InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
3rd Circuit: Debt collector cannot enforce original creditor’s arbitration agreement
On July 12, the U.S. Court of Appeals for the 3rd Circuit affirmed the denial of a debt collector’s motion to compel arbitration, concluding the debt collector did not establish authority to enforce the arbitration agreement made between the consumer and the original creditor. According to the opinion, a consumer executed a credit card agreement with a creditor containing an arbitration clause. After the consumer fell behind on her payments, her account was referred to the debt collector for collection. The consumer filed suit against the debt collector, alleging that one of the collection letters violated the FDCPA by “failing to inform her whether interest would continue to accrue on her account.” The debt collector moved to compel arbitration based on the provision in the consumer’s credit card agreement with the original creditor, under a third-party beneficiary, agency, or equitable-estoppel theory. The district court rejected each theory and denied the motion, concluding that (i) the agreement did not “evince an intent to benefit” the debt collector; (ii) the FDCPA claim “did not bear a sufficient nexus to the credit-card agreement”; and (iii) the debt collector could not equitably estop the consumer from resisting arbitration under the 3rd Circuit’s previous interpretation of South Dakota law.
On appeal, the 3rd Circuit agreed with the district court. The appellate court noted that the debt collector failed the test to enforce an agreement as a third-party beneficiary under South Dakota law, because the debt collector failed to establish that the original creditor and its consumers “would not have entered the card agreement but for the intent to benefit debt collectors.” As for the debt collector’s agency theory, the appellate court stated that the debt collector did not cite, and the court did not find, “South Dakota authority adopting a freestanding ‘agency’ theory of third-party enforcement.” Further, the appellate court noted that the debt collector’s arguments would fail under the South Dakota test for equitable estoppel and, therefore, the appellate court had “no basis to conclude that South Dakota would allow [the debt collector], as a non-signatory, to enforce [the original creditor]’s arbitration agreement with its customers.”
U.K.’s ICO fines real estate management company for data security failures
On July 19, the United Kingdom’s Information Commissioner’s Office (ICO) issued a £80,000 fine against a London-based real estate management company for allegedly leaving over 18,000 customers’ personal data exposed for almost two years. According to the ICO, when the company transferred personal data from its server to a partner organization, the company failed to switch off an “anonymous authentication” function, which exposed all the data—including personal data such as bank statements, salary details, copies of passports, dates of birth, and addresses—stored between March 2015 and February 2017. The ICO alleges that the company failed to take appropriate technical and organizational measures to protect customers’ personal data and concluded the failures were “a serious contravention of the 1998 data protection laws which have since been replaced by the [General Data Protection Regulation] GDPR and the Data Protection Act 2018.”
OFAC sanctions senior member of Hizballah operation
On July 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against a senior Hizballah operative allegedly connected to the planning, coordination, and execution of terrorist attacks outside of Lebanon. According to OFAC, the action is part of the Treasury Department’s continued attempts to disrupt “the full range of Hizballah’s illicit financial and facilitation activities.” As a result of the sanctions, “all property and interests in property of this target that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated person. The designated individual is also subject to secondary sanctions pursuant to the Hizballah Financial Sanctions Regulations, which implement the Hizballah International Financing Prevention Act of 2015, and allow OFAC the authority to “prohibit or impose strict conditions on the opening or maintaining in the United States of a correspondent account or a payable-through account by a foreign financial institution that knowingly facilitates a significant transaction for Hizballah, or a person acting on behalf of or at the direction of, or owned or controlled by, Hizballah.”
