InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Split 9th Circuit: Nevada’s medical debt collection law is not preempted
The U.S. Court of Appeals for the Ninth Circuit recently issued a split decision upholding a Nevada medical debt collection law after concluding the statute was neither preempted by the FDCPA or the FCRA, nor a violation of the First Amendment. SB 248 took effect July 1, 2021, in the wake of the Covid-19 pandemic, and requires debt collection agencies to provide written notification to consumers 60 days “before taking any action to collect a medical debt.” Debt collection agencies are also barred from taking any action to collect a medical debt during the 60-day period, including reporting a debt to a consumer reporting agency.
Plaintiffs, a group of debt collectors, sued the Commissioner of the Financial Institutions Division of Nevada’s Department of Business and Industry after the bill was enacted, seeking a temporary restraining order and a preliminary injunction. In addition to claiming alleged preemption by the FDCPA and the FCRA, plaintiffs maintained that SB 248 is unconstitutionally vague and violates the First Amendment. The district court denied the motion, ruling that none of the arguments were likely to succeed on the merits.
In agreeing with the district court’s decision, the majority concluded that SB 248 is not unconstitutionally vague with respect to the term “before taking any action to collect a medical debt” and that any questions about what constitute actions to collect a medical debt were addressed by the statute’s implementing regulations. With respect to whether SB 248 violates the First Amendment, the majority held that debt collection communications are commercial speech and thus not subject to strict scrutiny. As to questions of preemption, the majority determined that SB 248 is not preempted by either the FDCPA or the FCRA. The majority explained that furnishers’ reporting obligations under the FCRA do not include a deadline for when furnishers must report a debt to a CRA and that the 60-day notice is not an attempt to collect a debt and therefore does not trigger the “mini-Miranda warning” required in a debt collector’s initial communication stating that “the debt collector is attempting to collect a debt.”
The third judge disagreed, arguing, among other things, that the majority’s “position requires setting aside common sense” in believing that the FDCPA does not preempt SB 248 because the 60-day notice is not an action in connection with the collection of a debt. “The only reason that a debt collector sends a Section 7 Notice is so that he can later start collecting a debt,” the dissenting judge wrote. “It is impossible to imagine a situation where a debt collector would send such a notice except in pursuit of his goal of ultimately obtaining payment for (i.e., collecting) the debt.” The dissenting judge further argued that by delaying the reporting of unpaid debts, SB 248 conflicts with the FCRA’s intention of ensuring credit information is accurately reported.
DOJ and FTC find UDAPs in handling of women’s health data
On June 23, the DOJ and FTC announced the government has obtained substantial injunctive relief, and that the department will collect $100,000 in civil penalties, from an Illinois-based healthcare corporation pursuant to a stipulated federal court order. In the complaint, the United States claimed that the corporation violated Section 5 of the FTC Act, in which the defendant engaged in unfair and deceptive acts in connection with its period and ovulation tracking mobile app. The government alleged that the corporation shared consumers’ persistent identifiers and sensitive personal information to third-party companies without user notice or consent. Additionally, the corporation allegedly failed to disclose how those third-party companies would use consumers’ personal information. The complaint also alleges the corporation failed to take “reasonable measures” surrounding data and privacy risk when they integrated third-party software into the mobile application, and that they violated the HBNR.
The order entered by the court requires that the corporation: (i) “implement a comprehensive privacy and data security program with safeguards to protect consumer data”; (ii) “hire an independent third-party to regularly assess its compliance with the privacy program for a period of 20 years”; (iii) “[is] enjoined from sharing health information with third-parties for advertising purposes, from sharing health information with third-parties for other purposes without obtaining users’ affirmative express consent, and from making misrepresentations about [the corporation’s] privacy practices”; and (iv) comply with the HBNR’s notification provisions in any future breach of Security.
EU court says banks must meet GDPR obligation on data processing
On June 22, the Court of Justice of the European Union (CJEU) issued a judgment concluding that banks are not exempt from providing information upon request about when and why an individual’s data was accessed. However, banks are not necessarily required to name the people who accessed the data, the CJEU said. The Administrative Court of Eastern Finland issued a request for a preliminary ruling in an action seeking clarification on individuals’ rights when requesting information on data processing. The press release explained that a bank employee (who was also a customer of the bank) discovered that other bank employees consulted his personal data on several occasions. Doubting the lawfulness of these consultations, the now-former employee asked the bank for information on who accessed his data, the exact dates of the consultations, and the reasons why his data had been processed. The bank explained that it had consulted his data to check for a possible conflict of interest, but refused to disclose the employees’ identities, reasoning that this information “constituted the personal data of those employees.” A request made by the former employee to Finland’s Data Protection Supervisor’s Office to order the bank to provide him with the requested information was rejected, so the former employee brought an action before the Administrative Court of Eastern Finland, asking the Court of Justice to interpret Article 15 of the General Data Protection Regulation (GDPR).
