InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court: FCRA lawsuit passes Spokeo test, survives motion to dismiss
On January 8, the U.S. District Court for the Northern District of Illinois denied a bank’s motion to dismiss claims that it had obtained a credit report without a permissible purpose, ruling that the allegations rise above a mere procedural violation of the FCRA. According to the opinion, the consumer alleged that the bank accessed her credit report and obtained personal information, including current and past addresses, birth date, employment history, and telephone numbers, without having a personal business relationship, information to suggest the consumer owed the debt, or receiving consent for the release of the report. The bank argued that the consumer’s claim was only a “bare procedural violation” and not a concrete injury in fact as required under the U.S. Supreme Court’s 2016 ruling in Spokeo v. Robins (covered by a Buckley Sandler Special Alert). However, the court determined that the consumer’s allegation that the invasion of privacy, which occurred when the bank accessed her credit report from a consumer reporting agency without receiving consent and with no legitimate business reason to do so, “adequately alleges a concrete injury sufficient to confer standing.”
9th Circuit: Fannie Mae is not a consumer reporting agency under the FCRA
On January 9, the U.S. Court of Appeals for the 9th Circuit held that Fannie Mae is not a “consumer reporting agency” under the FCRA and therefore is not liable under the law. According to the opinion, homeowners attempted to refinance their current mortgage loan two years after completing a short sale on their prior mortgage. While shopping for the refinance, lenders used Fannie Mae’s Desktop Underwriting (DU) program to determine if the loan would be eligible for purchase by the agency. Three of the eight DU findings showed the loan would be ineligible due to a foreclosure reported for the homeowners within the last seven years, which was not true. The homeowners sued Fannie Mae alleging the agency violated the FCRA for inaccurate reporting. On cross motions for summary judgment, the lower court determined that Fannie Mae was liable under the FCRA for furnishing inaccurate information because the agency “acts as a consumer reporting agency when it licenses DU to lenders.”
On appeal, the 9th Circuit reviewed whether Fannie Mae was a consumer reporting agency under the FCRA and noted that the agency must “regularly engage[] in . . . the practice of assembling or evaluating” consumer information, which Fannie Mae argues it does not do. Specifically, the agency asserts that it simply provides software that allows lenders to evaluate consumer information. The appeals court agreed, concluding that Fannie Mae created the tool but the person using the tool is the person engaging in the act. The court reasoned, “[t]here is nothing in the record to suggest that Fannie Mae assembles or evaluates consumer information.” Moreover, the court noted, if Fannie Mae were found to be a consumer reporting agency, it would be subject to other FCRA duties to borrowers, which “would contradict Congress’s design for Fannie Mae to operate only in the secondary mortgage market, to deal directly with lenders, and not to deal with borrowers themselves.”
Colorado UCCC administrator issues guidance on alternative loan changes
On January 4, the administrator of the Colorado Uniform Consumer Credit Code issued a memo providing introductory guidance on alternative charge loans in response to Proposition 111, which amends the state’s Deferred Deposit Loan Act (DDLA) and takes effect February 1. (See previous InfoBytes coverage here.) Among other things, Proposition 111 reduces the maximum annual percentage rate that may be charged on deferred deposits or payday loans to 36 percent, eliminates an alternative APR formula based on loan amount, prohibits lenders from charging origination and monthly maintenance fees, and amends the definition of an unfair or deceptive practice.
The memo—issued in response to creditors currently offering loans under the DDLA who have expressed an interest in offering loans imposing the alternative charges allowed by Colo. Rev. Stat. § 5-2-214—explains that such alternative charges may only be charged if (i) the financed amount is $1000 or less; (ii) the minimum loan term is at least 90 days but no more than 12 months; (iii) installment payments are scheduled in substantially equal periodic intervals; (iv) Truth-In-Lending disclosures show the loan is unsecured; (v) a creditor has not taken any collateral as security for the loan, including a post-dated check or certain ACH authorization; (vi) an ACH agreement reached with a consumer is voluntary and not required by the loan; and (vii) the loan has not been refinanced more than three times in one year.
Federal Reserve issues enforcement action against Texas bank for BSA/AML compliance issues
On January 8, the Federal Reserve Board announced an enforcement action against a Texas bank for alleged weaknesses in its anti-money laundering risk management and compliance programs, including failure to comply with applicable rules and regulations, such as the Bank Secrecy Act. Under the terms of the order, the bank is required to (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) ensure the bank provides effective training for all personnel related to BSA/AML compliance responsibilities; (iv) submit an enhanced, written customer due diligence plan; (v) submit a program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (vi) retain an independent third party to ensure the effectiveness of the bank’s transaction monitoring system; and (vii) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank.
Retailer settles multistate data breach investigation for $1.5 million
On January 8, a national retailer reached a $1.5 million multistate settlement with 43 states and the District of Columbia to resolve an investigation following a 2013 data breach of customer payment card information. According to the Illinois Attorney General’s announcement, the retailer will implement provisions to prevent future breaches, such as (i) complying with Payment Card Industry Data Security Standard requirements; (ii) maintaining a system to collect and monitor network activity; (iii) updating software that maintains and safeguards personal information; and (iv) devaluing payment card information through the use of encryption and tokenization technology to obfuscate payment card data. The retailer must also retain a third-party professional responsible for conducting an information security assessment and report, as well as outlining corrective measures.
