InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Washington Court of Appeals affirms dismissal of suit accusing bank of collecting debt under a different name
On May 3, the Washington Court of Appeals, Division Three, affirmed the dismissal of an action accusing a defendant bank of violating the FDCPA by attempting to collect a debt in a name that differed from its own. The plaintiff obtained a credit card from the bank in 2006. Following a merger between the bank holding company (a separate legal entity at the time) and a card services company, the defendant bank merged with and under the charter of the card services company and notified credit card customers that the new issuer and administrator of their accounts would be the card services company. In 2014, the card services company merged into and under the charter of the national bank of the same name, who subsequently became issuer and administrator of the credit card portfolio and the named creditor of the plaintiff’s account. By 2012, the plaintiff had stopped making payments on his credit card and was sued by the card services company. While this action was pending, the 2014 merger occurred but the collection action was not updated to reflect this development. Eventually, the collection action was dismissed without prejudice, and the plaintiff sued the defendant in Washington state court, claiming the defendant violated the FDCPA because it continued its collection suit under the name of the card services company after the merger had taken place. The state court dismissed the case, and the plaintiff appealed. At issue was whether the national bank “falls under the FDCPA despite its status as a creditor because it used a name other than its own ‘which would indicate that a third person is collecting or attempting to collect’ the debt owed by” the plaintiff.
The Court of Appeals disagreed and held that even a least sophisticated consumer would not be confused and think that the debt had been transferred to a third-party collection agency. “Instead, a least sophisticated consumer (and even average-level consumer) might be led to believe that nothing had changed and [the card services company] was still collecting its credit card debt in its own right,” the Court of Appeals wrote. “There is no reason to think a least sophisticated consumer would be led to believe that [the bank] had acquired [the card services company’s] debt and then contracted with [it] to collect the debt.”
9th Circuit: Data release did not violate defendant’s Fourth Amendment rights
On April 27, the U.S. Court of Appeals for the Ninth Circuit concluded that limited digital data uncovered online that was not collected at the behest of the government did not violate the Fourth Amendment, which protects individuals from unreasonable government searches and seizures. According to the opinion, the defendant, who was convicted of child exploitation, argued that his Fourth Amendment rights were violated when two electronic service providers (ESPs) investigated his accounts without a warrant and reported the evidence of child sexual exploitation. He further maintained that evidence seized upon his arrest should have been suppressed because the ESPs were “acting as government agents when they searched his online accounts,” and that “he had a right to privacy in his digital data and that the government’s preservation requests and subpoenas, submitted without a warrant, violated the Fourth Amendment.”
The 9th Circuit disagreed, concluding first that the federal Stored Communications Act and the Protect Our Children Act “transformed the ESPs’ searches into governmental action” and “that the government was sufficiently involved in the ESPs’ searches of the defendant’s accounts to trigger Fourth Amendment protection.” The appellate court also determined that the government’s preservation requests for the private communications did not amount to unreasonable seizure and that “the defendant did not have a legitimate expectation of privacy in the limited digital data sought in the government’s subpoenas, where the subpoenas did not request any communication content from the defendant’s accounts and the government did not receive any such content in response to the subpoenas.” Moreover, the 9th Circuit stated that the defendant agreed to terms of use that granted the ESPs’ contractual rights under agreed upon privacy policies “to investigate, prevent, or take action regarding illegal activities,” and consented to the ESPs honoring of preservation requests from law enforcement.
District Court partially affirms summary judgment in interest case
On April 28, the U.S. District Court for the Southern District of New York granted in part and denied in part parties’ motions for summary judgment in a suit challenging the retroactive application of a New York statute reducing the state’s statutory interest rate on money judgments arising out of consumer debt. In doing so, the court considered S5724A, the Fair Consumer Judgment Interest Act. As previously covered by InfoBytes, the New York governor signed S5724A in December 2021, which amended the civil practice law and rules relating to the rate of interest applicable to money judgments arising out of consumer debt. Specifically, the bill provides that the interest rate that can be charged on unpaid money judgments is 2 percent and applies to judgments involving consumer debt, which is defined as “any obligation or alleged obligation of any natural person to pay money arising out of a transaction in which the money, property, insurance or services which are the subject of the transaction are primarily for personal, family or household purposes […], including, but not limited to, a consumer credit transaction, as defined in [section 105(f) of the civil practice law and rules].” The bill became effective April 30. According to the suit, a group of credit unions (plaintiffs) filed a federal class action lawsuit seeking to enjoin the enforcement or implementation of S5724A. The plaintiffs sought to invalidate the retroactive portion of S.5724A, arguing that it is an unconstitutional taking in violation of the Fifth Amendment and violative of their substantive due process rights guaranteed under the Fourteenth Amendment. The plaintiffs claimed that they are collectively owed about $3.8 million of outstanding consumer judgments, which includes approximately $1 million in interest, and sought a preliminary injunction enjoining the effective date of S572A. The plaintiffs brought suit against the Chief Administrative Judge of the New York State Courts, and the sheriffs of three New York counties in their official capacity on the basis that those parties “will be involved in enforcement of the Amendment.” The district court issued the preliminary injunction with respect to the sheriffs, relying on the credit unions’ arguments that retroactive application will “eradicate millions of dollars from the balance of judgments lawfully due and owing to judgment creditors.” The district court noted that “[r]egulatory takings … involve government regulation of private property [that is] . . . so onerous that its effect is tantamount to a direct appropriation or ouster. Thus, ‘while property may be regulated to a certain extent, if regulation goes too far it will be recognized as a taking.’”