The CJEU clarified, among other things, that while the GDPR gives individuals the right to access information about why and when their data was accessed (including information relating to consultation operations carried out on the former employee’s personal data), it does not grant a right to know who accessed the information when following a controller’s instructions “unless that information is essential in order to enable the data subject effectively to exercise the rights conferred on him[.]” The CJEU acknowledged, however, that a “balance will have to be struck between the rights and freedoms in question” and that “[w]herever possible, means of communicating personal data that do not infringe the rights or freedoms of others should be chosen.” Furthermore, the CJEU determined that the fact that the controller is a bank, and that the former employee was both an employee of the bank and a customer, “has, in principle, no effect on the scope of the right conferred on that data subject.”
CFPB, FTC, and consumer advocates ask 7th Circuit to review redlining dismissal
The CFPB recently filed its opening brief in the agency’s appeal of a district court’s decision to dismiss the Bureau’s claims that a Chicago-based nonbank mortgage company and its owner violated ECOA by engaging in discriminatory marketing and consumer outreach practices. As previously covered by InfoBytes, the Bureau sued the defendants in 2020 alleging fair lending violations predicated, in part, on statements made by the company’s owner and other employees during radio shows and podcasts. The agency claimed that the defendants discouraged African Americans from applying for mortgage loans and redlined African American neighborhoods in the Chicago area. The defendants countered that the Bureau improperly attempted to expand ECOA’s reach and argued that ECOA “does not regulate any behavior relating to prospective applicants who have not yet applied for credit.”
In dismissing the action with prejudice, the district court applied step one of the Chevron framework (which is to determine “whether Congress has directly spoken to the precise question at issue”) when reviewing whether the Bureau’s interpretation of ECOA in Regulation B is permissible. The court concluded, among other things, that Congress’s directive does not apply to prospective applicants.
In its appellate brief, the Bureau argued that the long history of Regulation B supports the Bureau’s interpretation of ECOA, and specifically provides “that ‘[a] creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application.” While Congress has reviewed ECOA on numerous occasions, the Bureau noted that it has never challenged the understanding that this type of conduct is unlawful, and Congress instead “created a mandatory referral obligation [to the DOJ] for cases in which a creditor has unlawfully ‘engaged in a pattern or practice of discouraging or denying applications for credit.’”
Regardless, “even if ECOA’s text does not unambiguously authorize Regulation B’s prohibition on discouraging prospective applicants, it certainly does not foreclose it,” the Bureau wrote, pointing to two perceived flaws in the district court’s ruling: (i) that the district court failed to recognize that Congress’s referral provision makes clear that “discouraging . . . applications for credit” violates ECOA; and (ii) that the district court incorrectly concluded that ECOA’s reference to applicants “demonstrated that Congress foreclosed prohibiting discouragement as to prospective applicants.” The Bureau emphasized that several courts have recognized that the term “applicant” can include individuals who have not yet submitted an application for credit and stressed that its interpretation of ECOA, as reflected in Regulation B’s discouragement prohibition, is not “arbitrary, capricious, or manifestly contrary to the statute.” The Bureau argued that under Chevron step two (which the district court did not address), Regulation B’s prohibition on discouraging prospective applicants from applying in the first place is reasonable because it furthers Congress’ efforts to prohibit discrimination and ensure equal access to credit.
Additionally, the FTC filed a separate amicus brief in support of the Bureau. In its brief, the FTC argued that Regulation B prohibits creditors from discouraging applicants on a prohibited basis, and that by outlawing this type of behavior, it furthers ECOA’s purpose and prevents its evasion. In disagreeing with the district court’s position that ECOA only applies to “applicants” and that the Bureau cannot proscribe any misconduct occurring before an application is filed, the FTC argued that the ruling violates “the most basic principles of statutory construction.” If affirmed, the FTC warned, the ruling would enable creditor misconduct and “greenlight egregious forms of discrimination so long as they occurred ‘prior to the filing of an application.’”
