InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Court orders SBA to release more PPP and EIDL information
On November 5, the U.S. District Court for the District of Columbia ordered the U.S. Small Business Administration (SBA) to release the names, addresses, and precise loan amounts of all Paycheck Protection Program (PPP) and Economic Injury Disaster Loans (EIDL) borrowers. According to the opinion, national-news organizations filed an action against the SBA seeking disclosure of the loan recipient information, after the rejection of their Freedom of Information Act (FOIA) requests. In July, the SBA released the business information of certain PPP loan recipients (covered by InfoBytes here). For any loan over $150,000, the SBA data release included business names, addresses, NAICS codes, zip codes, business type, demographic data, non-profit information, name of lender, jobs supported, and a loan amount range. For loans under $150,000, the SBA withheld the business names and addresses in the release. Additionally, the SBA did not release the names and addresses of sole proprietorships and independent contractors receiving EIDL loans. The parties filed cross-motions for summary judgment as to the propriety of SBA’s withholdings.
The court agreed with the plaintiffs, concluding that the SBA’s claimed FOIA exemptions do not cover the requested information disclosures. Specifically, the court determined that SBA’s invocation of Exemption 4 of FOIA, which “shields from disclosure ‘commercial or financial information obtained from a person and privileged or confidential,’” was not applicable because the SBA did not give borrowers the assurance of privacy. In fact, according to the court, the government explicitly told the borrowers that the information would be disclosed in a form disclaimer. The court further rejected the SBA’s claim of Exemption 6 of FOIA, concluding that the “weighty public interest in disclosure easily overcomes the far narrower privacy interest of borrowers who collectively received billions of taxpayer dollars in loans.” Thus, the court ordered the SBA to supplement the earlier disclosure and release the “names, addresses, and precise loan amounts of all individuals and entities that obtained PPP and EIDL COVID-related loans by November 19, 2020.”
Another district court dismisses TCPA action for lack of jurisdiction
On October 29, the U.S. District Court for the Northern District of Ohio dismissed a TCPA action against an energy service company and “ten John Doe corporations” (collectively, defendants), concluding that the court lacked jurisdiction over cases involving unconstitutional laws. According to the opinion, the plaintiff filed the putative class action against the defendants alleging the companies violated the TCPA by placing pre-recorded calls to the plaintiff’s cell phone without consent. While the action was pending, on July 6, the U.S. Supreme Court concluded in Barr v. American Association of Political Consultants Inc. (AAPC) that the government-debt exception in Section 227(b)(1)(A)(iii) of the TCPA is an unconstitutional content-based speech restriction (covered by InfoBytes here). The defendants moved to dismiss the action for lack of subject matter jurisdiction and the court agreed. Specifically, the court agreed with the defendants that the severance of Section 227(b)(1)(A)(iii) must be applied prospectively, thus, the statute can only be applied to robocalls made after July 6 and prior to 2015 (when the now unconstitutional government-debt exception in Section 227(b)(1)(A)(iii) was enacted). Because “the statute at issue was unconstitutional at the time of the alleged violations,” the court concluded it lacked subject-matter jurisdiction over the matter and dismissed the action.
As previously covered by InfoBytes, the U.S. District Court for the Eastern District of Louisiana was the first known court to dismiss a TCPA action based on lack of jurisdiction over calls occurring after the exception’s enactment but prior to the Supreme Court’s decision on July 6.
2nd Circuit vacates dismissal of CFPB action following Seila
On October 30, the U.S. Court of Appeals for the Second Circuit summarily vacated a 2018 district court order that had dismissed CFPB and New York attorney general claims against a New Jersey-based finance company accused of misleading first responders to the World Trade Center attack and NFL retirees about high-cost loans mischaracterized as assignments of future payment rights (covered by InfoBytes here). The district court found that the Bureau’s single-director structure was unconstitutional, and that, as such, the agency lacked authority to bring deceptive and abusive claims under the Consumer Financial Protection Act (CFPA). The district court also rejected an attempt by then-acting Director Mulvaney to salvage the Bureau’s claims, concluding that the “ratification of the CFPB’s enforcement action against defendants failed to cure the constitutional deficiencies in the CFPB’s structure or otherwise render defendants’ arguments moot.”
