InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
States receive $245 million judgment against robocall operation
On March 6, the U.S. District Court for the Southern District of Texas entered stipulated orders and permanent injunctions against two individuals who, along with their companies (also named as defendants in the litigation), allegedly operated a massive robocall campaign to sell extended car warranties and health care services. (See orders here and here.) Eight states attorneys general alleged violations of the TCPA and the Telemarketing Sales Rule, as well as various state consumer protection laws, claiming that the defendants initiated millions of robocalls to individuals nationwide without their prior express consent, spoofed caller ID numbers to mislead recipients, and called people whose numbers were on the Do Not Call Registry. Under the terms of the orders, the individual defendants (who neither admitted nor denied the allegations) are permanently banned from initiating or facilitating (or causing others to initiate or facilitate) any robocalls, working in or with companies that make robocalls, or engaging in any telemarketing. The court also ordered each individual defendant to pay a $122.3 million monetary judgment; however, these payments are mostly suspended in favor of the more permanent bans due to their inability to pay. The states noted that they are continuing their cases in the same action against others who allegedly worked with the individual defendants to facilitate the robocalls.
DFPI issues more proposed changes to Student Loan Servicing Act
On March 6, the California Department of Financial Protection and Innovation (DFPI) issued a notice of second modifications to proposed regulations under the Student Loan Servicing Act (Act), which provides for the licensure, regulation, and oversight of student loan servicers by DFPI (covered by InfoBytes here). Last September, DFPI issued proposed rules to clarify, among other things, that income share agreements (ISAs) and installment contracts, which use terminology and documentation distinct from traditional loans, serve the same purpose as traditional loans (i.e., “help pay the cost of a student’s higher education”), and are therefore student loans subject to the Act. As such, servicers of these products must be licensed and comply with all applicable laws, DFPI said. (Covered by InfoBytes here.) In January, DFPI issued modified proposed regulations, outlining additional changes to definitions, time zone requirements, borrower protections, and examinations, books, and records requirements. (Covered by InfoBytes here.)
Following its consideration of public comments on the modified proposed regulations, DFPI is proposing the following additional changes:
- Amendments to definitions. Among other changes, the proposed changes amend “education financing products” to include private student loans which are not traditional loans. This change reverts the definition back to the word used in the original proposed rules. DFPI explained that this change “is necessary because the term ‘private student loan’ is defined later in the rules . . . but the term ‘private education loan’ is not separately defined.” The proposed changes also clarify “that the payment cap, which is the maximum amount payable under an income share agreement, may be expressed as an APR or an amount or a multiple of the amount advanced, covered, credited, deferred, or funded, excluding charges related to default.” Additionally, the changes revise the definition of “qualifying payment” to explain that “qualifying payments count toward maximum payments and the payment cap but not also the payment term.”
- Borrower protections. The first round of changes revised the time zone in which a payment must be received to be considered on-time to Pacific Time, in order to protect California borrowers. However, in further modifying the timing requirement, DFPI explained in its notice that “[r]equiring cut off times different than those posted on the servicer’s website just for California borrowers would deviate from standard current practices, would require system changes and enhancements that would be very expensive to implement and could cause confusion and operational risk to both servicers and borrowers. Limiting the exception to only those situations where the servicer has not posted the cut off time aligns with servicers’ operational capabilities and national banking standards.”
- Qualified written requests. The proposed changes clarify requirements for sending acknowledgments of receipt and responses to qualified written requests.
The second modifications also clarify provisions related to education financing servicing report requirements, and provide that upon notice, a student loan servicer must make available for inspection its books, records, and accounts at a licensed location designated by the DFPI or electronically.
Comments on the second modifications are due March 23.
6th Circuit: Each alleged FDCPA violation carries its own statute of limitations
On March 1, the U.S. Court of Appeals for the Sixth Circuit reversed the dismissal of a debt collection action, holding that every alleged violation of the FDCPA has its own statute of limitations. According to the opinion, the plaintiff financed a furniture purchase through a retail installment contract. While making payments on the contract, the company purportedly sold the debt to a third party. After the plaintiff defaulted on the debt, the third party—through the defendant attorney—sued the plaintiff in state court to recover the unpaid debt and attorney’s fees. After the third party eventually voluntarily dismissed the suit due to questions of whether the debt transfer was valid, the plaintiff sued the attorney for violating the FDCPA, alleging the defendant doctored the retail installment contract (RIC) to make it appear as if the debt assignment was legal. The defendant moved to dismiss the complaint as time-barred by the FDCPA’s one-year statute of limitations. The district court dismissed the case citing the complaint was filed more than a year after the third party filed the state court complaint and later denied both the plaintiff’s motion for reconsideration and the defendant’s motion for attorney’s fees. Both parties appealed.
