InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB settles with defunct schools’ student loan management company
On June 14, the CFPB announced a settlement with a company that manages student loans for a defunct for-profit educational institution resolving allegations it provided substantial assistance to the institution in engaging in unfair acts and practices in violation of the Consumer Financial Protection Act (CFPA). As previously reported by InfoBytes, the Bureau filed suit against the now-defunct for-profit institution in February 2014. The Bureau’s complaint against the institution alleged that the institution offered first-year students no-interest short-term loans to cover the difference between the costs of attendance and federal loans obtained by students. The complaint asserts that the institution then forced borrowers into “high-interest, high-fee” private student loans without providing borrowers an adequate opportunity to understand their loan obligations, when their short-term loans became due. In the complaint in the current matter, filed the same day as the proposed stipulated judgment, the Bureau alleges that the management company: (i) was substantially involved in the creation and operation of the loan program, including raising money and overseeing the origination and servicing of the loans; and (ii) knew, or was reckless in not knowing, the risks associated with the loan program. The stipulated judgment requires the company to (i) cease enforcement and collection efforts on all outstanding loans associated with the program; (ii) discharge all outstanding loans associated with the program; and (iii) direct credit reporting agencies to delete consumers’ trade lines associated with the loan program. The company must also provide notice of these actions to affected consumers. The proposed judgment does not include a monetary penalty or require refunds to consumers.
OFAC sanctions entity and two individuals for trafficking weapons to IRGC-QF and facilitating sanctions evasion
On June 12, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on a resource trading company and its two Iraqi associates, for trafficking “hundreds of millions of dollars’ worth of weapons” to the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) and facilitating access to the Iraqi financial system to evade sanctions.
According to OFAC, the sanctions were issued pursuant to Executive Order 13224, which “provides a means by which to disrupt the financial support network for terrorists and terrorist organizations.” As a result, “all property and interests in property of these targets that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that persons who engage in transactions with the designated individuals and entities may be exposed to sanctions themselves or subject to enforcement action. Moreover, OFAC warned foreign financial institutions that, unless an exemption applies, they may be subject to U.S. sanctions if they knowingly facilitate significant transactions for any of the designed individuals or entities.
OFAC adds Syrian developer and related businesses to Specially Designated Nationals List
On June 11, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additions to the Specially Designated Nationals List pursuant to Executive Orders (E.O.) 13573 and 13582. OFAC’s additions to the list include 13 entities and three individuals associated with an international network benefiting the Assad regime in Syria. According to OFAC, a Syrian business developer and his associated businesses have “leveraged the atrocities of the Syrian conflict into a profit-generating enterprise.” As a result, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.”
See here for continuing InfoBytes coverage of actions related to Syria.
Democratic Senators ask regulators about fintech discriminatory lending
On June 10, Senators Elizabeth Warren (D-Mass.) and Doug Jones (D-Ala.) wrote to the Federal Reserve Board, the OCC, the FDIC, and the CFPB requesting information regarding the role the regulators can play in ensuring that fintech companies serve consumers on a nondiscriminatory basis. The letter asserts that ,while the fintech business model—using algorithms to underwrite loans, typically without face-to-face interaction with consumers—has “the potential to expand access to financial services for underserved populations,” it also has the potential to lead to discriminatory results. Based on recent reports cited in the letter, the Senators ask the regulators to, among other things, (i) identify what their agency is doing to combat lending discrimination by lenders using algorithmic underwriting; (ii) explain how the agencies’ oversight of fair lending laws extend to the fintech industry; and (iii) describe any analyses conducted on the impact of fintech algorithms on minority borrowers. The letter requests the agencies respond to the inquiries by June 24.
District Court denies summary judgment for auto financing company in TCPA action
On June 12, the U.S. District Court for the Northern District of Illinois denied an auto financing company’s renewed motion for summary judgment and request for reconsideration, concluding that the company’s calling system falls within the definition of automatic telephone dialing system (autodialer) under the TCPA.
