InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District court: Banks' claims against hospitality company for data breach may proceed
On February 7, the U.S. District Court for the District of Maryland ruled in a multidistrict litigation action that a proposed class of banks may proceed with negligence claims under Louisiana law and pursue declaratory and injunctive relief against an international hospitality company. In this case, the company’s data breach allegedly required the banks to cancel or reissue credit and debit cards, and issue refunds and credit associated with unauthorized transactions. The Louisiana bank brought the action as the representative of a class of banks that reimbursed customers for fraud on payment card accounts identified as potentially compromised because of the data breach. According to the opinion, the proposed class “has alleged facts sufficient to establish injury and causation under the Article III standing requirements.” The court rejected the company’s argument that the negligence claims are barred by Louisiana’s economic loss doctrine—which precludes recovery when the only alleged damages are economic—stating that Louisiana does not employ the doctrine in the strict sense that is applied in other states, but rather employs “a ‘duty-risk’ analysis.” The court stated that plaintiffs suing for only economic damages “must prove that there is an ‘ease of association between the rule of conduct, the risk of injury, and the loss sought to be recovered.’” The court concluded that “a reasonable trier of fact” may find an association between the company’s data collection practices and economic loss to payment card issuers. Here, the court stated, the banks are attempting to recover economic damages incurred after credit and debit cards were compromised due to the alleged negligent storage of sensitive payment card information. Moreover, the banks alleged they were forced to reimburse cardholders for fraudulent activity and incur costs to prevent future activity on those compromised cards.
11th Circuit: Guaranty agency collecting nonexistent DOE loans is not a debt collector
On February 7, the U.S. Court of Appeals for the Eleventh Circuit issued a split opinion holding that a student loan guaranty agency that mistakenly attempted to collect nonexistent student loans cannot be sued under the FDCPA because, as a guaranty agency operating on behalf of the Department of Education (Department), it does not qualify as a “debt collector” under the Act. According to the opinion, the plaintiff alleged that during a scheduled deferment period, the agency notified the plaintiff that it had paid a default claim on the loans and demanded full repayment. The plaintiff alleged that she called to dispute the demand and was told the agency had no record of her debt. Subsequently, the agency ordered the plaintiff’s employer to garnish her wages, and the plaintiff filed a complaint alleging, among other things, that the defendant violated the FDCPA by making false or misleading representations and failing to validate the debt. The plaintiff also alleged that the defendant engaged in fraudulent business practices. The district court granted summary judgment in favor of the defendant, ruling that the defendant was not a debt collector subject to the FDCPA because it was acting “incidental to a bona fide fiduciary obligation” to the Department. While the plaintiff conceded that a guaranty agency’s actions are incidental to a fiduciary obligation when it attempts to collect valid defaulted student loans, she argued that the exemption does not apply when the guaranty agency attempts to collect debts that do not exist.
On appeal, the majority agreed with the district court, holding that determining whether the defendant was a debt collector subject to the FDCPA did not depend on the validity of the claimed debt. The majority held that as long as the defendant was acting in good faith, its collection efforts would be incidental to its fiduciary obligation to the Department and exempted from the definition of “debt collector.” Specifically, the majority referenced language from the FDCPA establishing that the fiduciary obligation exemption applies when an agency attempts to collect a debt that is “owed or due or asserted to be owed or due another,” holding that such language must apply to efforts to collect debts that do not exist or that phrase would have no meaning. According to the majority, “Congress easily could have written the [FDCPA] to impose liability on persons who attempt to collection nonexistent debts pursuant to a fiduciary obligation,” but Congress chose not to.
