Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB brief defends funding structure

    Courts

    On May 8, petitioner CFPB filed its brief with the U.S. Supreme Court, criticizing the U.S. Court of Appeals for the Fifth Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the appellate court found that the Bureau’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here). The 5th Circuit’s decision also vacated the agency’s Payday Lending Rule on the premise that it was promulgated at a time when the Bureau was receiving unconstitutional funding. 

    Earlier this year, the Bureau filed a petition for a writ of certiorari, which the Court granted (covered by InfoBytes here). The Bureau explained in its petition that the 5th Circuit’s decision would negatively impact its “critical work administering and enforcing consumer financial protection laws” and “threatens the validity of all past CFPB actions as well” as the decision vacates a past agency action based on the purported Appropriations Clause violation. Community Financial Services Association of America (CFSA) filed a conditional cross-petition, seeking review on other aspects of the 5th Circuit’s decision, including that the 5th Circuit’s decision does not warrant review because the appellate court correctly vacated the Payday Lending Rule, which, according to the respondents, has “multiple legal defects, including but not limited to the Appropriations Clause issue.” (Covered by InfoBytes here.)

    In its opening brief, the Bureau expanded on why it believes the 5th Circuit erred in its holding. The Bureau argued that the text of the Appropriations Clause “does not limit Congress’ authority to determine the specificity, duration, and source of its appropriations.” The agency further explained that Congress has chosen similar funding mechanisms for many other financial regulatory agencies, including the FDIC, NCUA, FHFA, and the Farm Credit Administration (and agencies outside of the financial regulatory sector), where they are all funded in part through the collection of fees, assessments, and investments. The Bureau emphasized that the 5th Circuit and the CFSA failed “to grapple with the Appropriation Clause’s text, Congress’ historical practice, or [Supreme] Court precedent,” but instead asserted only that the funding mechanism was “unprecedented.” “Congress enacted a statute explicitly authorizing the CFPB to use a specified amount of funds from a specified source for specified purposes,” the Bureau emphasized. “The Appropriations Clause requires nothing more.” The 5th Circuit’s “novel and ill-defined limits on Congress’s appropriations authority contradict the Constitution’s text and congressional practice dating to the Founding.”

    The Bureau also addressed the now-vacated Payday Lending Rule. Arguing that even if there were some constitutional flaw in 12 U.S.C. § 5497 (the statute creating the Bureau’s funding mechanism), the 5th Circuit should have looked for some cure to allow the remainder of the funding mechanism to stand independently instead of “adopting an unjustified and profoundly disruptive retrospective remedy” and presuming the funding mechanism created under Section 5497(a)-(c) was entirely invalid. The Bureau also stressed that vacatur of the agency’s past actions was not an appropriate remedy and is inconsistent with historical practice. Adopting a remedial approach, the Bureau warned, would inflict significant disruption by calling into question 12 years of past agency actions.

    The Bureau urged the Court to at most grant only “prospective relief preventing the CFPB from enforcing the Payday Lending Rule against [CFSA] or their members until Congress provides the Bureau with funding from another source.” While such an approach could still “upend” the Bureau’s activities, “it would at least avoid the profoundly disruptive effect of unwinding already completed and concededly authorized agency actions like the Payday Lending Rule,” the Bureau wrote, adding that “[v]acatur of the CFPB’s past actions would be inappropriate in light of the significant disruption that such vacatur would produce.”

    Courts CFPB U.S. Supreme Court Appellate Fifth Circuit Payday Lending Payday Rule Funding Structure Constitution

  • District Court denies servicer’s claims that it never received QWR

    Courts

    The U.S. District Court for the Eastern District of Missouri recently considered whether a mortgage servicer received a borrower’s qualified written request (QWR) relating to a missed mortgage payment. The borrower sent a money order to cover two monthly mortgage payments, but the payments were not properly credited to her account. The borrower made several attempts to contact the mortgage servicer about the improperly credited payment. After receiving a formal notice of default, the borrower sent a “Request for Information and Notice of Error” (NOE) to the servicer explaining the situation and asking that her account be updated to reflect that all payments had been made and requesting the removal of late fees and charges. She also asked that her loan be removed from default status and sent letters to the credit reporting agencies formally disputing the delinquent payment reports. According to the court’s opinion, the borrower claimed that the servicer violated RESPA by failing to respond and violated the FCRA by failing to conduct a reasonable investigation into her credit disputes and verifying inaccurately furnished information.

