InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC extends Dodd-Frank stress test compliance date
On June 4, the OCC extended the deadline for national banks and federal savings associations (FSAs) with consolidated assets between $100 billion and $250 billion to comply with the Dodd-Frank stress test (DFAST) requirements to November 25. In December 2018, the OCC issued a letter noting that prior DFAST exams and OCC supervision have indicated that qualifying banks with consolidated assets within these thresholds have adopted effective stress testing programs and integrated them into their general risk management tools, and as such, “requiring DFAST submissions for these banks in 2019 would provide limited supervisory value.” According to the OCC, the extension is consistent with the Economic Growth, Regulatory Relief, and Consumer Protection Act’s goal of reducing regulatory burden for applicable national banks and FSAs.
CFPB delays underwriting compliance of Payday Rule
On June 6, the CFPB released a final rule to delay the August 19, 2019 compliance date for the mandatory underwriting provisions of the agency’s 2017 final rule covering “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (the Rule). Compliance with these provisions of the Rule is now due by November 19, 2020.
As previously covered by InfoBytes, in February, when the CFPB released two notices of proposed rulemaking (NPRM) related to certain lending requirements under the Rule—one proposing the delay to the compliance date for mandatory underwriting provisions, and the other proposing to rescind the underwriting portion of the Rule that would make it an unfair and abusive practice for a lender to make covered high-interest rate, short-term loans, or covered longer-term balloon payment loans without reasonably determining that the consumer has the ability to repay—the Bureau emphasized that the NPRM extending the compliance date for mandatory underwriting provisions did not extend the effective date for the Rule’s provisions governing payments.
Notably, on May 30, the U.S. District Court for the Western District of Texas entered an order continuing the stay of the original compliance date for both the underwriting provisions and the payment provisions of the Rule in a payday loan trade group’s litigation challenging the Rule. (Previous InfoBytes coverage on the litigation is available here.) The order requires the parties to file a joint status report no later than August 2.
FCC approves robocall blocking
On June 6, the FCC approved a Declaratory Ruling and Notice of Proposed Rulemaking to address unwanted robocalls to consumers. The Declaratory Ruling affirms that voice service providers may block unwanted robocalls “based on reasonable call analytics, as long as their customers are informed and have the opportunity to opt out of the blocking.” Among other things, the Declaratory Ruling clarifies that voice providers (i) may offer call blocking tools to their customers as a default, as opposed to an opt-in basis; and (ii) may offer customers tools that would allow customers to block calls from any number that is not listed in the customer’s contact list or other “white lists.” The FCC notes that a “white list” could be based on a customer’s contact list and would be updated as customers add and remove contacts from their phone. According to reports, the FCC also adopted language that was added to the May proposal, which encourages voice providers to devise a system for addressing complaints made by legitimate companies whose calls to customers are being blocked. The final Declaratory Ruling is effective upon its publication on the FCC’s website.
The FCC also adopted a Notice of Proposed Rulemaking (NPRM) (available in the May proposal) requiring voice providers to implement the “STIR/SHAKEN” caller ID authentication framework—an “industry-developed system to authenticate Caller ID and address unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” The FCC asserts that once the “STIR/SHAKEN” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.” The deadline for comments in response to the NPRM will be established upon publication in the Federal Register.
Splitting from the 6th Circuit, 7th Circuit holds mere procedural violation of FDCPA not sufficient harm for standing
On June 4, the U.S. Court of Appeals for the 7th Circuit held that the receipt of an incomplete debt collection letter is not a sufficient harm to satisfy Article III standing requirements to bring a FDCPA claim against a debt collector. According to the opinion, a consumer received a collection letter which described the process for verifying a debt but did not specify that she had to communicate with the collector in writing to trigger the protections under the FDCPA. The consumer filed a class action against the debt collector alleging the omission “‘constitute[d] a material/concrete breach of her rights’” under the FDCPA. In the complaint, the consumer did “not allege that she tried—or even planned to try—to dispute the debt or verify that [the stated creditor] was actually her creditor.” The district court dismissed the action, concluding that the consumer had not alleged that the FDCPA violation “caused her harm or put her at an appreciable risk of harm” and therefore, the consumer lacked standing to sue.
On appeal, the 7th Circuit affirmed the district court’s decision, concluding that because the consumer did not allege that she tried to dispute or verify the debt orally, leaving her statutory protections at risk, she suffered no harm to her statutory rights under the FDCPA. The appellate court emphasized that “procedural injuries under consumer‐protection statutes are insufficiently concrete to confer standing.” The court acknowledged that its opinion creates a conflict with a July 2018 decision by the U.S. Court of Appeals for the 6th Circuit, which held that consumers had standing to sue a debt collector whose letters allegedly failed to instruct them that the FDCPA makes certain debt verification information available only if the debt is disputed “in writing.” (Covered by InfoBytes here.) The appellate court also agreed with the district court’s decision to deny the consumer’s request for leave to file an amended complaint, noting that she did not indicate what facts she would allege to cure the jurisdictional defect.