Special Alert: Federal court says state bank, fintech partner must face Maryland’s allegation of unlicensed lending before state ALJ
A federal court late last month told a state-chartered bank and its fintech partner that they must return to a state administrative law proceeding to fight a Maryland enforcement action alleging that their failure to obtain a license to lend and collect on loans violated state law — potentially rendering the terms of certain loans unenforceable.
The Missouri-chartered bank and its partners attempted to remove an action brought by the Office of the Maryland Commissioner of Financial Regulation to the U.S. District Court for the District of Maryland, but the district court determined that removal was not proper and that Maryland’s Office of Administrative Hearings was the appropriate venue.
OCFR initially filed charges in January 2021 in Maryland’s Office of Administrative Hearings against the bank and its partner asserting the bank made installment and consumer loans and extended open-ended or revolving credit in the state without being licensed or qualifying for an exception to licensure. As a result, OCFR said they “‘may not receive or retain any principal, interest, or other compensation with respect to any loan that is unenforceable under this subsection.’” It said that not only are the bank’s loans to all Maryland consumers possibly unenforceable, but also that the bank, or its agents or assigns, could in the alternative be “prohibited from collecting the principal amount of those loans from any of these consumers or from collecting any other money related to those loans.”
The OCFR’s charge letter also said the fintech company that provided services to the bank violated the Maryland Credit Services Business Act by providing advice and/or assistance to consumers in the state “with regard to obtaining an extension of credit for the consumer when accepting and/or processing credit applications on behalf of the Bank without a credit services business license.” Additionally, the OCFR alleged violations of the Maryland Collection Agency Licensing Act related to whether the fintech company engaged in unlicensed collection activities, thus subjecting it to the imposition of fines, restitutions, and other non-monetary remedial action.
The defendants filed a notice of removal to federal court last year while the enforcement action was still pending before the OAH; OCFR moved to remand the case back to the agency.
In granting the OCFR’s motion to remand, the court concluded that the OCFR persuasively argued that the defendants have not properly removed this case from the OAH for several reasons, including that the OAH does not function as a state court. “Pursuant to 28 U.S.C. § 1441, a defendant may remove to federal court ‘any civil action brought in a State court of which the district courts of the United States have original jurisdiction.’” However, the court determined that, while defendants correctly observed that the OAH possesses certain “court-like” attributes, its limitations clearly showed that it does not function as a state court.
In reaching this conclusion, the court considered several undisputed facts, including that the OCFR is a unit of the Maryland Department of Labor “responsible for, among other things, issuing licenses to entities wishing to issue loans to consumers in Maryland and investigating violations of Maryland’s consumer loan laws.” The court also said that, while OCFR has authority under Maryland law to investigate potential violations of law or regulation and has the ability to issue cease and desist orders, revoke an individual’s license, or issue fines, it cannot enforce its own subpoenas or orders — and that its decisions are not final and may be appealed to a state circuit court.
The defendants had argued that the case involved a federal question as a result of the complete preemption of state usury laws by Section 27 of the FDI Act. The court said licensure, not state usury law claims, was the issue at hand.
During a status conference held last month to discuss OCFR’s motion to remand, defendants requested an opportunity to file a motion certifying the case for appeal. The court will hold in abeyance its remand order pending resolution of that motion. Parties’ briefings are due by the end of May.
If you have any questions regarding the ruling or its ramifications, please contact a Buckley attorney with whom you have worked in the past.
District Court approves final class action privacy settlement
On April 29, the U.S. District Court for the Western District of New York granted final approval of a class action settlement resolving privacy and data security allegations against a health insurance company and several related health insurance entities (collectively, “defendants”). According to the plaintiffs’ memorandum of support, the plaintiff filed suit in 2015, alleging that the defendants compromised the personal identifying information, Social Security numbers, and medical and financial data of approximately 9.3 million policy holders from a 2013 data breach. After the security incident was announced, 14 lawsuits were filed, which were consolidated with this case. Under the terms of the final settlement, the defendants are required to implement information security and compliance measures, and comprehensively address security risks. The settlement also includes $3.6 million in attorneys’ fees and $700,000 in litigation costs. Class representatives will be awarded service awards that range between $1,000-$7,500 each, which will total approximately $95,500.
