InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court voids OFAC fine of $2 million
On December 31, the U.S. District Court for the Northern District of Texas vacated a $2 million civil penalty imposed on a global petroleum company (company) by OFAC for the company’s purported violation of sanctions, ruling that the OFAC regulations did not provide “fair notice” to the company that its actions were prohibited. In May of 2014, OFAC issued sanctions regulations relating to Ukraine. Shortly afterwards, the company and a Russian oil company, with which it had a long-established business relationship, executed several contracts. Although the Russian company was not a blocked entity, its president, who signed the contracts, had been named a specially designated national (SDN). In July of 2014, OFAC issued a penalty notice with a $2 million penalty to the company, alleging that the contracts the company executed with the Russian company violated the Ukraine-related sanctions. The company immediately challenged the penalty notice and fine, asserting that at the time it entered into the subject transactions, the OFAC regulations on Ukraine were not clear, and it interpreted them to allow the transactions. The court agreed with the company, holding that the “text of the regulations does not provide fair notice of its interpretation” in accordance with the Due Process Clause, because “the text [of the regulation] does not ‘fairly address’ whether a U.S. entity receives a service from a SDN when that SDN performs a service enabling the U.S. person to contract with a non-blocked entity. Therefore, the court granted the company’s motion for summary judgment and vacated OFAC’s Penalty Notice.
California outlines new data privacy rights
On January 6, the California attorney general issued an advisory explaining consumers’ rights under the California Consumer Privacy Act (CCPA), which took effect January 1. (See previous InfoBytes coverage on the CCPA here.) These rights include (i) the right to request from businesses what personal information they collect, use, share, or sell; (ii) the right to request that businesses and their service providers delete one’s personal information; (iii) the right to opt out of businesses’ disclosure of one’s personal information via “Do Not Sell” links on businesses’ websites and mobile apps; (iv) the right of children younger than 16 to have businesses disclose their personal information only after receiving the child’s opt-in consent (though parents or guardians may consent for children under 13); and (v) the right to non-discrimination should a consumer exercise his or her privacy rights under the CCPA.
In addition to enumerating these consumer rights, the advisory specifies the types of businesses subject to the CCPA, provides information on the state’s data broker registry, and describes consumers’ private right of action in the event of a data breach.
7th Circuit: Debt collector accurately disclosed creditor to be paid
On December 30, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s decision that a collection agency was not required to explain the difference between “original creditor” and “current creditor.” After the consumer fell behind on payments owed to a bank, the debt was sold to a company that hired the agency to collect the debt. The agency sent a letter to the consumer identifying the bank as the “original creditor” and the debt buyer as the “current creditor,” listing the principal and interest balances of the debt along with the last four digits of the account number. The consumer alleged that identifying both the bank and the debt buyer without clearly explaining the difference between the companies violated the FDCPA’s requirement that a debt collector state in a written notice “the name of the creditor to whom the debt is owed.” The district court disagreed and held that the letter clearly and accurately disclosed the name of the creditor to whom the consumer owed the debt.
The 7th Circuit affirmed on appeal, calling the consumer’s claim “meritless” and holding that including the names of both companies without a detailed explanation would not be confusing even to an unsophisticated consumer, who would understand that the debt had been purchased by the current creditor. The appellate court concluded that the FDCPA required no further explanation.
CSBS releases Vision 2020 Accountability Report on fintech initiatives
On January 7, the Conference of State Bank Supervisors (CSBS) released a report by its Fintech Industry Advisory Panel outlining progress made on several initiatives to streamline state licensing and supervision of financial technology companies. As previously covered by InfoBytes, the panel was convened in 2017 as part of Vision 2020—a state regulator initiative to modernize the regulation of fintech companies and other non-banks by creating an integrated, 50-state system of licensing and supervision. The Accountability Report charts progress on initiatives identified by the panel, which, according to the announcement, fit into four focus areas: (i) the use of CSBS regtech for licensing and exams, including expanding the use of NMLS among states across all license types for nonbank financial services, developing “state licensing requirements for multi-state consistency,” and launching a new state examination system; (ii) improved consistency among states, including 26 states signing on to the Multistate Money Service Business (MSB) Licensing Agreement, which is intended to streamline the MSB licensing process; (iii) the creation of uniform definitions and practices and the development of a 50-state MSB model law and state accreditation programs for MSBs, which will encourage greater consistency among states; and (iv) increased regulatory transparency, including online resources for state guidance and exemptions, as well as information sessions with regulators and industry to discuss fintech developments.
