InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court rules student loan servicer must turn over Department of Education borrower records to Bureau
On August 10, the U.S. District Court for the Middle District of Pennsylvania ordered a loan servicer hired by the Department of Education (Department) to service loans it owns to turn over certain Department-owned student loan borrower documents to the CFPB, which relate to the servicer’s collection and management of its federal student loan borrowers’ payments. During the course of the ongoing litigation (see previous InfoBytes coverage here), the servicer withheld the documents in discovery on the grounds that they belonged to the Department and were therefore protected from disclosure by the Privacy Act. Moreover, the servicer asserted that the dispute was really between the Bureau and the Department because, in order to turn over the documents, the servicer would first have to obtain permission from the Department.
However, according to the opinion issued by the court, turning over the documents would not violate the defendants’ agreement with the Department or violate federal privacy law. Specifically, the court stated that “there is no dispute that the borrower documents at issue are in the possession of [d]efendants, even if, as [d]efendants assert, they are owned by the Department,” and as such, under the Federal Rules of Civil Procedure, “requests can be made for production of documents, electronically stored information, and things in ‘the responding party’s possession, custody or control.’” Furthermore, the court stated that “the Privacy Act’s general prohibition on disclosure of records . . . does not create a qualified discovery privilege” and cannot be used as a means to “block the normal course of court proceedings, including court-ordered discovery.”
Conference of State Bank Supervisors announces single, national exam for mortgage loan originator licensing
On August 8, the Conference of State Bank Supervisors announced that all states and U.S. territories now use a single, common exam to assess mortgage loan originators (MLOs) in order to simplify the licensing process and streamline the mortgage industry. MLSs who pass the National SAFE MLO Test with Uniform State Content (National Test) will no longer be required to take additional state-specific tests in order to be licensed within any state or U.S. territory. The National Test is part of CSBS’ Vision 2020, which is geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers.
Find continuing InfoBytes coverage on CSBS’ Vision 2020 here.
Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions
On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.
NYDFS reminds covered entities of upcoming cybersecurity regulation compliance dates; updates FAQs
On August 8, the New York Department of Financial Services (NYDFS) issued a reminder for regulated entities required to comply with the state’s cybersecurity requirements under 23 NYCRR Part 500 that the third transitional period ends September 4. Banks, insurance companies, and other financial services institutions (collectively, “covered entities”) that are required to implement a cybersecurity program to protect consumer data must be in compliance with additional provisions of the cybersecurity regulation by this date. As of September 4, a covered entity must (i) start presenting annual reports to the board by the Chief Information Security Officer on “critical aspects of the cybersecurity program”; (ii) create an “audit trail designed to reconstruct material financial transactions” in case of a breach; (iii) institute policies and procedures to ensure the use of “secure development practices for IT personnel that develop applications”; and (iv) implement encryption to protect nonpublic information it holds or transmits. Covered entities are also required to have policies and procedures in place “to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.” Covered entities are further reminded that they have until March 1, 2019, to assess the risks presented by the use of a third-party service provider to ensure the protection of their security systems and data.
In coordination with the reminder, NYDFS provided new updates to its FAQs related to 23 NYCRR Part 500. The original promulgation of the FAQs was covered in InfoBytes, as were the last updates in February and March. The four new updates to the FAQs add the following guidance:
- Clarifies that in certain circumstances, an entity can be a covered entity, an authorized user, and a third party service provider, and therefore must comply fully with all applicable provisions;
- Outlines specific compliance provisions for covered entities that have limited exemptions from the NYDFS cybersecurity requirements;
- Identifies a covered entity’s responsibilities when addressing cybersecurity risks with respect to bank holding companies; and
- Clarifies situations and requirements for when a covered entity can rely upon the cybersecurity program that another covered entity has implemented for a common trust fund.
Find continuing InfoBytes coverage on NYDFS’ cybersecurity regulations here.
District Court dismisses ADA claim against credit union on standing grounds
On August 7, the U.S. District Court for the Northern District of Illinois dismissed claims that a credit union’s website violated the Americans with Disabilities Act (ADA), holding that the plaintiff lacked standing because he was not (and was ineligible to be) a member of the credit union. According to the opinion, the plaintiff is permanently blind and alleged that the credit union’s website did not comply with ADA requirements that are applicable to online website accessibility. The district court granted the credit union’s motion to dismiss on standing grounds, finding the plaintiff had no plausible reason to use the credit union’s website because the website was directed at members of the credit union, and the plaintiff was not (and was ineligible to be) a member.
Fannie Mae issues updated mortgage industry alert in California
Recently, Fannie Mae’s Mortgage Fraud Program issued an industry alert to mortgage companies operating in California regarding the use of false employment information by mortgage loan applicants. (See previous coverage in InfoBytes here). Fannie Mae extended its alert to Northern California and identified additional employers whose existence could not be verified by Fannie Mae. The alert provides “red flags” to help lenders and originators identify potential mortgage fraud when reviewing employment information.