According to the opinion, two separate class actions were filed alleging that the company violated the TCPA when making calls to consumers regarding outstanding auto loans by using an autodailer. In April 2016, the company filed a motion for summary judgment, arguing, among other things, that the calling system it uses does not constitute an autodialer under the TCPA, and moved to stay the proceedings until the D.C. Circuit issued its ruling in a related case, ACA International v. FCC. The court denied the motions but stated that it would “revisit any issues affected by [the ACA International] decision as needed.” In March 2018, the D.C. Circuit issued its ruling in ACA International, concluding that the FCC’s 2015 interpretation of an autodialer was “unreasonably expansive.” (Covered by a Buckley Special Alert here.)
The company then filed the renewed motion for summary judgment and request for reconsideration of the earlier decision. The court denied the motion, concluding that the company’s calling system was an autodialer under the TCPA as a matter of law, because the system automatically dialed numbers from a set customer list. The court applied the logic of the 9th Circuit in Marks v. Crunch San Diego, LLC (covered by InfoBytes here), stating that it was not bound by the FCC’s interpretations of an autodialer based on ACA International, and “[a]s such, ‘only the statutory definition of [autodialer] as set forth by Congress in 1991 remains.’” After reviewing the legislative history of the TCPA, the court determined that “[g]iven Congress’s particular contempt for automated calls and concern for the protection of consumer privacy,” the autodialer definition “includes autodialed calls from a pre-existing list of recipients,” rejecting the company’s argument that an autodialer must have the capacity to generate telephone numbers, not just pull from a preexisting list. Additionally, the court concluded that the system “need not be completely free of all human intervention” to fall under the definition of autodialer.
11th Circuit: Motion to reschedule foreclosure does not violate RESPA
On June 11, the U.S. Court of Appeals for the 11th Circuit affirmed the dismissal of a RESPA action against a mortgage servicer, concluding that rescheduling a foreclosure sale is not a violation of Regulation X’s prohibition on moving for an order of foreclosure sale after a borrower has submitted a complete loss-mitigation application. According to the opinion, a consumer’s home was the subject of an order of foreclosure, and the mortgage servicer subsequently approved a trial loan-modification plan for a six-month period. The servicer filed a motion to reschedule the foreclosure sale so that the sale would not occur unless the consumer failed to comply with the modification plan during the trial period. The consumer filed suit, alleging that the servicer violated Regulation X––which prohibits loan servicers from moving for an order of foreclosure sale after a borrower has submitted a complete loss-mitigation application––because the servicer rescheduled the foreclosure sale instead of cancelling it. The district court dismissed the action.
On appeal, the 11th Circuit agreed with the district court, concluding that the consumer failed to state a claim for a violation of Regulation X. The appellate court reasoned that Regulation X does not prohibit a servicer from moving to reschedule a foreclosure sale as that motion is not the same as the “order of sale,” a substantive and dispositive motion seeking authorization to conduct a sale at all, as referenced in Regulation X. Moreover, the appellate court argued that the consumer’s interpretation of the prohibition is inconsistent with the consumer protection goals of RESPA because it would disincent loan servicers from offering loss-mitigation options and helping borrowers complete loss-mitigation applications, if a foreclosure sale has already been scheduled. Lastly, the appellate court noted that the motion to reschedule is consistent with the CFPB’s commentary that, “[i]t is already standard industry practice for a servicer to suspend a foreclosure sale during any period where a borrower is making payments pursuant to the terms of a trial loan modification,” rejecting the consumer’s argument that the servicer should have cancelled the sale altogether.
California District Court says payday lender’s arbitration provision is unconscionable
On June 10, the U.S. District Court for the Southern District of California denied a national payday lender’s motion to compel arbitration, agreeing with plaintiffs that the arbitration provision in their loan agreement was unenforceable because it was procedurally and substantively unconscionable. According to the opinion, plaintiffs filed a putative class action suit against the payday lender alleging the lender sells loans with usurious interest rates, which are prohibited under California’s Unfair Competition Law and Consumer Legal Remedies Act. The lender moved to compel arbitration asserting that the consumers’ loan agreements contain prohibitions on class actions in court or in arbitration, require arbitration of any claims arising from a dispute related to the agreement, and disallow consumers from acting as a “private attorney general.”