On appeal, the 6th Circuit agreed that the plaintiff made a timely claim. Plaintiff argued that at least one of her claims fell within the one-year statute of limitations—the attorney’s filing of the updated RIC that allegedly showed the “contrived transfer” of debt—and maintained that she filed within one year of that alleged violation. The defendant countered, among other things, that the plaintiff’s claim was time-barred because it was a continuing effect of the third party’s initial filing of the state court complaint. The 6th Circuit reviewed caselaw on the “continuing-violation doctrine” and determined that the doctrine was not relevant to the case, stating that the plaintiff never invoked it because she was not “trying to sweep in acts that would otherwise be outside of the filing period,” but rather sought “redress for a single claim that is not time-barred.” The 6th Circuit emphasized that the plaintiff’s “single claim is independent of [the third party’s] initial filing of the lawsuit—not a continuing effect of it—because it is a standalone FDCPA violation.” The opinion further stated that the only date considered for the statute of limitations is the date a lawsuit is filed when subsequent FDCPA violations within that lawsuit occurred, and wrote that “[i]f we were to only consider the date [the third party] filed suit . . . we would create a rule that disregards the fact that §1629k(d) creates an independent statute of limitations for each violation of the FDCPA . . . . And if we adopted [the defendant’s] approach, we’d be saying that ‘so long as a debtor does not initiate suit within one year of the first violation, a debt collector [is] permitted to violate the FDCPA with regard to that debt indefinitely and with impunity.’”
District Court says EFTA applies to cryptocurrency
On February 22, the U.S. District Court for the Southern District of New York partially granted a cryptocurrency exchange’s motion to dismiss allegations that its inadequate security practices allowed unauthorized users to drain customers’ cryptocurrency savings. Plaintiffs claimed the exchange and its former CEO (collectively, “defendants”) failed to correctly implement a two-factor authentication system for their accounts and misrepresented the scope of the exchange’s security protocols and responsiveness. Plaintiffs filed a putative class action alleging violations of the EFTA and New York General Business Law, along with claims of negligence, negligent misrepresentation, breach of contract, breach of warranty, and unjust enrichment. The defendants moved to dismiss, in part, by arguing that the EFTA claim failed because cryptocurrency does not constitute “funds” under the statute. The court denied the motion as to the plaintiffs’ EFTA claim, stating that the EFTA does not define the term “funds.” According to the court, the ordinary meaning of “cryptocurrency” is “a digital form of liquid, monetary assets” that can be used to pay for things or “used as a medium of exchange that is subsequently converted to currency to pay for things.” In allowing the claim to proceed, the court referred to a final rule issued by the CFPB in 2016, in which the agency, according to the court’s opinion, “expressly stated that it was taking no position with respect to the application of existing statutes, like the EFTA, to virtual currencies and services.” In the final rule, the Bureau stated that it “continues to analyze the nature of products or services tied to virtual currencies.” The court dismissed all of the remaining claims, citing various pleading deficiencies, and finding, among other things, that the “deceptive acts or practices” claim under New York law failed because plaintiffs did not identify specific deceptive statements the defendants made or deceptive omissions for which the defendants were responsible.
4th Circuit remands privacy suit to state court
On February 21, the U.S. Court of Appeals for the Fourth Circuit held that a proposed class action over website login procedures belongs in state court. Plaintiff alleged that after a nonparty credit reporting agency experienced a data breach, it used the defendant subsidiary’s website to inform customers whether their personal data had been compromised. Because the defendant’s website required the plaintiff to enter six digits of his Social Security number to access the information, the plaintiff alleged violations of South Carolina’s Financial Identity Fraud and Identity Theft Protection Act and the state’s common-law right to privacy. Under the state statute, companies are prohibited from requiring consumers to use six digits or more of their Social Security number to access a website unless a password, a unique personal identification number, or another form of authentication is also required. According to the plaintiff, the defendant’s website did not include this requirement.
The defendant moved the case to federal court under the Class Action Fairness Act and requested that the case be dismissed. Plaintiff filed an amended complaint in federal court, as well as a motion asking the district court to first determine whether it had subject matter jurisdiction, given the U.S. Supreme Court’s ruling in TransUnion LLC v. Ramirez, which clarified the type of concrete injury necessary to establish Article III standing (covered by InfoBytes here). Although the district court held that the plaintiff had alleged “an intangible concrete harm in the manner of an invasion of privacy,” which it said was enough to give it subject-matter jurisdiction “at this early stage of the case,” it dismissed the case after determining the plaintiff had not plausibly stated a claim.
