InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
State judge says Massachusetts can sue credit reporting agency over data breach
On April 2, a state court judge denied a credit reporting agency’s motion to dismiss claims for violations of state data security regulations. The court stated that while the “mere existence of data breach” does not translate into violations of the state data security regulations, the Massachusetts Attorney General plausibly suggests that the company violated such regulations by knowing of certain vulnerabilities and failing to properly address them. As previously covered by InfoBytes, Massachusetts was the first state to file an action against the credit reporting agency after its September 2017 announcement of a data breach which affected over 143 million consumers.
Pennsylvania district court denies payday lender’s transfer request to bankruptcy court
On April 3, the U.S. District Court for the Eastern District of Pennsylvania denied a motion to move an action, filed by a group of online payday lenders (defendants), from Pennsylvania to Texas. The defendants—who filed for bankruptcy in Texas last year—sought to centralize lawsuits referred to by the court as ”rent-a-bank” and “rent-a-tribe” schemes. (See previous InfoBytes coverage on the allegations here.) The defendants argued that the presumption of trying cases related to a bankruptcy proceeding in the court where the proceeding is pending, which is commonly recognized under 28 U.S.C. Section 1412, should apply. The court, however, found that Section 1412’s presumption of transfer does not apply to police and regulatory actions. In support, the district court cited to a Montana federal judge’s decision this past January, which denied a transfer request in a similar suit brought by the CFPB against one of the defendants. In the summary of its findings, the court noted “[s]imply put, Congress has favored the interest of permitting states’ regulatory and police actions to independently proceed over the interest in centering the administration of the defendant’s related bankruptcy proceedings.”
District Court finds that combination of litigation documents is misleading and violates FDCPA
On March 30, the U.S. District Court for the Southern District of Indiana found that serving a request for admission in connection with a complaint and a summons on a debtor in a debt collection case constituted misleading communications in violation of the Fair Debt Collection Practices Act (FDCPA). According to the order, an attorney served a debtor with a request for admission along with a summons to appear in court and a complaint seeking collection of an alleged debt. The request for admission sought acknowledgment that the allegations in the debt collector’s complaint were true. The court found that, as a matter of law, the combination of the documents would confuse an unsophisticated debtor because a debtor would conclude that filing an answer to the complaint was the necessary step to avoid judgment, and not realize that he or she had to do essentially the same thing separately by serving plaintiff’s counsel within thirty days or else admit the underlying allegations. While not at issue in this case, the court noted that it would be inclined to hold that “in order to avoid a violation of the FDCPA, requests for admission should always advise of the consequences of a failure to make a timely response.”
FINRA revises anti-money laundering template for small firms
On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.
CFPB releases RFI on financial education programs
On April 4, the CFPB released its eleventh Request for Information (RFI) in a series seeking feedback on the Bureau’s operations. This RFI solicits public comment to assist the Bureau in “assessing the overall efficiency and effectiveness of its consumer financial education programs.” Pursuant to the Dodd-Frank Act, the CFPB develops education programs to educate and empower consumers to make better informed financial decisions, and to improve consumers’ financial literacy. The Bureau develops programs for the general public as well as programs designed for special populations. While the Bureau is seeking feedback on all aspects of its financial education initiatives, the RFI specifically seeks comments related to (i) the topics and delivery functions of the programs; (ii) the effectiveness of the programs, including how the Bureau should measure program success; and (iii) how to avoid duplication and improve coordination with other federal agencies. The RFI is expected to be published in the Federal Register on April 9. Comments will be due 90 days from publication.
Fannie Mae updates Selling Guide with lender contribution clarifications
On April 3, Fannie Mae updated its Selling Guide, including changes to clarify its lender contribution policy and add the option of full-service certificate custodians (FCCs). According to Fannie Mae SEL-2018-03, lender-sourced contributions to fund closing are permitted as long as the contribution is not (i) used to fund any portion of the down payment; (ii) subject to repayment requirements; or (iii) sourced from a third party. While the contribution cannot exceed borrower-paid closing costs, there is otherwise no limit on the amount of the lender contribution unless the lender is an interested party to the transaction. If the lender is an interested party, the contribution is subject to the Interested Party Contributions policy. Additionally, the Selling Guide includes information related to lenders’ option to use a Fannie Mae approved FCC for whole loans and for loans in mortgage-backed securities. The updated information includes (i) documentation and delivery requirements for loans delivered to FCCs; (ii) certification process for loans delivered to FCCs; and (iii) recognition of the new Master Custodial Agreement, which will govern the relationships involved. The Selling Guide also clarifies transaction timing related to whether a single-closing construction-to-permanent transaction is processed as a purchase or a refinance.