The court first determined that California law applied. It concluded that, while the lender was headquartered in Kansas, the consumers obtained their loans in California, and California “has a materially greater interest than Kansas in employing its laws to resolve the instant dispute,” based on its “material and fundamental interest in maintaining a pathway to public injunctive relief in unfair competition cases.”
The court then determined that the arbitration provision was procedurally unconscionable because, even though the consumers had a 30-day opt-out window, it required them to waive statutory causes of action “before they knew any such claims existed.” Finally, because the provision contained a waiver of public injunctive relief, the court determined it was substantively unconscionable based on the California Supreme Court decision in McGill v. Citibank, N.A (covered by a Buckley Special Alert here). The court rejected the lender’s arguments that McGill was preempted under the Federal Arbitration Act (FAA), noting a 2015 decision by the U.S. Court of Appeals for the 9th Circuit, “effectively controls” the dispute and the 9th Circuit reasoned that a similar state-law rule against waivers was not preempted by the FAA. Lastly, the court held that the unconscionable public injunctive relief waiver provision was not severable from the entire arbitration provision, because the agreement contained “poison pill” language that would invalidate the entirety of the arbitration provision.
6th Circuit: Merchant indemnified against card breach costs
On June 7, the U.S. Court of Appeals for the 6th Circuit affirmed a lower court’s ruling that an agreement between a Texas-based merchant and a payment processor did not require the merchant to pay millions of dollars in damage-control costs related to two card system data breaches. After the data breaches, the payment processor withheld routine payment card transaction proceeds from the merchant, asserting that the merchant was responsible for reimbursing the amount that the issuing banks paid to cardholders affected by the breaches. However, the merchant refused to pay the payment processor, relying on a “consequential damages waiver” contained in the agreement.
The payment processor argued that, under the agreement’s indemnification clause and provision covering third-party fees and charges, the merchant retained liability for assessments passed down from the card brands’ acquiring bank. The district court, however, granted summary judgment to the merchant, finding that the merchant was not liable for the card brands’ assessments. The court further ruled that the payment processor materially breached the agreement when it diverted funds to reimburse itself.
On review, the 6th Circuit agreed with the lower court that the assessments “constituted consequential damages” and that the agreement exempted consequential damages from liability under a “conspicuous limitation” to the indemnification clause. According to the 6th Circuit, the “data breaches, resulting reimbursement to cardholders, and levying of assessments, though natural results” of the merchant’s failure to comply with the Payment Card Industry's Data Security Standards, “did not necessarily follow from it.” In addition, the appellate court agreed with the district court’s holding that third-party fees and charges in the contract refer to routine charges associated with card processing services rather than liability for a data breach. The appellate court also concurred that the payment processor’s decision to withhold routine payment card transactions, constituted a material breach of the agreement.
CFPB symposium on “abusive” standard set for June 25
On June 11, the CFPB announced that its first symposium, regarding the meaning of “abusive acts or practices” under Section 1031 of the Dodd-Frank Act, will be held on June 25. As previously covered by InfoBytes, the CFPB announced a symposia series that will convene to discuss consumer protections in “today’s dynamic financial services marketplace.” The June 25 symposium will be a public forum with two panels of experts discussing unfair, deceptive, or abusive acts and practices (UDAAP). The first panel will be a policy discussion, moderated by Tom Pahl, CFPB’s Policy Associate Director, Research, Markets and Regulation. The second panel will examine how the “abusive” standard has been used in practice in the field and will be moderated by David Bleicken, CFPB Deputy Associate Director, Supervision, Enforcement and Fair Lending.
In addition to the June 25 symposium, the series will have future events discussing behavioral law and economics, small business loan data collection, disparate impact and the Equal Credit Opportunity Act, cost-benefit analysis, and consumer authorized financial data sharing.
FTC settles with software provider over data security failures
On June 12, the FTC announced a settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.
In its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The proposed consent order requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the proposed consent order requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.