Several consumer advocacy groups, including the National Fair Housing Alliance and the American Civil Liberties Union, also filed an amicus brief in support of the Bureau. The consumer advocates warned that “[i]nvalidating ECOA’s longstanding prohibitions against pre-application discouragement would severely limit the Act’s effectiveness, with significant consequences for communities affected by redlining and other forms of credit discrimination that have fueled a racial wealth gap and disproportionately low rates of homeownership among Black and Latino households.” The district court’s position would also affect non-housing credit markets, such as small business, auto, and personal loans, as well as credit cards, the consumer advocates said, arguing that such limitations “come at a moment when targeted digital marketing technologies increasingly allow lenders to screen and discourage consumers on the basis of their protected characteristics, before they can apply.”
CFPB opposes Texas bankers’ request to delay small biz lending rule
The CFPB recently asked a district court in the 5th Circuit to deny a proposed injunction which would delay the implementation of its small-business lending data collection rule, arguing that plaintiffs have failed to establish standing or meet the requirements for preliminary relief. As previously covered by InfoBytes, plaintiffs (including a Texas banking association and a Texas bank) sued the Bureau, challenging the agency’s final rule on the collection of small business lending data. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year.
Plaintiffs explained in their complaint that the goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs also argued that the final rule is invalid because the Bureau’s funding structure is unconstitutional and that certain aspects of the final rule allegedly violate various requirements of the Administrative Procedure Act. Last month, plaintiffs filed a preliminary injunction motion asking the court to enjoin the final rule and stay the compliance deadlines.
Claiming plaintiffs failed to establish standing for preliminary relief, the Bureau argued that the Texas bank has not demonstrated that it would even have to comply with the final rule. The Bureau further maintained plaintiffs have also not satisfied all four factors required for preliminary relief, including that plaintiffs “have not shown that irreparable harm is imminent or that the balance of equities favors the requested relief,” which would lead to the postponement of reporting requirements mandated by Congress more than ten years ago. With respect to the funding structure constitutionality concerns raised by plaintiffs, the Bureau argued that “even assuming that [p]laintiffs have shown a likelihood of ultimately succeeding on the merits … that factor standing alone would not be enough to warrant preliminary relief.” The Bureau asked the court to, at a minimum, tailor any relief to apply only to plaintiffs and members who would face imminent harm absent such relief.
7th Circuit: Insurer required to cover BIPA defense
On June 15, the U.S. Court of Appeals for the Seventh Circuit upheld a district court’s ruling requiring an insurance company to defend an Illinois-based IT company against two putative class actions alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The insurance company sued for a declaration that, under its business liability insurance policy, it has no obligation to indemnify or defend the IT company in the two class actions. Class members alleged the IT company acted as a vendor for a company that “scraped” more than 3 billion facial scans and converted them into biometric facial recognition identifiers, which were then paired to images on the internet and sold via a database to the Chicago Police Department, in violation of BIPA.
The insurance company’s policy bars coverage for any distribution of material in violation of certain specific statutes or in violation of “[a]ny other laws, statutes, ordinances, or regulations” and asserted that this catch-all provision includes BIPA. The district court disagreed, ruling that the language of the policy’s statutory violations exclusion was “intractably ambiguous” and did not explicitly bar coverage of the underlying suits.
On appeal, the 7th Circuit agreed that the district court was correct in determining that a plain-text reading of the insurance policy’s “broad” and ambiguous catch-all coverage exclusion for “personal or advertising injury” would “swallow a substantial portion of the coverage that the policy otherwise explicitly purports to provide.” The 7th Circuit held that “the broad language of the catch-all exclusion purports to take away with one hand what the policy purports to give with the other in defining covered personal and advertising injuries.”
Although the 7th Circuit considered whether there was a “common element” related to privacy in the enumerated statutes that could be read to include BIPA, ultimately the appellate court determined that nothing in the exclusion language “points to privacy as the focus of the exclusion.”
7th Circuit: No causation in FCA claims against mortgage servicer
On June 14, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s grant of summary judgment in favor of a defendant mortgage servicer, holding that while the plaintiff had sufficient proof of materiality with respect to alleged violations of the False Claims Act (FCA), plaintiff failed to meet her burden of proof on the element of causation. Plaintiff (formerly employed by the defendant as an underwriter) alleged the defendant made false representations to HUD in the course of certifying residential mortgage loans for federal insurance coverage. She maintained that HUD would not have endorsed the loans for federal insurance if it had known defendant was not satisfying the agency’s minimum underwriting guidelines. Defendant moved for summary judgment after the district court excluded the bulk of plaintiff’s “expert opinion,” arguing that plaintiff could not meet her evidentiary burden on the available record. The district court sided with defendant, ruling that as a matter of law, plaintiff could not prove either materiality (due to the lack of evidence that would allow “a reasonable factfinder to conclude that HUD viewed the alleged underwriting deficiencies as important”) or causation (the false statement caused the government’s loss).