5th Circuit: CFPB enforcement may proceed but funding questions remain
On May 2, the U.S. Court of Appeals for the Fifth Circuit issued an en banc decision vacating a district court’s interlocutory decision denying the plaintiff payday lenders’ motion for judgment on the pleadings, and holding that the CFPB can continue its enforcement action against a Mississippi-based payday lending company subject to further order of the district court. As previously covered by InfoBytes, the CFPB filed a complaint against two Mississippi-based payday loan and check cashing companies for allegedly violating the CFPA’s prohibition on unfair, deceptive, or abusive acts or practices. In March 2018, a district court denied the payday lenders’ motion for judgment on the pleadings, rejecting the argument that the structure of the Bureau is unconstitutional and that the agency’s claims violate due process. The 5th Circuit agreed to hear an interlocutory appeal on the constitutionality question. And, prior to the U.S. Supreme Court’s ruling in Seila Law LLC v. CFPB, a divided panel held that the CFPB’s single-director structure is constitutional, finding no constitutional defect with allowing the director of the Bureau to only be fired for cause (covered by InfoBytes here).
The 5th Circuit voted sua sponte to rehear the case en banc and issued an opinion in which the majority vacated the district court’s opinion as contrary to Seila Law. The majority did not, however, direct the district court to enter judgment against the Bureau because, though the Supreme Court had found that the director’s for-cause removal provision was unconstitutional, it was severable from the statute establishing the Bureau (covered by a Buckley Special Alert). The majority determined that the “time has arrived for the district court to proceed” and stated it “place[s] no limitation on the matters that that court may consider, including, without limitation, any other constitutional challenges.”
In dissent, several judges issued an opinion arguing that the case should be dismissed because the agency’s funding structure violates the Constitution’s separation of powers and “is doubly removed from congressional review.” The dissenting judges explained that the Bureau is not subject to the Congressional appropriations process for its budget, unlike most federal agencies, but rather receives its funding directly from the Federal Reserve Board. This budgetary process was intended to ensure full independence from Congress and prevent future congresses from using budget cuts to influence the Bureau’s agenda and priorities. The dissenting judges argued, however, that such a structure violates the Appropriations Clause of the Constitution. “The CFPB’s double insulation from Article I appropriations oversight mocks the Constitution’s separation of powers by enabling an executive agency to live on its own in a kingly fashion,” the dissent stated. “The Framers warned that such an accumulation of powers in a single branch of government would inevitably lead to tyranny. Accordingly, I would reject the CFPB’s novel funding mechanism as contravening the Constitution’s separation of powers. And because the CFPB funds the instant prosecution using unconstitutional self-funding, I would dismiss the lawsuit.”
District Court orders evidence showing customer agreed to arbitration clause in clickwrap agreement
On April 15, the U.S. District Court for the Northern District of California ordered a defendant “teledentristry” practice to file a declaration evidencing a clickwrap agreement that shows that the plaintiff assented to an arbitration agreement in an addendum to a retail installment contract. The plaintiff filed a putative class action claiming the defendant failed to comply with consumer protection licensing requirements and made misleading and false representations to consumers about the scope of its services and the provided dental care. The defendant moved to compel arbitration, stating that when customers create an account on the defendant’s website, they are required to affirmatively check a clickwrap checkbox to provide informed consent and must agree to the defendant’s terms and conditions before finalizing the registration process. The checkbox is not pre-checked, the defendant stated, and customers can view the full terms and conditions when clicking on the hyperlinks for each policy. The defendant maintained that if the plaintiff had clicked on the “Informed Consent” hyperlink, he would have been presented with the arbitration clause. The defendant also claimed that its servers log customers’ electronic assent to the terms and conditions and provided evidence purportedly showing that the plaintiff accepted the terms and conditions. The plaintiff countered that he did not assent to the arbitration agreement.
The arbitration dispute concerns whether the plaintiff assented to the arbitration agreement, whether the agreement is valid and enforceable, and whether the agreement delegates questions of arbitrability to the arbitrator and not the court. According to the court, the defendant failed to show sufficient evidence that the plaintiff agreed to the arbitration agreement and stated it will issue a ruling once the defendant provides additional evidence showing what the plaintiff would have seen when he allegedly assented to the clickwrap agreement, as well as “the circumstances under which [plaintiff] received and allegedly assented to the addendum to the retail installment contract.” The court’s order also granted plaintiff’s motion to further amend the complaint but denied plaintiff’s motion to remand on the grounds that the Class Action Fairness Act of 2005 conferred subject-matter jurisdiction upon the court.