In reversing and remanding the action, the 4th Circuit found that the plaintiff alleged only a bare statutory violation and had not pled a concrete injury sufficient to confer Article III standing in federal court. The appellate court vacated the district court’s decision to dismiss the case and ordered the district court to remand the case to state court. The 4th Circuit took the position that an intangible harm, such as a plaintiff “enduring a statutory violation” is insufficient to confer standing unless there is a separate harm “or a materially increased risk of another harm” associated with the violation. “[Plaintiff] hasn’t alleged—even in a speculative or conclusory fashion—that entering six digits of his SSN on [defendant’s] website has somehow raised his risk of identity theft,” the 4th Circuit said. In conclusion, the 4th Circuit wrote: “We offer no opinion about whether the alleged facts state a claim under the Act. Absent Article III jurisdiction, that’s a question for [plaintiff] to take up in state court.”
9th Circuit concludes district attorneys can sue national banks in state court
On February 27, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s decision to abstain from enjoining a state action brought by a California county district attorney (DA) against a national bank, concluding that the enforcement action was not an exercise of “visitorial powers.” According to the opinion, the DA launched an investigation into the bank’s vendor and issued the bank an investigative subpoena seeking records of its banking activities. The bank objected, claiming the request “improperly infringes on the exclusive visitorial powers of the [OCC]” because it sought to inspect the bank’s books and records. The bank subsequently filed a complaint in the U.S. District Court for the Central District of California asking the court to enjoin the state action and requesting injunctive relief to prevent the DA from taking any action to enforce federal and state lending, debt collection, and consumer laws against the bank, or from exercising visitorial powers in violation of the National Bank Act (NBA). The DA withdrew his investigative subpoena and moved to dismiss for lack of subject matter jurisdiction on the ground that the case was now moot. The motion to dismiss was denied on the premise that the DA had not demonstrated that a “renewed investigative subpoena against [the bank] ‘could not be reasonably be expected.’”
The DA then filed a complaint in state court claiming the bank violated California law by hiring a third-party vendor to place “extensive harassing” debt collection phone calls to residents in the state. The complaint alleged violations of California’s Unfair Competition Law, the Rosenthal Fair Debt Collections Practices Act, and the right to privacy under the California Constitution. In federal court, the bank moved for summary judgment, arguing that the state action was an improper exercise of visitorial powers. The district court, however, ruled that the Younger v. Harris abstention (in which a federal court refrains from staying or enjoining pending state criminal prosecutions absent extraordinary circumstances or state civil enforcement actions when certain conditions are met) applied. The bank appealed.
The 9th Circuit considered two questions: (i) whether the Younger abstention was correctly applied, and (ii) whether the DA’s state court action “was an impermissible exercise of visitorial powers vested exclusively with the OCC.” The 9th Circuit held that the district court was correct in applying the Younger abstention doctrine because (i) “the state action qualified as an ‘ongoing’ judicial proceeding because no proceedings of substance on the merits had taken place in the federal action”; (ii) the state court action implicated an important state interest in consumer protection and nothing in federal law bars a DA from suing a national bank; (iii) the bank had the option to raise a federal defense under the NBA in the state court action; and (iv) the injunction the bank requested in the federal action would interfere with the state court proceeding. The 9th Circuit also rejected the bank’s arguments that the state action constituted an illegal exercise of visitorial powers that only belongs to the OCC or state attorneys general. The 9th Circuit cited the U.S. Supreme Court’s decision in Cuomo v. Clearing House Ass’n, L.L.C., in which the high court “held that bringing a civil lawsuit to enforce a non-preempted state law is not an exercise of visitorial powers,” and that “a sovereign’s ‘visitorial powers’ and its power to enforce the law are two different things.” Relying on the Cuomo holding, the 9th Circuit found that accepting the bank’s position “would mean that actions brought against national banks by federal or state agencies or, for that matter, individuals would be forbidden as unlawful exercises of visitorial powers.” “Such a result is wrong. It contradicts established law and is unsupported by any legal authority cited by [the bank]” and would additionally “raise serious anti-commandeering concerns under the Tenth Amendment.”