    In considering both parties’ motions for summary judgment, the court granted the borrower’s motion on liability with respect to her RESPA claim and denied the servicer’s motion for summary judgment on the FCRA claims on the basis that the borrower provided evidence of actual damages resulting from the servicer’s alleged FCRA violation. The court explained that RESPA requires mortgage servicers to respond to a QWR within five days to acknowledge receipt, and again within 30 days by either correcting the account, providing a written explanation as to why it believes the account is correct, or providing the information requested by the borrower or an explanation of why the information requested is unavailable. Failure to do so entitles a borrower to any actual damages suffered as result of the failure. Claiming the NOE was a QWR, the borrower presented evidence, including a certified mail receipt allegedly showing the NOE was signed for by one of the servicer’s representatives. The servicer countered that because it had no record of the correspondence, its RESPA duties were not triggered. The servicer further argued that the NOE did not qualify as a QWR because it failed to provide sufficient information for it to investigate or respond to the request, and that even if it was a QWR, the borrower had failed to show actual damages.

    The court disagreed, determining (i) that the servicer failed to prove it did not receive the NOE, and (ii) that the NOE constituted a QWR. “The information in the letter alone is sufficient to qualify as a QWR,” the court wrote. “The letter quite specifically states the error [the borrower] believed to have occurred…. This is not an ‘overbroad’ and generalized statement of ‘bad servicing.’ It identifies an error specifically contemplated by RESPA’s regulations.” The court further added that “RESPA does not require that a lender’s violations be the sole cause of a borrower’s emotional distress. It merely requires that damages be causally related to a violation of the statute.” However, the court noted that the borrower still needs to prove at trial the extent of damages caused by the servicer's alleged violation.

    Courts RESPA Qualified Written Request Consumer Finance Credit Reporting Agency Mortgages

  • France fines facial recognition company additional €5.2 million for noncompliance

    Privacy, Cyber Risk & Data Security

    On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply with an October order. As previously covered by InfoBytes, last fall CNIL imposed a €20 million penalty against the company for allegedly violating the EU’s General Data Protection Regulation (GDPR) after investigations found that the company allegedly processed personal biometric data without a legal basis (a breach of article 6 of the GDPR), and failed to take into account an individual’s rights in an “effective and satisfactory way”—particularly with respect to requests for access to their data (a breach of articles 12, 15 and 17 of the GDPR). CNIL reported that the company had two months after receiving the October order to stop collecting and processing data on individuals located in France “without any legal basis, and to delete the data of these individuals, after responding to requests for access it received.” Because the company did not submit proof of compliance within this time frame, CNIL imposed an additional fine on top of the original penalty.

    Privacy, Cyber Risk & Data Security Courts Of Interest to Non-US Persons EU France GDPR Enforcement

  • 6th Circuit: Tennessee judicial foreclosure time-barred

    Courts

    On May 4, the U.S. Court of Appeals for the Sixth Circuit affirmed a lower court’s decision in a judicial foreclosure action, holding that a bank’s lawsuit was barred by Tennessee’s 10-year statute of limitations for actions to enforce liens on real property. The appellate court also refused to establish an equitable lien on the property in favor of the bank. According to the opinion, the home equity line of credit at issue in the case matured in 2007, requiring a final balloon payment, but the bank did not demand this payment, refinance the loan, or foreclose on the property. Instead, the bank continued to accept monthly interest payments totaling around $100,000 until 2017. The opinion reflected that the bank did not contend there to be a written instrument showing an extension of the loan or that such an extension was recorded. Rather, the bank raised several arguments, including that there was an oral modification to the loan and that it had the unilateral right to extend the loan based on “a future advances provision that could extend the maturity date for up to twenty years.” The bank further argued that the defendants’ monthly interest payments excused any writing requirement and evidenced an agreement to extend the loan’s maturity date. The appellate court disagreed, concluding that because the bank could not show, as a matter of law, that the loan’s maturity date was extended, its suit is untimely. The appellate court stated  that the bank was aware that the loan “was in default as early as 2011 (well within the statute of limitations period) but took no action to foreclose or refinance.” The 6th Circuit further noted that if the bank had “simply memorialized an extension to the [l]oan’s maturity date in writing as required by Tenn. Code Ann. § 28-2-111(c), it would not be in this situation.”

    Courts Appellate Sixth Circuit Foreclosure Mortgages Consumer Finance

  • District Court preliminarily approves $300 million auto insurance settlement

    Courts

    On May 1, the U.S. District Court for the Northern District of California preliminarily approved a $300 million class action settlement resolving claims that a national bank hid misconduct relating to its auto insurance practices. The lead plaintiff alleged that, between November 3, 2016 and August 3, 2017, the defendant made materially false or misleading statements in violation of the Securities Act, which artificially inflated the price of the defendant’s stock. Specifically, the plaintiff maintained that the defendant concealed that it allegedly force-placed unneeded collateral protection insurance (CPI) on many of its customers and failed to refund unearned guaranteed auto protection (GAP) premiums to other customers, which led to more than 20,000 customers having their cars repossessed. The plaintiff further alleged that the defendant was aware of these issues but failed to disclose them to investors or the public, and claimed that the facts did not emerge until they were published by the media in July of 2017. As a result, class members who purchased defendant’s stock during the relevant period allegedly suffered economic losses when the stock price declined as a result of two corrective disclosures that revealed the CPI and GAP issues to investors. A hearing later this year will determine the service fee award and attorneys’ fees and expenses (to be no more than 25 percent of the settlement amount). The defendant denies all claims of wrongdoing.

