices under Section 5 of the FTC Act (15 U.S.C. § 45(a)), which declares unlawful “unfair or deceptive acts or practices in or affecting commerce.” The unanimous ruling found that “deficient cybersecurity,” practices, which “fail to protect consumer data against hackers,” may be found to be “unfair” practices under the Act, subject to FTC enforcement. The FTC had sued Wyndham for allegedly deficient cybersecurity practices that enabled hackers to obtain payment card information from over 619,000 consumers.
In affirming that the FTC has authority under Section 5 to pursue claims of inadequate data security, the Third Circuit explained that a company’s inadequate data security in the face of foreseeable intrusions falls within the plain meaning of “unfair.” The Third Circuit assured Wyndham that this authority does not enable the agency to dictate the type of locks on hotel room doors or the placement of guards on corporate premises. Nor does it have the authority to sue for every perceived deficiency, just as it would not have the authority to sue supermarkets simply for failing to consistently “sweep up banana peels.” However, the court pointed out that it matters how – and how many – consumers are affected by a company’s practice: “were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability under § 45(a).”
Wyndham had also argued that it lacked fair notice that the FTC had the authority to assess data security practices under Section 5, but the Third Circuit disagreed, pointing out that the FTC has offered specific public guidance on data security over the years, and has filed multiple complaints and consent decrees “raising unfairness claims based on inadequate corporate cybersecurity” that put companies on notice of its enforcement authority in this space.
The Third Circuit provided some guidance of its own on how can companies avoid FTC enforcement actions alleging unfairness in data security practices, stating that “the relevant inquiry here is a cost-benefit analysis . . . that considers a number of relevant factors, including the probability and expected size of reasonably unavoidable harms to consumers given a certain level of cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity.” The more sensitive consumer data a company collects, the more it must invest in sound data security safeguards.
As a result, companies need to review their data security practices against both the standard enacted by Congress specifically to govern data security in the Gramm-Leach-Bliley Act and the much more general “unfairness” standard found in the FTC Act as well as other federal and state laws.
* * *
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Jeffrey P. Naimon, (202) 349-8030
- Walter E. Zalenski, (202) 461-2910
SCRA Compliance, Cybersecurity, and Responsible Innovation Remain Top Priorities at OCC
On August 31, Grovetta Gardineer, the OCC’s Deputy Comptroller for Compliance Operations and Policy, delivered remarks at the Association of Military Bankers of America annual workshop in Leesburg, VA. Throughout her presentation, Gardineer highlighted issues affecting financial institutions focused primarily on lending to servicemembers. Gardineer discussed the OCC’s ongoing efforts to identify and correct deficiencies within bank and thrift compliance practices and noted improved Servicemembers Civil Relief Act (“SCRA”) compliance by regulated institutions. Specifically, Gardineer observed that in 2014, the OCC cited sixty-five SCRA violations among large, midsized, and community institutions. For the first quarter of 2015, however, Gardineer reported that OCC examiners cited only seven SCRA violations. Gardineer also referenced recent amendments to the Military Lending Act (“MLA”) which expanded consumer protections to both open-end and closed-end consumer credit for servicemembers; she emphasized that banks should be proactive in updating their internal policies and procedures to reflect the MLA’s changes. Reiterating the OCC’s commitment to cybersecurity, Gardineer advised that OCC examiners intend to use the cybersecurity assessment tool “to supplement exam work to gain a more complete understanding of an institution’s inherent risk, risk management practices, and controls related to cybersecurity.” Finally, Gardineer discussed innovation within the industry, such as the emergence of various mobile payments transfer systems and peer-to-peer lending. She stressed that the OCC intends to facilitate a responsible regulatory environment that will encourage innovative financial products and services while also implementing regulations to ensure adequate consumer protections.
Buckley Sandler Secures Major Victory on Behalf of Mortgage Servicer in Putative Class Action Suit
On August 25, BuckleySandler secured a substantial victory in a putative class action in the Northern District of Illinois. McGann v. PNC, No. 11-c-6894 (N.D. Ill. Aug. 25, 2015). The suit alleged that a major mortgage servicer failed to convert Home Affordable Modification Program (HAMP) Trial Period Plans (TPPs) into permanent modifications. The Seventh Circuit Court of Appeals, with jurisdiction over the Northern District of Illinois, has allowed similar claims to survive dismissal. See Wigod v. Wells Fargo Bank, N.A., 673 F.3d 547 (7th Cir. 2012). And the Ninth Circuit has allowed such claims to go forward on a classwide basis. See Corvello v. Wells Fargo Bank, N.A., Nos. 11-16234, 11-16242, 2013 WL 4017279 (9th Cir. Aug. 8, 2013).
Despite this potentially adverse precedent relevant to the pleadings stage, BuckleySandler secured summary judgment in its client’s favor following extensive discovery by extracting key admissions from Plaintiff. These admissions established that the servicer “repeatedly told her either that her application was being reviewed or that it had been rejected but would be reinstated. A promise to review or even to reinstate an application is not a promise that the application will result in a permanent loan modification . . . she still had to meet HAMP’s requirements. That was clear from the TPP agreement itself.” Opinion at 9. The Court further held that even if these statements led Plaintiff to a subjective belief that the loan would be modified, Plaintiff could not show any actions she took in reliance, nor that any reliance would be reasonable. Opinion at 11.
Finally, the Court also held that the servicer did not engage in any unfair conduct under Illinois’ UDAAP statute, the Illinois Consumer Fraud and Deceptive Business Practices Act. The plaintiff in the matter was not a borrower on the note, but rather a non-borrower mortgagor, for whom HAMP was not available during the time in question. The Court agreed the servicer complied with HAMP guidelines in denying the permanent modification. Opinion at 16-17. And the Court went on to hold that the servicer was entitled to summary judgment for the additional reason that the evidence in discovery established that the cause of the plaintiff’s injuries was her non-qualification for HAMP, her inability to pay the mortgage, and the resulting foreclosure of the home, none of which was proximately caused by any wrongful conduct of the servicer. Opinion at 15-16.
U.S. District Court Grants FBME Preliminary Injunction; Effective Date of FinCEN's "Special Measure Five" Final Rule Delayed
On August 28, FinCEN issued a notice regarding the agency’s July 29 final rule imposing “special measure five” against FBME Bank Ltd. (“FBME”), which would prohibit financial institutions from opening or maintaining correspondent accounts or payable through accounts for or on behalf of FBME. Per FinCEN’s most recent notice, the originally scheduled effective date of August 28, 2015 has been postponed. On August 7, FBME filed suit in the United States Court for the District of Columbia and moved for a preliminary injunction, which the Court granted on August 27. The Court “ordered the parties to meet and confer as to an expedited briefing schedule on the merits of FBME’s Complaint and to file a joint proposed schedule, or separate schedules if mutual agreement cannot be reached.” The rule will not take effect until a final judgment is entered.