District Court strikes class certification from robocall suit
On July 18, the U.S. District Court for the Northern District of Illinois granted a rental car company’s (defendant) motion to strike class allegations in a TCPA suit over alleged robocalls. The plaintiff, whose telephone number was listed on a rental contract between his mother and the defendant in addition to the mother’s telephone number, claimed he received multiple prerecorded messages on his cellphone from the defendant after his mother failed to return the car when it was due, even though he had allegedly opted out of the communications. The plaintiff commenced the suit, ultimately seeking certification of an amended putative class of all noncustomers who received automated calls from the defendant “where such [a] call was placed after a request to stop calling that phone number.” In August 2018, the court denied summary judgment to the defendant, who subsequently moved to strike class allegations. The court granted the defendant’s motion, stating there were too many contested facts that raised unique defenses particular to the plaintiff’s case, including (i) the type of consent to receive calls that the plaintiff’s mother gave under her contract; (ii) whether the calls to the plaintiff’s phone were robocalls; and (iii) whether and how the plaintiff revoked the consent given by his mother.
CFPB report finds one in four consumers have debts in collection
On July 18, the CFPB released a report providing an overview of third-party debt collection tradelines from 2004 to 2018, which the Bureau segmented into two parts: debt buyer tradelines and non-buyer debt collections tradelines. The CFPB’s report, “Market Snapshot: Third-Party Debt Collections Tradeline Reporting,” is based on a nationally representative sample of approximately 5 million credit records from one of the three major credit bureaus. According to the report, as of the second quarter of 2018, more than one in four consumers in the sample have at least one debt in collection by third-party debt collectors. Additionally, fewer than 900 unique furnishers of third-party collections tradelines nationwide reported unpaid debts for consumers in the sample, according to the Bureau—a decrease from the 2,294 collectors reported back in 2004. The report also notes that in the second quarter of 2018, the top four debt buyers account for 90 percent of all debt buyer tradelines for consumers in the sample, while the top four non-buyers, by comparison, accounted for just 13 percent of reported tradelines. Furthermore, in the second quarter of 2018, 3 out of 4 of all reported tradelines in the sample from non-buyers were for non-financial debt, such as medical, telecommunications, or utilities debt. Buyers, in contrast, were more likely to report unpaid financial, retail, or banking debts.
Hungarian subsidiary of multinational technology company settles FCPA claims
On July 22, the DOJ announced an $8.7 million settlement with the Hungarian subsidiary of an American multinational technology company to resolve allegations of bid-rigging and bribery in violation of the FCPA. The SEC simultaneously announced a related resolution with the parent technology company over the operations of subsidiaries in four countries, with the parent company paying an additional $16.5 million.
According to the DOJ announcement, between 2013 and 2015, executives and employees of the Hungarian subsidiary falsely represented to the parent company that discounts were necessary to finalize deals with resellers to sell company licenses to government customers; however, the savings were allegedly used for “corrupt purposes” in violation of the FCPA. The subsidiary entered into a non-prosecution agreement with DOJ, which noted that while the subsidiary did not voluntarily self-disclose the misconduct, it received credit for the company’s “substantial cooperation with the Department’s investigation and for taking extensive remedial measures.” Specifically, the subsidiary terminated four licensing partners and the company implemented an enhanced compliance system and internal controls to address corruption risks.
SEC settles with U.S. affiliate of Japanese financial institution for mortgage-backed securities failures
On July 15, the SEC announced an approximately $25 million settlement with the U.S. affiliate of a Japanese financial holding company, resolving allegations that the company failed to adequately supervise mortgage-backed securities traders. According to the orders, covering commercial mortgage-backed securities (CMBS) and residential mortgage-backed securities (RMBS), from approximately January 2010 through April 2014 several traders allegedly made false or misleading statements while negotiating the sales of CMBS and RMBS, including information about (i) the company’s purchase price of the securities; (ii) the compensation the company would receive on the trades; and (iii) the current ownership of the securities. The SEC alleges the company failed to reasonably supervise traders to prevent the alleged violations of federal antifraud provisions. The orders acknowledge the company’s significant cooperation in the matter and require the company to reimburse customers the full amount of profits earned from the identified trades, totaling over $4.2 million to CMBS customers and over $20.7 million to RMBS customers. Additionally, the orders penalize the company $500,000 related to the CMBS trades and $1 million related to the RMBS trades.