OFAC amends three Venezuela-related General Licenses
On June 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) amended three General Licenses (GL), (i) GL 7B, which supersedes GL 7A; (ii) GL 8A, which supersedes GL 8; and (iii) GL 13A, which supersedes GL 13, to clarify that these general licenses do not authorize transactions or dealings related to the exportation or re-exportation of diluents, directly or indirectly, to Venezuela. Additionally, OFAC is issuing corresponding FAQ 672 to provide further guidance with respect to restrictions regarding diluents.
Visit here for additional InfoBytes coverage of actions related to Venezuela.
9th Circuit upholds rejection of consumer’s class action against auto finance company
On May 30, the U.S. Court of Appeals for the 9th Circuit affirmed summary judgment in favor of an auto finance corporation and various dealerships (collectively, “defendants”) in a putative class action alleging the defendants failed to provide add-ons the plaintiff purchased with the vehicle. The case, which was originally brought in Washington state superior court, was removed to federal court over the consumer’s objection, where the consumer amended the complaint to include a federal TILA claim.
According to the opinion, plaintiff alleged that his purchased vehicle did not come with three add-ons listed in the “Dealer Addendum,” which was a sticker affixed to the car. At the time of purchase, the customer was not aware of what the add-ons were, nor were they explained to him; the add-ons were only listed in the addendum. Plaintiff argued that if he had known what the add-ons were, he would have declined them and paid a lower price for the vehicle. The district court rejected plaintiff’s arguments and granted summary judgment for the defendants on all claims.
On appeal, the 9th Circuit upheld the entirety of the district court’s ruling, concluding the consumer offered no evidence that the add-ons identified in the Dealer Addendum were made part of the vehicle purchase transaction. Moreover, the appellate court upheld the district court’s decision not to remand the case back to state court, determining that while the district court did not have subject-matter jurisdiction at the time of removal, it had subject-matter jurisdiction at the time it rendered its final decision, due to the consumer’s voluntary addition of the TILA claim to the complaint. The appellate court also found that the district court did not abuse its discretion in denying the consumer’s request for additional discovery based on plaintiffs failure to “identif[y] the specific facts that further discovery would have revealed or explained[ed].”
SFO fines shipping and logistics company over $1 million for bribery scheme
On June 3, the UK Serious Fraud Office (SFO) announced that it had fined a shipping and logistics company £850,000 (approximately $1.08 million) for bribes paid to secure contracts in Angola. The SFO started investigating the company in September 2014 and announced in July 2016 that it had charged the company and seven individuals with making corrupt payments. The company pleaded guilty in 2017. The SFO found that executives had bribed an agent of the Angolan state oil company to obtain $20 million worth of shipping contracts.
Class action alleges national bank’s grace period practices breach terms of cardholder agreement
On June 3, a consumer filed a class action complaint against a national bank alleging that the bank charges interest on credit card accounts even when consumers’ balances are paid in full by the billing cycle due date, in breach of the bank’s cardholder agreement. The complaint alleges that the cardholder agreement and monthly billing statements disclose to consumers that interest will not be charged on new purchases if those new purchases are paid off by the billing cycle’s due date, but that in practice the grace period is eliminated for new purchases “[i]f a consumer leaves even $1 on her account balance after a billing period due date.” The complaint alleges that the bank’s practice of only providing a grace period on new purchases for consumers “who have paid off their balances in full for two prior months” directly contradicts the cardholder agreement and consumer disclosures. In addition to breach of contract, the consumer alleges a violation of Delaware’s Consumer Fraud Act and breach of the covenant of good faith and fair dealing. The consumer is seeking certification of a class of similarly situated consumers; damages and restitution; and injunctive relief.
Oregon enacts new vendor data breach notification requirements
On May 24, the Oregon Governor signed SB 684, which amends the state’s data breach notification provisions related to third-party vendors. Among other provisions, the amendments require vendors that are contracted to maintain or access personal information on behalf of a covered entity to (i) notify the covered entity “as soon as is practicable but not later than 10 days” after discovering a security breach or believing a breach has occurred; and (ii) notify the state Attorney General if a security breach involves personal information of more than 250 consumers, or an undetermined amount of consumers, provided that the covered entity has not already done so. SB 684 also updates the definition of personal information to include usernames in combination with other authentication factors used to access a consumer’s account, and establishes that a covered entity or vendor may “affirmatively defend” against allegations it has not adequately safeguarded personal information by showing that it maintained reasonable security measures for protecting personal information in compliance with HIPAA or the Gramm-Leach-Bliley Act, as applicable. The amendments take effect January 1, 2020.
SEC charges issuer with conducting sale of unregistered digital tokens
On June 4, the SEC announced it had filed a lawsuit in the U.S. District Court for the Southern District of New York against a tech company issuer for allegedly raising approximately $100 million through an unregistered initial coin offering. According to the complaint, the issuer failed to provide required disclosures to investors and did not register the offer or sale of its digital tokens with the SEC, as required by Section 5 of the Securities Act of 1933. The SEC contends that the issuer marketed the digital tokens as an investment opportunity and told investors that they could earn future profits from the issuer’s efforts to create, develop, and support a digital “ecosystem.” According to the SEC, “[f]uture profits based on the efforts of others is a hallmark of a securities offering that must comply with the federal securities laws.” The SEC’s suit seeks a permanent injunction, disgorgement of profits plus interest, and a civil penalty.