SEC commissioner proposes cryptocurrency safe harbor
On February 6, SEC Commissioner Hester M. Pierce announced her proposal for a three-year safe harbor rule applicable to companies developing digital assets and networks. Pierce suggested that not only would the rule provide regulatory flexibility “that allows innovation to flourish,” but it would also protect investors by “requiring disclosures tailored to their needs” while still maintaining anti-fraud safeguards, allowing investors to participate in token networks of their choice. Proposed Securities Act Rule 195 would allow companies to sell or offer tokens without being subject to the Securities Act of 1933, and without the tokens being subject to the registration requirements of the Securities Act of 1934. In order to qualify for these exemptions, the proposed rule requires that a company developing a network must, among other things, (i) “intend for the network on which the token functions to reach network maturity…within three years of the date of the first token sale”; (ii) disclose key information on a freely accessible public website,” including applicable source code and descriptions of how to search and verify transactions on the network; (iii) offer and sell its tokens in order to allow access to or development of its network; (iv) make “good faith and reasonable efforts to create liquidity for users”; and (v) “file a notice of reliance” with the SEC’s EDGAR system within 15 days of the company’s first token sale made in reliance on the safe harbor. Pierce suggested that the three-year grace period for qualifying companies would allow time for the development of decentralized or functional networks, and, at the end of the three years, a successful network’s tokens would not be regulated as securities.
NYDFS encourages financial institutions to assist Puerto Rico
On February 5, the New York governor announced measures to assist with disaster relief for hurricane and earthquake-ravaged Puerto Rico. In an Industry Letter, NYDFS informed state-regulated financial institutions that they may receive Community Reinvestment Act (CRA) credit for “community development activities that revitalize or stabilize designated disaster areas” in Puerto Rico. The letter included the Federal Reserve Bank of New York’s Investment Connection program as one way for New York financial institutions to earn CRA credit. The announcement also mentioned the Guidance to New York State Regulated Banks and Credit Unions Regarding the Earthquakes in Puerto Rico issued on the same day by NYDFS. The guidance urged financial institutions with customers based in Puerto Rico to “consider all reasonable and prudent steps to assist such customers affected by the recent earthquakes in Puerto Rico.” Some of the specific suggestions included (i) waiving ATM fees, overdraft fees, and late payment fees; (ii) increasing ATM daily withdrawal limits and credit card limits; and (iii) working with customers to defer payments or extend payment due dates on loans. The NYDFS guidance also encouraged state-regulated financial institutions to assist in collecting charitable donations and in notifying their customers how they can donate to help Puerto Rico to recover.
Venezuela’s state-owned airline subject to OFAC sanctions
On February 7, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it identified a previously blocked state-owned Venezuelan airline and its fleet of aircraft pursuant to Executive Order (E.O.) 13884. The entities—subject to sanctions under E.O. 13884, which blocks property of the Venezuelan government—have been added to OFAC’s Specially Designated Nationals (SDN) List. According to OFAC’s press release, the commercial airline and its fleet have been used by Venezuela’s illegitimate government “to promote its own political agenda, including shuttling regime officials to countries such as North Korea, Cuba, and Iran.” OFAC observed that Venezuelan citizens may still travel by air on a number of other airlines that provide domestic service as well as service to and from Venezuela. OFAC also reiterated that its “regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons.”
NYDFS to take action against check cashing companies for BSA/AML violations
On February 3, NYDFS announced it intends to take enforcement action through an administrative proceeding against several check cashing entities for alleged violations of New York Banking Law and federal laws and regulations related to the business of check cashing. According to NYDFS, examinations revealed multiple concerns related to the entities’ Bank Secrecy Act/anti-money laundering (BSA/AML) program and transaction monitoring, including (i) inaccurate books and records; (ii) cashing post-dated checks; (iii) insufficient BSA/AML compliance; and (iv) inadequate risk-assessment procedures and customer identification and Know Your Customer programs. NYDFS also stated that management at the identified entities failed to implement effective controls to mitigate and manage BSA/AML compliance programs and Office of Foreign Assets Control risks despite “repeated criticism of the entities’ performance.”
NYDFS conducted a subsequent investigation, which found additional alleged violations that circumvented Federal and state banking laws, such as (i) hiring undisclosed employees who were paid “off the books”; (ii) conducting an unlicensed mobile check-cashing business; and (iii) and engaging in an illegal check-cashing scheme that structured transactions and falsified business records to give the appearance that checks were cashed on multiple dates, when in fact they were all cashed on a single date. The administrative proceeding to revoke the entities’ licenses and seek civil penalties will begin February 24.