Missouri AG alleges housing nonprofit trust deceived members
On January 2, the Missouri attorney general filed a petition for preliminary and permanent injunction in Missouri Circuit Court against a nonprofit trust and its registered agent (the defendants) alleging the defendants deceived thousands of state residents by marketing memberships in the trust with the promise that the pooled resources would fund “to-be-completed homes.” The AG alleges that the defendants solicited consumers to attend meetings, purchase memberships, and pay monthly dues, and also asked members to provide additional funds to go towards appliances and other fixtures for the homes. However, the agent defendant allegedly admitted that none of the promised homes were constructed or otherwise provided to the members.
The AG further contends that “none of the solicited funds were ever used or invested towards providing a home to any of the members,” and were instead used to cover the trust’s operating expenses. According to the AG, the defendants’ actions violate state law and constitute false promises, omissions of material fact, and deception. The AG seeks injunctive relief “up to and including prohibiting and enjoining [d]efendants . . . from owning or operating organizations that sell or manage real estate that solicit upfront payments for goods or services, or that solicit charitable contributions.” The AG also seeks restitution for member losses, a fine equal to 10 percent of the restitution amount, a $1,000 fine per violation, and compensation for the state’s costs in pursuing the case.
9th Circuit affirms FDCPA decision in favor of debt collector
On December 18, the U.S. Court of Appeals for the Ninth Circuit affirmed the decision of the trial court in favor of a debt collector in an FDCPA action brought by a consumer claiming that the debt collector used false, deceptive, or misleading means in attempting to collect a debt. The consumer, in 2006, opened a credit card account with a bank, but stopped sending payments in December of 2008, without paying off the balance. The bank later sold the consumer’s unpaid account to a debt collector in 2009, after which the debt collector sent a letter to the consumer in 2017 in an effort to collect the past due balance. The consumer filed a complaint against the debt collector, claiming that the debt was “time-barred” as the six-year statute of limitations had run and that the debt collector violated the FDCPA by not disclosing this in the letter to him. The district court granted the debt collector’s summary judgment motion.
On appeal, the consumer again claimed that the debt collector’s language is “deceptive or misleading,” specifically in the debt collector’s disclosure in the letter that read, “[t]he law limits how long you can be sued on a debt and how long a debt can appear on your credit report. Due to the age of this debt, we will not sue you for it or report payment or non-payment of it to a credit bureau.” The court disagreed. According to the opinion, even though the six-year statute to sue in order to collect had expired, “nothing in the letter falsely implies that [the debt collector] could bring a legal action against [the consumer] to collect the debt.” Further, the court determined that the “least sophisticated debtor would [not] likely be misled” by the debt collector’s disclosure, because the “natural conclusion” that could be drawn from the collector’s language was that the debt was time-barred. Additionally, the court rejected the consumer’s contention that the debt collector’s letter was “deceptive or misleading” because it failed to warn the consumer that in some states, the statute of limitations to sue on a debt may be revived if the debtor promises to pay or makes a partial payment on the debt. The court stated that the FDCPA does not require a debt collector to “provide legal advice” about specific issues such as a revival provision in a state statute of limitations. The panel also pointed out that although the statute may have run for the debt collector to take legal action in order to recover the outstanding debt, as long as it complies with the law and does not use misleading, false, or deceptive means, the FDCPA allows it to continue its efforts to collect on a lawful debt.
HUD unveils new version of AFFH rule
On January 7, HUD published its proposed replacement for the 2015 version of the Affirmatively Furthering Fair Housing (AFFH) rule. According to HUD, the proposed AFFH rule will provide state and local government participants with more straightforward advice “to help them improve affordable housing choices in their community.”
In August of 2018, HUD suspended requirements under the 2015 rule for HUD grant recipient communities to submit assessments of fair housing. Additionally, as previously covered in InfoBytes, HUD solicited comments on amendments to the 2015 AFFH regulations, which, according to the agency, “proved ineffective, highly prescriptive, and effectively discouraged the production of affordable housing.” The proposed rule suggests a change to the definition of AFFH to “advancing fair housing choice within the program participant’s control or influence,” and seeks to move the focus away from anti-segregation planning and toward creation of affordable housing options.
According to the proposed rule, fair housing choice includes (i) “[p]rotected choice, meaning absence of discrimination”; (ii) “[a]ctual choice, meaning not only that affordable housing options exist,” but that state and local governments are encouraged to educate the public on their rights; and (iii) “[q]uality choice, meaning that the available and affordable housing is decent, safe, and sanitary, and, for persons with disabilities, accessible as required under civil rights laws.”NCUA releases 2020 supervisory priorities
In January, the NCUA issued a letter to board of directors and chief executive officers at federally insured credit unions outlining the agency’s 2020 supervisory priorities. Top supervisory priorities include:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML). Examinations will continue to focus on customer due diligence and beneficial ownership requirements. The NCUA will also collaborate with law enforcement and banking regulators on initiatives such as updates to the FFIEC’s BSA/AML examination manual and enforcement guidelines, guidance concerning politically exposed persons, and measures for improving suspicious activity and currency transaction report filing procedures.