The 2nd Circuit remanded the case to the district court, determining that the U.S. Supreme Court’s ruling in Seila Law LLC v CFPB (covered by a Buckley Special Alert, holding that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the Bureau) superseded the 2018 ruling. Following Seila, Director Kathy Kraninger also ratified several prior regulatory actions (covered by InfoBytes here), including the enforcement action brought against the defendants. “In light of these developments, we affirm the district court's holding that the for-cause removal provision is unconstitutional, we reverse the district court's holding that the for-cause removal provision is not severable from the remainder of the CFPA, and we remand for the district court to consider in the first instance the validity of Director Kraninger’s ratification of this enforcement action,” the appellate court wrote.
OCC exempts certain QFCs from express recognition requirements
On November 2, the OCC issued Bulletin 2020-95, which announced a September 30 order granting an exemption from the express recognition requirements of 12 CFR 47.4 for certain categories of qualified financial contracts (QFC). According to the OCC, the order is intended to relieve the burdens faced by financial institutions and is consistent with the purpose of the express recognition requirements of 12 C.F.R. § 47.4 “in achieving uniform cross-border application of the U.S Special Resolution Regimes to contracts subject to such authorities.” Specifically, the order states that “non-U.S. non-linked contracts” that are entered into by foreign subsidiaries of covered banks—large, systemically important banks—are exempt from the express recognition requirements of 12 C.F.R. § 47.4.
CFPB settles with payment plan company over deceptive sales practices
On November 2, the CFPB announced a settlement with a Texas-based payment plan company, resolving allegations that the company’s loan payment program disclosures contained misleading statements in violation of the Consumer Financial Protection Act. According to the Bureau, the company’s loan payment program for auto loans is marketed as an opportunity for consumers to pay off loans faster and more cheaply, where automatic partial payments are deducted bi-weekly from consumers’ bank accounts and then forwarded to consumers’ lenders or servicers. However, consumers who enrolled in the bi-weekly program end up “making 13 monthly payments or one full extra payment to [the company] each year,” the Bureau alleged, in addition to paying a bi-weekly debit fee. According to the consent order, the company, among other things, allegedly provided consumers with a customized “benefits summary” that stated a specific amount of interest savings the consumer would receive by enrolling in the program. The Bureau alleged that the benefits summary, however, failed to disclose that the fees would ordinarily exceed the interest savings. The program—which was purportedly marketed as a “financial benefit to consumers”—created the misleading impression that consumers would save money using the product even though the company allegedly knew the majority of enrolled consumers ended up paying more in total on their loans.
The consent order requires the company to pay a $1 civil money penalty and $7.5 million in consumer redress, which is suspended upon payment of $1.5 million based on the company’s demonstrated inability to pay the full judgment. The Bureau noted in its press release that harmed consumers may be eligible to receive additional relief from the Bureau’s Civil Penalty Fund. The company is also prohibited from making any misrepresentations about its payment program or any other payment accelerator programs.
Court dismisses FCA action against national bank
On October 29, the U.S. District Court for the Eastern District of Missouri dismissed a False Claims Act (FCA) suit against a national bank, concluding the relator failed to prove the inapplicability of the public disclosure bar. According to the opinion, the relator filed an action against the national bank alleging that from 2009 to 2013, as an employee of the bank, she witnessed “numerous violations of [the bank]’s obligations under [government] loan modification programs.” The bank moved to dismiss the action on five separate grounds, including statute of limitations and public disclosure bar. The court first addressed the statute of limitations claims, applying the six-year limitation after the violation and holding that because the relator filed her action against the bank on June 2, 2018, any claims occurring before June 2, 2012 are barred as untimely.
The court then addressed the public disclosure bar, which requires courts to dismiss an action under the FCA “if substantially the same allegations or transactions as alleged in the action or claim were publicly disclosed….” The bank argued, and the relator did not contest, that the relator’s allegations “had already been publicly disclosed through the news media, a federal lawsuit, and federal reports.” The court rejected the relator’s claims that she should qualify as an original source of the information. Specifically, the court concluded that while the relator may have independent knowledge of the information provided in her complaint by virtue of her employment, she did not “materially add[] to” the public disclosures and thus, did not carry “her burden to prove the inapplicability of the public disclosure bar.” Accordingly, the court dismissed all remaining allegations postdating July 2, 2012.