Kraninger testifies at House hearing; final payday rule expected in April
On February 6, CFPB Director Kathy Kraninger testified at a House Financial Services Committee hearing on the CFPB’s Semi-Annual Report to Congress. (Covered by InfoBytes here.) The hearing covered the semi-annual report to Congress on the Bureau’s work from April 1, 2019, through September 30, 2019. In her opening remarks, Committee Chairwoman Maxine Waters argued, among other things, that the Bureau’s recent policy statement on the “abusiveness” standard in supervision and enforcement matters “undercuts” Dodd-Frank’s prohibition on unfair, deceptive, or abusive acts or practices. Waters also challenged Kraninger on her support for the joint notice of proposed rulemaking issued by the OCC and FDIC to strengthen and modernize Community Reinvestment Act regulations (covered by a Buckley Special Alert), arguing that the proposal would lead to disinvestment in communities, while emphasizing that Kraninger’s actions have not demonstrated the Bureau’s responsibility to meaningfully protect consumers. However, in her opening statement and written testimony, Kraninger highlighted several actions recently taken by the Bureau to protect consumers, and emphasized the Bureau’s commitment to preventing harm by “building a culture of compliance throughout the financial system while supporting free and competitive markets that provide for informed consumer choice.”
Additional highlights of Kraninger’s testimony include:
- Memoranda of Understanding (MOU) with the Department of Education (Department). Kraninger discussed the recently announced information sharing agreement (covered by InfoBytes here) between the Bureau and the Department, intended to protect student borrowers by clarifying the roles and responsibilities for each agency and permitting the sharing of student loan complaint data analysis, recommendations, and data analytic tools. Kraninger stated that the MOU will give the Department the same near real-time access to the Bureau’s complaint database enjoyed by other government partners, and also told the Committee that the Bureau and Department are currently discussing a second supervisory MOU.
- Payday, Vehicle Title, and Certain High-Cost Installment Loans. Kraninger told the Committee that a rewrite of the payday lending rule—which will eliminate requirements for lenders to assess a borrower’s ability to repay loans—is expected in April. (Covered by InfoBytes here.) Kraninger noted that the Bureau is currently reviewing an “extensive number of comments” and plans to address a petition on the rule’s payments provision. “[F]inancial institutions have argued that there were some products pulled into that that were, you know, unintended,” she stated. “[W]orking through all of that and. . .moving forward in a way that is transparent in. . .April is what I am planning to do.”
- Ability-to-Repay and Qualified Mortgages (QM). Kraninger discussed the Bureau’s advanced notice of proposed rulemaking that would modify the QM Rule by moving away from the 43 percent debt to income ratio requirement and adopt an alternative such as a pricing threshold to ensure responsible, affordable mortgage credit is available to consumers. (Covered by InfoBytes here.) She stated that the Bureau would welcome legislation from Congress in this area.
- Supervision and Enforcement. Kraninger repeatedly emphasized that supervision is an important tool for the Bureau, and stated in her written testimony that during the reporting period discussed, “the Bureau’s Fair Lending Supervision program initiated 16 supervisory events at financial services institutions under the Bureau’s jurisdiction to determine compliance with federal laws intended to ensure the fair, equitable, and nondiscriminatory access to credit for both individuals and communities, including the Equal Credit Opportunity Act [] and HMDA.” In addition to discussing recent enforcement actions, Kraninger also highlighted three innovation policies: the Trial Disclosure Program Policy, No-Action Letter Policy, and the Compliance Assistance Sandbox Policy. (Covered by InfoBytes here.)
- Military Lending Act (MLA). Kraninger reiterated her position that she does not believe Dodd-Frank gives the Bureau the authority to supervise financial institutions for military lending compliance, and repeated her request for Congress to grant the Bureau clear authority to do so. (Covered by InfoBytes here.) Congressman Barr (R-KY) noted that while he introduced H.R. 442 last month in response to Kraninger’s request, the majority has denied the mark up.