- Consumer Financial Protection. Based on a rotating regulation review cycle, NCUA examiners will review compliance (at a minimum) with the following regulations: the Electronic Fund Transfer Act, Fair Credit Reporting Act, Gramm-Leach-Bailey (Privacy Act), Payday Alternative Lending and other small dollar lending, Truth in Lending Act, Military Lending Act, and the Servicemembers Civil Relief Act.
- Cybersecurity. In 2020 the NCUA will continue conducting cybersecurity maturity assessments for credit unions with assets over $250 million and will begin to assess those with assets over $100 million. In addition, the NCUA intends to pilot new procedures—scaled to an institution’s size and risk profile—to evaluate critical security controls during examinations between maturity assessments.
- LIBOR Cessation Planning. Examiners will assess credit unions’ planning related to the discontinuation of LIBOR. According to the NCUA, credit unions should “proactively transition away from instruments using LIBOR as a reference rate.”
Other areas of focus include credit risk, current expected credit losses, liquidity risk, and modernization updates. The extended examination cycle will continue to apply to qualifying credit unions.
9th Circuit affirms no jurisdiction without exhaustion of administrative remedies
On December 27, the U.S. Court of Appeals for the Ninth Circuit affirmed the dismissal of a TILA case brought by a consumer against his mortgage lender, citing lack of subject matter jurisdiction under the provisions of FIRREA that require claims involving a bank that is in receivership to be presented to the FDIC before the borrower files suit. In 2009 the consumer filed an adversary proceeding in bankruptcy court against his lender for rescission of his mortgage loan under TILA. The consumer claimed that the lender’s notice of right to cancel was defective when the loan was signed, resulting in an extended rescission period under TILA, but his suit was dismissed for lack of jurisdiction. Once again, in 2012, the district court dismissed the consumer’s TILA suit after finding that the consumer had not exhausted his administrative remedies with the FDIC before filing suit.
On appeal, the three-judge panel rejected the consumer’s claim that his lender was not placed into receivership until after his loan was sold, and therefore he did not have to exhaust his administrative remedies before filing suit. The panel subscribed to the Fourth Circuit’s interpretation of the exhaustion requirement, stating that “even where an asset never passes through the FDIC’s receivership estate, the FDIC should assess the claim first.” According to the opinion, the FIRREA requirement that the consumer exhaust his remedies with the FDIC applied to this action because the panel determined that (i) the consumer’s claim was “susceptible of resolution under the FIRREA claims process”; (ii) the consumer’s claim was related to an act or omission of the lender; and (iii) the FDIC, which “was not required to have possessed the loan before determining a claim” had been appointed as receiver for that lender, stripping the appellate court of subject matter jurisdiction until after the FDIC determined his claim.
Mortgage broker allegedly violated federal laws by posting customers’ personal information on website
On January 7, the FTC announced a proposed settlement with a California mortgage broker and his company to resolve alleged violations of the FTC Act, FCRA, Regulation P, and the Safeguards Rule. According to a complaint filed by the DOJ on behalf of the FTC, the defendants published the personal information of customers who posted negative reviews on a public website, including customers’ “sources of income, debt-to-income ratios, credit history, taxes, family relationships, and health.” The alleged posts containing negative financial information violated the defendants’ responsibilities under Regulation P (Privacy of Consumer Financial Information) as the required privacy disclosure provided to the customers stated that the defendants would not share personal information with any third party. Regulation P also “prohibits financial institutions from disclosing to any nonaffiliated third party any nonpublic personal information about a customer unless it has provided the customer with an opt-out notice, . . . a reasonable opportunity to opt out of the disclosure, and the customer has not opted out.” In this instance, customers were not given the opportunity to opt out of disclosure of their personal financial information in response to online consumer reviews, the complaint asserts. In addition, the complaint alleges that the defendants also violated the FTC Act by causing unfair or deceptive acts or practices that “deprived consumers of the ability to control whether and to whom they disclosed sensitive information.” The defendants also allegedly violated the FCRA by using consumer reports for impermissible purposes, and the FTC’s Safeguards Rule by failing to implement or maintain an adequate information security program. Under the terms of the proposed settlement, the defendants will pay a $120,000 civil penalty and are prohibited from (i) misrepresenting their privacy and data security practices; (ii) using consumer reports for anything other than a permissible purpose; (iii) not providing required privacy notices; and (iv) improperly disclosing nonpublic personal information to third parties. Among other things, the company is also prohibited from transferring, selling, sharing, collecting, maintaining, or storing nonpublic personal information unless it implements a comprehensive information security program; and must obtain independent third-party assessments of its information security program every two years.