FDIC proposes changes to annual stress test rule
On April 2, the FDIC published proposed technical changes to its annual stress testing rule. Specifically, the proposed rule (i) changes the range of possible “as-of” dates used in the global market shock component to conform to changes already made by the Federal Reserve Board and the OCC to its annual stress testing regulations; (ii) extends the transition process for covered institutions with $50 billion or more in assets (“a national bank or federal savings association that becomes an over $50 billion covered institution in the fourth quarter of a calendar year will not be subject to the stress testing requirements applicable to over $50 billion covered institutions until the third year after it crosses the asset threshold”); and (iii) makes certain technical clarifications to the requirements of the FDIC’s stress testing rule. The FDIC proposed changes are intended to align with the changes made by the Federal Reserve and the OCC (see previously InfoBytes coverage here). Comments on the proposal must be received by June 1.
9th Circuit affirms dismissal of claims alleging survey provider violated TCPA
On March 29, the U.S. Court of Appeals for the 9th Circuit affirmed a district court’s decision to grant summary judgment in favor of a patient satisfaction survey provider (defendant), concluding that a plaintiff's signed enrollment form with her health insurance provider meant she granted “prior express consent” to receive calls from the defendant. According to the opinion, the plaintiff accused the defendant of allegedly violating the Telephone Consumer Protection Act (TCPA) when it used an automatic telephone dialing system to repeatedly call her to inquire about the quality of her experience with a network physician. She later challenged the dismissal of her suit, arguing that the calls fell outside the scope of consent. However, in agreeing with the district court’s decision, the three-judge panel held that by providing her phone number on an insurance enrollment form that permitted the insurer to share her information for “quality improvement” and other purposes, the plaintiff had provided the level of consent required by the TCPA to receive calls from the defendant. While the court acknowledged that the plaintiff “could not have known the identity of the specific entity that would ultimately call her,” by authorizing the insurance company “to disclose her phone number for certain purposes, she necessarily authorized someone other than [the insurance company] to make calls for those purposes. Specifically, she authorized calls from entities to which [the insurance company] disclosed her information.” According to the panel, the defendant fell within that category.” The panel also rejected the plaintiff’s argument that the calls violated the TCPA because the defendant failed to demonstrate that it called her on the insurance company’s behalf, finding that there is “no statutory or logical basis for imposing such a requirement.”
States pass bills amending security freeze laws
On March 29, the Colorado governor signed HB 1233, which authorizes a parent or legal guardian to request a credit reporting agency place a security freeze on a protected consumer’s credit file; the law defines protected person to include a minor under 16 years of age or an individual who is a ward of the legal guardian. According to HB 1233, if no credit file exists for the protected consumer, the credit reporting agency is required to create a record and then initiate the security freeze on such record without charge. Additionally, among other things, the law prohibits the charging of a fee for the “placement, temporary lift, partial lift, or removal of a security freeze” on a protected consumer’s credit file and allows for a protected consumer to remove the security freeze if they demonstrate the representative’s authority is no longer valid. HB 1233 becomes effective on January 1, 2019.
On March 30, the Kentucky governor signed HB 46, which updates Kentucky’s security freeze law to, among other things, allow a consumer to request a security freeze by methods established by the credit reporting agency in addition to written notification, and remove the requirement that a security freeze expire after seven years. The law continues to allow for a charge of up to ten dollars for the placement, temporary lift, or removal of a security freeze unless the consumer is a victim of identity theft and provides the credit reporting agency with a valid police report. The law is effective immediately, as the text notes that security breaches and the risk of identity theft are on the rise.
Bank and shareholders reach settlement over BSA/AML compliance allegations
On March 30, a regional bank reached a $13 million settlement with a group of its shareholders over allegations of misleading statements and omissions regarding the bank’s compliance with fair lending laws, and Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. The shareholders—purchasers of the bank’s stock between July 2013 and July 2014—allege that the bank’s misrepresentations regarding their compliance with BSA/AML laws, as well as other laws and regulations, artificially inflated the price of the bank’s stock. According to the settlement, both parties’ decisions to enter into the agreement were partially due to the length and expense of continued litigation, which began in 2014. The shareholders initiated the class action litigation in July 2014; however, the U.S. Court of Appeals for the 6th Circuit vacated the initial class certification in September 2016, remanding to the district court for further proceedings. The class was recertified by the district court in June 2017 with the 6th Circuit denying the bank’s petition for appeal of the recertification. The bank denies all allegations of wrongdoing and liability in the settlement.