FTC reportedly approves $5 billion privacy settlement with social media company
On July 12, it was reported that the FTC has approved a $5 billion penalty against the world’s largest social media company for allegedly mishandling its users’ personal information. The reported settlement would be the largest privacy penalty ever levied by the agency. According to reports, the settlement, which was approved in a 3-2 vote, resolves allegations that the company allowed a British consulting firm access to 87 million users’ personal data for political consulting purposes in violation of a 2012 privacy settlement with the FTC. Neither the FTC nor the social media company have commented on the reported settlement, which is still pending approval from the Department of Justice.
District Court dismisses most of trust insurer’s settlement suit, allows breach of contract claim to proceed
On July 16, the U.S. District Court for the Southern District of New York dismissed the majority of the claims brought by the insurer of a trust against a national bank acting as trustee of the securitization trust. The claims accused the bank of breaching its responsibilities as trustee for residential mortgage-backed securities (RMBS) that were allegedly backed by bad loans, and the court’s dismissal left only a claim for breach of contract against the bank “for failing to correctly account for recoveries” to proceed. The insurer commenced the action against the bank asserting, among other claims, that the “unreasonably low settlement” the bank agreed to in a separate action the bank had taken against the mortgage lender seeking damages for the lender’s alleged breach of representations and warranties with respect to 87 percent of liquidated loans, would breach the bank’s obligations to the trust’s beneficiaries. According to the insurer, the bank initiated a “wasteful” trust instruction proceeding in Minnesota state court and agreed to stay an ongoing New York state lawsuit against the mortgage lender for over a year and a half.
The court noted, however, that the insurer’s complaint “does not allege any non-speculative ‘concrete or imminent’ injury sufficient to confer standing with respect to the breach of contract and breach of fiduciary claims based on [the bank’s] acceptance of the settlement,” and subsequently dismissed the insurer’s claims that the bank’s acceptance of an “unreasonably low settlement” violated contractual and fiduciary duties owed to the trust as trustee, noting that any harm depends on whether the Minnesota court approves the settlement agreement. Moreover, the court stated that “[i]t is too speculative to assume that [the bank] would have obtained a favorable outcome in the New York action or that rejecting the stay would have strengthened [the bank’s] bargaining position.” Additionally, the court dismissed the insurer’s request for declaratory judgment that the bank must account for and distribute recoveries—“amounts received from defaulted mortgage loans that have already been liquidated”—under the pooling agreement, finding that the issue as it relates to past recoveries is addressed in the breach of contract claim, and all other instances are conditioned on the Minnesota court’s approval of the settlement agreement and are therefore hypothetical. However, the court did find that the insurer adequately pled a claim for breach of contract against the bank pertaining to its accounting of recoveries. The court noted that the insurer’s complaint sufficiently alleged damages and outlined the bank’s alleged failure to correctly “write up” the recoveries as laid out in the pooling agreement, and how this affected the timing and amount of payouts the insurer was required to make.
FTC seeks comment on COPPA Rule
On July 17, the FTC released a notice seeking comment on a wide range of issues related to the Children’s Online Privacy Protection Rule (COPPA Rule). The FTC last amended COPPA in 2013, and while the FTC usually reviews its rules every 10 years, the FTC notes that “[r]apid changes in technology, including the expanded use of education technology, reinforce the need to re-examine the COPPA Rule at this time.” The notice seeks comment on all major provisions of the COPPA Rule, including definitions, notice and parental consent requirements, exceptions to verifiable parental consent, and the safe harbor provision. Additionally, the notice seeks responses to specific questions, including (i) has the Rule affected the availability of websites or online services directed to children?; (ii) does the Rule correctly articulate the factors to consider in determining whether a website or online service is directed to children, or should additional factors be considered?; and (iii) what are the implications for COPPA enforcement raised by technologies such as interactive television, interactive gaming, or other similar interactive media? Comments must be received within 90 days after publication in the Federal Register.