    Courts Consumer Finance Class Action Auto Insurance Auto Lending Settlement GAP Fees

  • FTC obtains TROs to halt student loan debt relief schemes

    Federal Issues

    On May 8, the FTC announced that the U.S. District Court for the Central District of California recently issued temporary restraining orders (TROs) against two student loan debt relief companies that allegedly tricked consumers into paying for nonexistent repayment and loan forgiveness programs. According to the complaints (see here and here), the defendants allegedly made deceptive claims in order to lure low-income consumers into paying hundreds to thousands of dollars in illegal upfront fees as part of a purported plan to pay down their student loans. The defendants allegedly made consumers believe that they were enrolled in a legitimate loan repayment program, that their loans would be forgiven in whole or in part, and that most or all of their payments would be applied to their loan balances. The FTC alleges that, in reality, the defendants pocketed the borrowers’ payments. The FTC also charged the defendants with falsely claiming to be or be affiliated with the Department of Education and stating that they were purchasing borrowers’ debt from federal student loan servicers in order to secure debt relief on their behalf. When consumers realized the debt relief program did not exist, the defendants allegedly often refused to provide refunds.

    According to the FTC, these deceptive misrepresentations violated Section 5 of the FTC Act and the Telemarketing Sales Rule (TSR). The FTC also alleges that the companies violated the Gramm-Leach-Bliley Act (GLBA), by using deceptive tactics to obtain consumers’ financial information, and the TSR, by calling numbers listed on the National Do Not Call Registry and by failing to pay required Do Not Call Registry fees for access. In issuing the TROs (see here and here), which temporarily halt the two schemes and freeze the defendants’ assets, the court noted that, upon “[w]eighing the equities and considering the FTC’s likelihood of ultimate success on the merits,” there is good cause to believe that immediate and irreparable harm will occur as a result of the defendants’ ongoing violations of the FTC Act, the TSR, and the GLBA, unless the defendants are restrained and enjoined.

    Federal Issues Courts FTC Enforcement Student Lending Debt Relief Consumer Finance FTC Act Telemarketing Sales Rule UDAP Deceptive Gramm-Leach-Bliley

  • State appeals court says electronic bank statement constituted notice of new terms

    Courts

    On May 4, the Colorado Court of Appeals held that a plaintiff had constructive notice of updated terms and conditions in her membership agreement with a defendant credit union, which included an arbitration agreement with an opt-out provision. Plaintiff entered into a finance agreement with an auto dealer, which assigned the agreement to the defendant. To complete the assignment, the plaintiff opened a savings account and signed an agreement, in which she consented to receiving and accepting statements, notices, and disclosures electronically. A few years later, the defendant updated its membership agreement’s terms to include the arbitration provision and sent notices to members with their monthly bank statements. Plaintiff received an email with information about the updates and was given an opportunity to opt-out of the arbitration provision in writing within 30 days. Records show that the plaintiff received the email but did not open it. Defendant filed a motion to dismiss plaintiff’s class action complaint and compel arbitration, but the district court concluded that the plaintiff did not have actual or constructive notice of the arbitration agreement. In reversing the district court’s ruling, the Court of Appeals wrote “we do not deem the notice as being buried or hidden in [defendant’s] email, or the surrounding information as cluttering the screen to the extent that a reasonable person would be distracted from the important notice about the ‘updated ... Membership and Account Agreement.’” The Court of Appeals also disagreed with plaintiff’s argument that her “express and affirmative consent” was required for the defendant to add the arbitration provision to the terms, stating that “[u]nder the totality of the circumstances, [plaintiff] is deemed to have assented to the addition of the arbitration agreement” as she was constructively notified of the change, did not exercise her right to opt out, and continued to use her account.

    While concurring with the majority, one of the judges questioned whether the “current ‘reasonable person’ standard that courts use for constructive notice is outdated given the economic realities of the digital age.” The judge asked whether the monthly bank statement has “significantly diminished in importance” or is becoming obsolete since consumers are able to check bank account balances and transactions “at any time and from any location.”

    Courts Arbitration Auto Finance Class Action

  • District Court dismisses FTC’s privacy claims in geolocation action

    Federal Issues

    On May 4, the U.S. District Court for the District of Ohio issued two separate rulings in a pair of related disputes between the FTC and a data broker. The disputes center around accusations made by the FTC last August that the data broker violated Section 5 of the FTC Act by unfairly selling precise geolocation data from hundreds of millions of mobile devices which can be used to trace individuals’ movements to and from sensitive locations (covered by InfoBytes here). The FTC sought a permanent injunction to stop the data broker’s practices, as well as additional relief. The data broker, upon learning that the FTC planned to filed a lawsuit against it, filed a preemptive lawsuit challenging the agency’s authority.