Fifteen states urge the 4th Circuit against allowing non-tribal payday lenders to receive tribal immunity
On December 27, 2018, fifteen state Attorneys General filed an amici brief with the U.S. Court of Appeals for the 4th Circuit opposing the use of structures in which non-tribal payday lenders affiliate with tribal lenders to benefit from their tribal immunity and avoid state usury caps. The brief was filed in an appeal from a district court ruling, which held that a Michigan-based payday lender could not claim tribal immunity in a consumer class action because it could not prove it was an actual tribal entity. The Attorneys General argue that granting tribal immunity to non-tribal lenders would “bar enforcement of state consumer protection laws as well as, potentially, investigations into their activities.” The brief rejects the payday lender’s arguments that the plaintiff should bear the burden of negating “arm-of-the-tribe immunity” and instead urges the court to place the burden on the entity seeking the immunity. Allowing a non-tribal entity to benefit from sovereign immunity without “rigorous demonstration”, the Attorneys General argue, “may well undermine the purpose for tribal immunity” and “would have serious consequences for States’ ability to protect consumers.”
The brief was filed by the District of Columbia and the States of Connecticut, Hawaii, Iowa, Illinois, Maine, Maryland, Massachusetts, Minnesota, New Jersey, New York, North Carolina, Pennsylvania, Vermont, and Virginia.
Ohio mortgage servicers now required to register
On December 19, 2018, the Ohio Governor signed Substitute House Bill 489 (HB 489), which amends the Ohio Residential Mortgage Lending Act (RMLA) to, among other things, require a person acting as mortgage servicer to obtain a Residential Mortgage Lending Act Certificate of Registration in the state, unless exempt from the RMLA. The amendments define a “mortgage servicer” as an entity that holds mortgage servicing rights, records mortgage payments on its books, or carries out other responsibilities under the mortgage agreement.
HB 489 also revises the laws governing financial institution regulations and consumer protections. Specifically, it includes amendments which (i) provide some regulatory relief to state banks and credit unions concerning the frequency of examinations that meet certain conditions; (ii) enable requests for data analytics to be conducted on publicly available information regarding regulated state banks, credit unions, and consumer finance companies; and (iii) require that a specified notice be given to a debtor for certain collections related to defaulted debt secured by junior liens on residential properties.
The amendments take effect 91 days after the bill is filed with the Ohio Secretary of State.
4th Circuit affirms jury’s verdict clearing student loan servicer in FCA suit
On January 8, the U.S. Court of Appeals for the 4th Circuit affirmed a federal jury’s unanimous verdict clearing a Pennsylvania-based student loan servicing agency (defendant) accused of improper billing practices under the False Claims Act (FCA). As previously covered by InfoBytes, the plaintiff—a former Department of Education employee whistleblower—filed a qui tam suit in 2007, seeking treble damages and forfeitures under the FCA. The plaintiff alleged that multiple state-run student loan financing agencies overcharged the U.S. government through fraudulent claims to the Federal Family Education Loan Program in order to unlawfully obtain 9.5 percent special allowance interest payments. Over the course of several appeals, the case proceeded to trial against the student loan servicing agency after the 4th Circuit held that the entity was “an independent political subdivision, not an arm of the commonwealth,” and “therefore a ‘person’ subject to liability under the False Claims Act.” The plaintiff appealed the jury’s verdict, arguing the court erred by excluding evidence at trial and failed to give the jury several of his proposed instructions.
On appeal, the 4th Circuit disagreed with the plaintiff, finding that the court correctly excluded the state audit, which determined the student loan servicer “failed its mission” with lavish spending on unnecessary expenses. The appeal court noted the audit was irrelevant to the only issue in the case: “Did [the servicer] commit fraud and file a false claim?” The appeals court also rejected the plaintiff’s jury instruction arguments, concluding that the court’s instructions substantially covered the substance of the plaintiff’s proposal and “sufficiently explained that the jury had to consider whether [the servicer’s] claims were ‘false or fraudulent.’”
Federal Reserve issues proposal amending stress test requirements
On January 8, the Federal Reserve Board (Board) issued a notice of proposed rulemaking (NPR) that would revise company-run stress test and supervisory stress test requirements to conform with Section 401 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act). Similar to the previously issued NPRs by the FDIC and the OCC (covered by InfoBytes here), the proposed rule will, among other things, change the minimum threshold for applicability from $10 billion to $250 billion in consolidated assets and revise the frequency of required company-run stress tests for most state member banks from annual to biannual. However, the proposed rule notes that certain state member banks will still be required to conduct annual stress tests, such as (i) those that are subsidiaries of global systemically important bank holding companies; (ii) bank holding companies that have $700 billion or more in total assets; or (iii) cross-jurisdictional activity of $75 billion or more. Furthermore, the proposed rule will remove the “adverse” stress testing scenario—which the Board states has provided “limited incremental information”—and require stress tests to be conducted under the “baseline” and “severely adverse” stress testing scenarios. Comments on the NPR must be received by February 19.
OFAC adds illicit foreign exchange operation participants to Specially Designated Nationals List; issues Venezuela-related General License and new FAQ
On January 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additions to the Specially Designated Nationals List pursuant to Executive Order 13850. OFAC’s additions to the list include seven individuals—including former Venezuelan government officials—and 23 entities for their participation in a bribery scheme involving the Venezuelan Office of the National Treasury in order to conduct illicit foreign exchange operations in the country. According to OFAC, the designated persons engaged in transactions involving deceptive practices and corruption, including wiring payments that were “hidden behind a sophisticated network of U.S. and foreign companies that hid the individuals’ beneficial ownership.” As a result, all assets belonging to the identified individuals and entities subject to U.S. jurisdiction are blocked, and U.S. persons generally are prohibited from dealing.
Visit here for additional InfoBytes coverage on Venezuela sanctions.