CFPB settles unauthorized payday loan allegations
On August 10, the CFPB announced a settlement with multiple defendants that allegedly made unauthorized payday loans. The settlement results from a 2014 complaint that alleged, among other things, that the defendants accessed consumer checking accounts to illegally deposit the proceeds of payday loans and withdraw related fees without consumer consent. The stipulated final judgment and order, among other things, (i) imposes a penalty of up to approximately $69 million if the defendants fail to fully comply with the operative terms of the settlement; (ii) prohibits the defendants from performing similar activities in the future; and (iii) assesses a civil money penalty of $1, in part based on the defendants’ inability to pay.
On July 23, as previously covered by InfoBytes, a court approved a stipulated final judgment and order against one of the defendants, who neither admitted nor denied the Bureau’s allegations, for a civil money penalty of $1 (based, in part, on his inability to pay) and agreement to fully cooperate with the Bureau.
OCC, FDIC provide guidance to institutions affected by California wildfires
On August 9, the OCC issued a statement permitting OCC-regulated institutions to close their offices affected by wildfires in California. OCC Bulletin 2012-28 provides further guidance on natural disasters and other emergency conditions. (See previous InfoBytes coverage here). On the same day, the FDIC also provided guidance related to California wildfires in FIL-41-2018. Among other things, the FDIC is encouraging institutions to consider extending repayment terms and restructuring existing loans that may be affected.
Maryland Court of Appeals holds foreign securitization trusts do not need to be licensed in the state as collection agencies
On August 2, the Maryland Court of Appeals, in a consolidated appeal of four circuit cases, held that foreign statutory trusts are not required to obtain a debt collection agency license under the Maryland Collection Agency Licensing Act (MCALA) before filing foreclosure actions in state circuit courts. The decision results from two cases consolidated before the Court of Special Appeals and two actions appealed directly from circuit court proceedings, in which substitute trustees acting on behalf of two Delaware statutory trusts initiated foreclosure proceedings on homeowners who had defaulted on their mortgage payments. The homeowners challenged the foreclosure actions, arguing that the Delaware statutory trusts acted as collection agencies under MCALA by “obtain[ing] mortgage loans and then collet[ing] mortgage payments through communication and foreclosure actions” without being licensed. The lower courts dismissed all four foreclosure actions, finding the Delaware statutory trusts did not fall under the trust exemption to MCALA and were in the business of collecting consumer debts and therefore, subject to the MCALA licenses requirements, which both trusts had not obtained.
The overarching issue presented in the consolidated appeal was whether the Maryland General Assembly intended a foreign statutory trust, as owner of a delinquent mortgage loan, to obtain a license as a collection agency before directing trustees to initiate foreclosure proceedings. The court concluded that the plain language of MCALA was ambiguous as to the question and therefore, analyzed the legislative history and other similar statutes in order to determine the intent of the 1977 version of the law, as well as the reason the Department of Labor Licensing and Regulation revised the law in 2007 by departmental bill. Ultimately, the appeals court found the lower courts erred in dismissing the foreclosure actions against the homeowners, holding the General Assembly did not intend for MCALA to apply to foreclosure proceedings generally and therefore, foreign statutory trusts are not required to obtain a license under MCALA to initiate foreclosure proceedings.
5th Circuit affirms dismissal of automatic stay violation claim on grounds of judicial estoppel
On July 27, the U.S. Court of Appeals for the 5th Circuit affirmed a district court’s decision following a bench trial to dismiss plaintiffs’ allegations that a bank violated an automatic stay imposed during one of the plaintiff’s (debtor) bankruptcy schedules when it took foreclosure action, holding that the plaintiffs were barred by judicial estoppel from pursuing claims because the debtor failed to amend his bankruptcy schedules to disclose a quitclaim deed for his mortgage or note a change in his financial status. In this case, the debtor filed a Chapter 13 bankruptcy, but failed to list the address or creditor information for a property in which he had entered into an equity sharing agreement with his son. When the son signed a quitclaim deed conveying the property to the debtor, the deed was recorded but not listed on the bankruptcy schedules.
According to the appellate court, the debtor failed to “disclose an asset to a bankruptcy court, but then pursue[d] a claim in a separate tribunal based on that undisclosed asset” when it filed a lawsuit against the bank for wrongful foreclosure. The doctrine of judicial estoppel requires that three elements be met: (i) “the party against whom estoppel is sought has asserted a position plainly inconsistent with a prior position”; (ii) “a court accepted the prior position”; and (iii) "the party did not act inadvertently.” The court held the first two elements were met by the plaintiff’s failure to amend his bankruptcy schedules to disclose the quitclaim deed or his legal action against the bank. The court noted, however, the debtor’s actions were not inadvertent because he was aware of the inconsistency and had a motive to conceal the asset. The appellate court specifically noted the motive to conceal was “self-evident” because the debtor’s failure to disclose his changed financial status had the potential to provide a financial benefit to the debtor. The appellate court further held that the district court did not abuse its discretion in denying plaintiffs' motion for a new trial, and that, moreover, the plaintiffs failed to show that the district court abused its discretion when it chose to exclude several of their exhibits.