DFPI settles with student loan debt relief company
On February 28, the California Department of Financial Protection and Innovation (DFPI) announced a settlement with an unlicensed student debt relief company and its owner. The announcement is part of the DFPI’s continued crackdown on student loan debt relief companies found to have violated the California Consumer Financial Protection Law (CCFPL), the Student Loan Servicing Act (SLSA), and the Telemarketing Sales Rule (TSR). According to the settlement, a DFPI inquiry into the company’s practices found that since at least 2018, the company placed unsolicited phone calls to consumers advertising its student loan forgiveness and modification services. The company allegedly gave borrowers the impression that it was a part of, or affiliated with, an official government agency, and would act “as an intermediary between borrowers and the borrowers’ lenders or loan servicers with the goal of helping those consumers lower or eliminate their student loan debts.” The DFPI found that since 2018 at least 790 California consumers enrolled in the company’s debt relief program, whereby the company collected at least $713,000 through up-front servicing fees ranging from $116 to $2,449 from California consumers. By allegedly engaging in unlicensed student loan servicing activities, engaging in unlawful, unfair, deceptive, or abusive acts or practices with respect to consumer financial products or services, and by charging advance fees for debt relief services, the DFPI claimed the company violated the SLSA, CCFPL, and TSR.
Under the terms of the consent order, the company and owner must desist and refrain from engaging in the alleged conduct, rescind all debt relief, debt management, or debt consulting service agreements, and issue refunds to California consumers. The owner is also ordered to “desist and refrain from owning, managing, operating, or controlling any entity that services student loans, or which offers or provides any consumer financial products or services as defined by the CCFPL, unless and until he or the entity has the applicable approvals from the DFPI and is in compliance with the SLSA, CCFPL, TSR, and the Federal Trade Commission Act.”
DFPI modifies CCFPL proposal
On February 24, the California Department of Financial Protection and Innovation (DFPI) released modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. As previously covered by InfoBytes, DFPI issued a notice of proposed rulemaking (NPRM) last June to implement sections 22159, 22800, 22804, 90005, 90009, 90012, and 90015 of the CCFPL related to the offering and provision of commercial financing and other financial products and services to small businesses, nonprofits, and family farms. According to DFPI, section 22800 subdivision (d) authorizes the Department to define unfair, deceptive, and abusive acts and practices in connection with the offering or provision of commercial financing. Section 90009, subdivision (e), among other things, authorizes the Department’s rulemaking to include data collection and reporting on the provision of commercial financing or other financial products and services.
After considering comments received on the NPRM, changes proposed by the DFPI include the following:
- Amended definitions. The proposed modification defines a “commercial financing transaction” to mean “a consummated commercial financing transaction for which a disclosure is provided in accordance with California Code of Regulations, title 10, section 920, subdivision (a).” The modifications to the definitions also amend a “covered provider” to exclude “any person exempted from division 24 of the Financial Code under Financial Code section 90002,” and defines a “small business” to be “a business entity organized for profit with annual gross receipts of no more than $16,000,000 or the annual gross receipt level as biennially adjusted by the Department of General Services in accordance with Government Code section 14837, subdivision (d)(3), whichever is greater.” In determining a business entity’s annual gross receipts, the proposed modifications state that covered providers “may rely on any relevant written representation by the business entity, including information provided in any application or agreement for commercial financing or other financial product or service.”
- UDAAP. In addition to making several technical changes, the proposed modifications clarify that “[i]t is unlawful for a covered provider to engage or have engaged in any unfair, deceptive, or abusive act or practice in connection with the offering or provision of commercial financing or another financial product or service to a covered entity.” The changes remove text that would have made it unlawful should a covered provider “propose to engage” in any if these practices.
- Annual reporting requirements. The proposed modifications specify that covered providers who offer commercial financing will be required to electronically file reports to the DFPI on or before March 15 of each year starting in 2025. The proposed changes to the reporting requirements also clarify certain terms, address when covered providers are not required to calculate or report certain information, and stipulate that covered providers “licensed under division 9 (commencing with section 22000) of the Financial Code shall not include in the report required under this section information for activity conducted under the authority of that license.”
Comments on the proposed modifications are due March 15.
New York AG sues crypto trading platform for failing to register
On February 22, the New York attorney general filed a petition in state court against a virtual currency trading platform (respondent) for allegedly failing to register as a securities and commodities broker-dealer and falsely representing itself as a cryptocurrency exchange. The respondent’s website and mobile application enable investors to buy and sell cryptocurrency, including certain popular virtual currencies that are allegedly securities and commodities. According to the AG, securities and commodities brokers are required to register with the state, which the respondent allegedly failed to do. The AG further maintained that the respondent claimed to be an exchange but failed to appropriately register with the SEC as a national securities exchange or be designated by the CFTC as required under New York law. Nor did the respondent comply with a subpoena requesting additional information about its crypto-asset trading activities in the state, the AG said. The state seeks a court order (i) preventing the respondent from misrepresenting that it is an exchange; (ii) banning the respondent from operating in the state; and (iii) directing the respondent to undertake measures to prevent access to its mobile application, website, and services from within New York.
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.