District Court grants class certification in FDCPA suit
On April 27, the U.S. District Court for the Western District of Pennsylvania granted a plaintiff’s motion for class certification in an action against a consumer debt buyer (defendant) for allegedly violating the FDCPA by stating that a judgment may be awarded prior to the expiration of a settlement offer, even though a collection lawsuit was not filed. According to the opinion, the plaintiff received a collection letter from the defendant that offered a “discount program” for his “Legal Collections account without any further legal action,” which had to be accepted within a month. The letter also stated that “[a] judgment could be awarded by the court before the expiration of the discount offer listed in this letter,” despite the fact that at the time the letter was received, there were no pending court cases in which a judgment could be entered against the plaintiff. After receiving the letter, the plaintiff filed suit, alleging that the defendant violated the FDCPA by making false, misleading, and deceptive misrepresentations about the debt. Among other things, the defendant argued that the size of the class would be impossible to ascertain because identifying class members would require individualized inquiries into who received a letter and when. By holding that the FDCPA violation occurred when a letter was sent rather than when it was received, the court rejected the defendant’s argument and ruled instead that individualized inquiry is not necessary. According to the district court, “[r]eviewing this information will, of course, require some level of individualized inquiry. But the need for file-by-file review to identify class members is not fatal to class certification.” The district court further noted that “[c]ourts and parties must be able to determine accrual dates with some degree of certainty,” and “[t[he date of receipt may often be impossible to determine, particularly where the recipient is an individual as opposed to a commercial entity.”
4th Circuit will not revive investors’ data breach case
On April 21, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court’s dismissal of a securities suit against a hotel corporation (defendant) alleging that they misled the plaintiffs regarding data vulnerabilities connected to a major breach of customers’ personal information. According to the opinion, two years after merging with another hospitality corporation, the defendant “learned that malware had impacted approximately 500 million guest records in the [hospitality corporation’s] guest reservation database.” An investor filed a putative class action against the defendant and nine of its officers and directors, alleging that its failure to disclose severe vulnerabilities in the hospitality corporation’s IT systems rendered 73 different public statements false or misleading in violation of Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act) and SEC Rule 10b-5. The district court granted the defendant’s motion to dismiss with prejudice and concluded that the plaintiffs “‘failed to adequately allege a false or misleading statement or omission, a strong inference of scienter, and loss causation,’ which doomed the claim under Section 10(b) and Rule 10b-5 as well as the secondary liability claim [under Section 20(a) of the Exchange Act].” The investor appealed, dropping its challenge to 55 of the statements but maintaining its challenge to the other 18.
On appeal, the 4th Circuit agreed with the district court that the defendant’s statements about the importance of cybersecurity were not misleading with respect to the quality of its cybersecurity efforts. The appellate court found that “[t]he ‘basic problem’ with the complaint on this point is that ‘the facts it alleges do not contradict [the defendant’s] public disclosures,’” and that reiterating the “basic truth” that data integrity is important does not mislead investors or create a false impression. The appellate court also noted that the complaint “concedes that [the defendant] devoted resources and took steps to strengthen the security of hospitality corporation’s systems,” and that the company included “such sweeping caveats that no reasonable investor could have been misled by them.” The appellate court concluded that the defendant “certainly could have provided more information to the public about its experience with or vulnerability to cyberattacks, but the federal securities laws did not require it to do so.”
District Court dismisses state law claims concerning scanned email allegations
On April 26, the U.S District Court for the Northern District of California granted a defendant tech company’s motion for reconsideration to dismiss a plaintiffs’ Washington Privacy Act (WPA) claims that it shared customer data with third parties without first obtaining consent. According to the amended complaint, the defendant allegedly misrepresented its privacy and security practices in violation of federal and state law by, among other things, sharing customer data with unauthorized third parties (some of which suffered data breaches), using customer data to develop products and services to sell to other companies, and falsely promising it complied with privacy and confidentiality standards. Plaintiffs alleged the company scanned 400 billion customer emails to obtain insights for its API, which it then sold to others.
In its prior ruling, the court dismissed plaintiffs’ Wiretap Act and Stored Communications Act claims but allowed the WPA claims to proceed. The defendant then filed a motion for partial reconsideration, arguing that the WPA claim is also premised on the same scanned email theory as with the other two claims that were already dismissed. The court agreed that the plaintiffs failed to sufficiently allege that their emails were scanned and dismissed the WPA claims without leave to amend because the “interception or disclosure of a communication” was necessary “in order for the conduct to be actionable.”