- UDAAP. Kraninger fielded a number of questions on the Bureau’s recent abusiveness policy statement. (Covered by InfoBytes here.) Several Democrats told Kraninger the new policy will put unnecessary constraints on the Bureau’s enforcement powers, while some Republicans said the policy fails to define what constitutes an abusive act or practice. Kraninger informed the Committee that the policy statement is intended to “clarify abusiveness and separate it from deceptive and unfairness because Congress explicitly gave us those three authorities.” Kraninger reiterated that the Bureau will seek monetary relief only when the entity has failed to make a good faith effort to comply, and that “[r]estitution for consumers will be the priority in these cases.” She further emphasized that “in no way should that policy be read to say that we would not bring abusiveness claims.” Congresswoman Maloney (D-NY) argued, however, that a 2016 fine issued against a national bank for allegedly unfair and abusive conduct tied to the bank’s incentive compensation sales practices “would have been substantially lower if the [B]ureau hadn’t charged [the bank] with abus[ive] conduct also.” Kraninger replied that the Bureau could have gotten “the same amount of restitution and other penalties associated with unfairness alone.”
- Constitutionality Challenge. Kraninger reiterated that while she agrees with Seila Law on the Bureau’s single-director leadership structure, she differs on how the matter should be resolved. “Congress obviously provided a clear mission for this agency but there are some questions around. . .this and I want the uncertainty to be resolved,” Kraninger testified. “Congress will have the opportunity to make any changes or respond to that and I think that’s appropriate,” she continued. “I would very much like to see a resolution on this question because it has hampered the CFPB’s ability to carry out its mission, virtually since its inception.” (Continuing InfoBytes coverage on Seila Law LLC v. CFPB here.)
Fed, OCC issue 2020 stress test, capital adequacy scenarios
On February 6, the Federal Reserve Board (Fed) released the hypothetical scenarios banks and supervisors will use to conduct the 2020 Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act stress tests exercises for large bank holding companies and large U.S. operations of foreign firms. This year’s stress tests will evaluate 34 large banks with more than $100 billion in total assets to ensure that these banks have adequate capital and processes to continue lending to households and businesses, even during a severe recession. Both scenarios—baseline and severely adverse—include 28 variables that cover domestic and international economic activity. In addition, banks with large trading operations must also factor in a global market shock component as part of their scenarios. Capital plan and stress testing submissions are due by April 6. The Fed noted that it “continues to work toward having the stress capital buffer in place for this year’s stress tests,” and that “[t]he release of these hypothetical scenarios does not affect that separate rulemaking process.”
In related news, on February 6 the OCC also released its own stress testing scenarios for OCC-supervised institutions.
Colorado announces roadmap to cannabis banking
On February 3, the Colorado governor announced plans to create a regulatory landscape to provide guidance and clarity for state-chartered financial services industries that serve, or wish serve, legal cannabis-related businesses. The Roadmap to Cannabis Banking & Financial Services—primarily driven by the state’s Division of Banking and the Division of Financial Services—is intended to increase the number of financial service providers in the state who serve cannabis-related businesses and cultivate opportunities for cannabis-related businesses that currently do not have access to banking services. According to the announcement, the roadmap outlines seven primary areas of focus, which include “providing clear regulatory guidance, encouraging new and emerging technologies in the banking and financial services space, reducing barriers while upholding consumer protection guardrails, and demonstrating state support for financial businesses wishing to explore cannabis banking.” The press announcement noted that the governor was joined by the lead sponsor of the federal SAFE Banking Act (H.R. 1595), which, as previously covered by InfoBytes, passed the House last September and currently awaits action in the Senate.
Fed issues enforcement action for flood insurance violations
On February 6, the Federal Reserve Board (Fed) announced an enforcement action against a Virginia-based bank for alleged violations of the National Flood Insurance Act (NFIA) and Regulation H, which implements the NFIA. The consent order assesses a $9,500 penalty against the bank for an alleged pattern or practice of violations of Regulation H, but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.