CFPB finalizes rule on confidential information disclosures
On October 29, the CFPB issued a final rule to modify its procedures for the disclosure of records and information. As previously covered by InfoBytes, in August 2016, the Bureau issued a proposed rule seeking to, among other things, amend procedures used by persons in the public domain to obtain information from the CFPB under the Freedom of Information Act (FOIA), the Privacy Act of 1974, and legal proceedings. In September 2018, the Bureau published a final rule addressing FOIA, the Privacy Act, and certain legal proceedings (covered by InfoBytes here). The Bureau now issues a final rule addressing “the confidential treatment of information obtained from persons in connection with the exercise of its authorities under federal consumer financial law.” The final rule amends definitions and clarifies certain provisions of subparts A and D of section 1070 of title 12 of the Code of Federal Regulations, which the Bureau states are intended to, among other things, (i) “improve transparency” about the Bureau’s confidential information procedures; (ii) increase collaborations with agency partners; and (iii) improve the Bureau’s ability to protect confidential information.
Agencies outline standards for strengthening operational resilience
On October 30, the Federal Reserve Board, OCC, and FDIC (agencies) released an interagency paper describing standards and sound practices for increasing operational resilience. (See also the Fed’s release and FDIC FIL-103-2020). The paper, titled Sound Practices to Strengthen Operational Resilience, does not revise existing agency regulations or guidance, but rather provides a “comprehensive approach” for banks to strengthen and maintain operational resilience. According to the agencies, “[r]obust operational risk and business continuity management anchor the sound practices, which are informed by rigorous scenario analyses and consider third-party risks. Secure and resilient information systems underpin the approach to operational resilience, which is supported by thorough surveillance and reporting.” The paper also includes an appendix focused on sound practices for cyber risk management and cybersecurity preparedness. The appendix is aligned to the National Institute of Standards and Technology Cybersecurity Framework and is “augmented to emphasize governance and third-party risk management.” The standards set forth in the paper are intended for large, domestic banks with more than $250 billion in average total consolidated assets, or banks with more than $100 billion in total assets and other risk characteristics.
Trade group sues CFPB over payday repeal
On October 29, a national community advocate group filed a complaint against the CFPB challenging the Bureau’s repeal of the underwriting provisions of the agency’s 2017 final rule covering “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (Rule). As previously covered by InfoBytes, in July, the CFPB issued a final rule revoking, among other things, the Rule’s (i) provision that makes it an unfair and abusive practice for a lender to make covered high-interest rate, short-term loans or covered longer-term balloon payment loans without reasonably determining that the consumer has the ability to repay the loans according to their terms; (ii) prescribed mandatory underwriting requirements for making the ability-to-repay determination; and (iii) the “principal step-down exemption” provision for certain covered short-term loans.
The complaint alleges that the Bureau’s repeal of the underwriting provisions of the Rule was “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with the law.” Specifically, the complaint asserts that the Bureau invented a “new evidentiary standard” when it required that evidence supporting the need for the underwriting provisions be “robust and reliable,” which, according to the complaint, is a standard “custom-designed” to repeal the provisions. The complaint further argues that the CFPB “failed to consider the harms that consumers suffer from no-underwriting lending” and relied on analysis and data that was not “previously made available for comment.” The complaint seeks a declaration that the repeal was unlawful and an order requiring the Bureau to “take necessary steps to ensure prompt implementation of the 2017 Payday Lending Rule’s Ability-to-Repay Protections.”
Online bank reaches settlement with customers over service disruption
On October 28, the U.S. District Court for the Northern District of California issued an order granting preliminary approval of a putative class action settlement concerning allegations that an online bank’s service disruption prevented customers from accessing their account, including through card purchases and ATM withdrawals. The plaintiffs also claimed that after the service disruption, “some customers reported incorrect account balances and unauthorized charges.” The plaintiffs alleged, among other things, claims for negligence, unjust enrichment, breaches of contract and fiduciary duty, conversion, and violations of several state laws. Following a series of settlement negotiations, the parties entered into an amended settlement identifying the settlement class as “[a]ll consumers who attempted to and were unable to access or utilize the functions of their accounts with [the defendant], as confirmed by a failed transaction or locked card as recorded in [the defendant]’s business records, beginning on October 16, 2019 through October 19, 2019, as a result of the Service Disruption.” Under the settlement, tier one customers who are unable or choose not to provide documentation substantiating their alleged losses can receive up to $25 for verified claims. Tier two customers who can show “‘reasonable documentation’ to substantiate their loss” can receive their verified loss, up to $750. The defendant has agreed to set aside $4 million to cover tier one claims and $1.5 million to cover tier two claims. The defendant is also required to make a minimum payment of $1.5 million in addition to the nearly $6 million it already paid to active customers in connection with the service disruption in the form of $10 “courtesy” payments, as well as credits the defendant issued to customers “who incurred ‘certain transaction fees’” during the service disruption.