    The court first dismissed the data broker’s preemptive bid to block the FTC’s enforcement action, ruling that the data broker has not identified any “viable cause of action” to support its request for injunctive relief. The court explained that injunctive relief is a “drastic remedy” that is only available if no other legal remedy is available. However, the data broker possesses an “adequate remedy at law,” the court said, “because it can seek dismissal of, and otherwise directly defend against, the FTC’s enforcement action.”

    With respect to the FTC’s action, the court granted the data broker’s motion to dismiss the FTC’s complaint, but gave the agency leave to amend. The court agreed with the data broker that the FTC’s complaint lacks sufficient allegations to support its unfairness claim under Section 5 of the FTC Act. While the court disagreed with the data broker’s assertion that it did not have “fair notice that its sale of geolocation data without restrictions near sensitive locations could violate Section 5(a) of the FTC Act” or that the FTC had to allege a predicate violation of law or policy to state a claim, the court determined that the FTC failed to adequately allege that the data broker’s practices created “a ‘significant risk’ of concrete harm.” Moreover, the court found that “the purported privacy intrusion is not severe enough to constitute ‘substantial injury’ under Section 5(n).” The court noted, however that some of the deficiencies may be cured through additional factual allegations in an amended complaint.

    Federal Issues Courts Privacy, Cyber Risk & Data Security FTC Enforcement Data Brokers FTC Act UDAP Unfair

  • EU court says non-material damages in unlawful data processing may be eligible for compensation

    Privacy, Cyber Risk & Data Security

    On May 4, the Court of Justice of the European Union (CJEU) issued a judgment concluding that while not every infringement of the EU’s data protection law gives rise, by itself, to a right to compensation, non-material damage resulting from unlawful processing of data can be eligible for compensation. The CJEU reviewed questions posed by the Austrian Supreme Court on whether a mere infringement of the GDPR is sufficient to confer the right to compensation for individuals suffering non-material damages, and whether such compensation is possible only if the non-material damage suffered reaches a certain degree of seriousness. The Austrian Supreme Court also asked the CJEU to clarify what the EU-law requirements are when determining the amount of damages.

    The CJEU clarified that the General Data Protection Regulation (GDPR) does not set thresholds for the “seriousness” of damages needed to confer a right to compensation. “[I]t is clear that the right to compensation provided for by the GDPR is subject to three cumulative conditions: infringement of the GDPR, material or non-material damage resulting from that infringement and a causal link between the damage and the infringement,” the court said in the announcement. Limiting the right to compensation to non-material damage that reaches a certain threshold requirement would be contrary to the broad conception of “damage” outlined in EU law, the CJEU explained, pointing out that obtaining compensation based on a certain threshold would result in different outcomes depending on a court’s assessment. Moreover, the CJEU emphasized that because the GDPR does not contain any rules governing the assessment of damages, it is up to the each member state’s legal system to prescribe detailed rules for actions intended to safeguard individual’s rights under the GDPR, as well as the criteria for determining the amount of compensation, provided the determination complies with the principles of equivalence and effectiveness. The CJEU explained in its ruling that “an infringement of the GDPR does not necessarily result in damage, and [] that there must be a causal link between the infringement in question and the damage suffered by the data subject in order to establish a right to compensation.”

    Privacy, Cyber Risk & Data Security Courts Of Interest to Non-US Persons EU GDPR Consumer Protection

  • ID verifier to pay $28.5 million to settle BIPA allegations

    Privacy, Cyber Risk & Data Security

    On May 5, the U.S. District Court for the Northern District of Illinois preliminarily approved an amended class action settlement in which an identification verification service provider agreed to pay $28.5 million to settle allegations that it violated the Illinois Biometric Information Privacy Act (BIPA). According to the plaintiffs, the defendant collected, stored, and or used class members’ biometric data without authorization when they uploaded photos and state IDs on a mobile app belonging to one of the defendant’s customers. After the court denied the defendant’s move to compel arbitration and determined the plaintiff had standing to pursue his BIPA claims, the parties entered into settlement discussions without the defendant admitting any allegations or liability. The court certified two classes: (i) Illinois residents who uploaded photos to the defendant through the app or website of a financial institution (class members will receive $15.7 million); and (ii) Illinois residents who uploaded photos through a non-financial institution (class members will receive $12.8 million). A final approval hearing will determine attorney’s fees and expenses and incentive awards.

    Privacy, Cyber Risk & Data Security Courts State Issues Illinois Class Action Settlement Consumer Protection BIPA

Pages

Upcoming Events