On appeal, the 7th Circuit explained that to show proximate causation, plaintiff was required to identify evidence indicating that the alleged false certifications in reviewed loans were the foreseeable cause of later defaults, as defaults trigger HUD’s payment obligations. The appellate court noted that “it is not clear how a factfinder would even spot the alleged false statement in each loan file, let alone evaluate its seriousness and scope.” Without further evidence indicating how defendant’s alleged misrepresentations caused subsequent defaults, the plaintiff’s claims could not survive summary judgment.
However, the 7th Circuit disagreed with the district court’s reasoning with respect to materiality under the FCA. Although the district court held that plaintiff had failed to establish materiality, the appellate court determined that because HUD’s regulations “provide some guidance, in HUD’s own voice, about the false certifications that improperly induce the issuance of federal insurance, and those are precisely the false certifications present here” there was enough evidence to “clear the summary judgment hurdle” on this issue.
District Court: Servicer’s QWR responses did not violate RESPA
The U.S. District Court for the Western District of Washington recently granted summary judgment in favor of a defendant mortgage servicer related to alleged RESPA violations concerning qualified written requests and notices of error. Plaintiff entered into a permanent loan modification for which she made timely payments until she applied for new financing. One year later, plaintiff noticed a deferred principal balance that she claimed was not listed on her 2019 loan modification agreement. Plaintiff asserted that she called seeking to have the deferred principal balance removed and sent a notice of error (NOE) letter to the defendant, claiming, among other things, that the loan documentation did not mention the deferred amount. Defendant acknowledged the NOE and timely responded that the modification agreement included the deferred principal balance.
In granting defendant’s motion for summary judgment, the court held that while plaintiff’s allegations “are framed as a RESPA violation … [p]laintiff’s true concern is that [defendant] misrepresented the terms of the 2019 loan modification.” The defendant, however, complied with RESPA by providing “a statement of the reasons for which the servicer believes the account of the borrower is correct as determined by the servicer,” and plaintiff’s “disagreement with the servicer’s determination does not create a claim under RESPA.” Further, the court found that the deferred principal balance was in fact included on the executed loan modification agreement, and that the plaintiff did not suffer any actual harm under RESPA or otherwise.
CFTC shuts down illegal trading platform
The U.S. District Court for the Northern District of California recently granted the CFTC’s motion for default judgment in an action accusing a decentralized autonomous organization of violating the Commodity Exchange Act (CEA) by operating an illegal trading platform and unlawfully acting as a futures commission merchant. (See also CFTC press release here.) The CFTC maintained that the organization’s platform and its blockchain-based software “protocol” enables users to engage in retail commodity transactions but does not provide protections or other requirements mandated under the statute. In addition to unlawfully offering leveraged and margined retail commodity transactions outside of a registered exchange, the organization is charged with failing to comply with Bank Secrecy Act obligations applicable to future commission merchants, including implementing a customer information program or conducting know your customer procedures. The default judgment requires the organization to shutter its website and remove its content from the internet, and orders permanent trading and registration bans. The organization also must pay a $643,542 civil money penalty and is enjoined from future violations of the CEA.
District Court says MLA’s statute of limitations begins upon discovery of facts
The U.S. District Court for the Eastern District of Virginia recently granted an installment lender’s motion to dismiss, ruling that most of the class members’ claims are time-barred by the Military Lending Act’s (MLA) two-year statute of limitations. Plaintiffs are active duty servicemembers who entered into installment loans with the defendant. Claiming four violations of the MLA, plaintiffs alleged the defendant (i) extended loans with interest rates exceeding the MLA’s 36 percent interest rate cap; (ii) extended loans that involved roll overs of prior loans; (iii) required plaintiffs to agree to repayment by allotment (with a backup preauthorized electronic fund transfer) as a condition to receiving a loan; and (iv) required plaintiffs to provide a security interest in their bank accounts as a condition for receiving a loan. Plaintiff sought to certify a class covering the five years preceding the date the complaint was filed. Defendant moved to dismiss, arguing that plaintiffs have only been harmed by technical violations of the MLA and did not suffer a concrete injury. Plaintiffs countered that the defendant’s MLA violations caused them to sustain injuries from making payments, including interest payments, “on loans that were ‘void from [their] inception’ [] due to their unlawful refinancing, allotment, and security interest requirements.”
The court reviewed a significant issue raised by the parties’ differing interpretations of the MLA’s statute of limitations and its applicability to plaintiffs’ loans. Specifically, the parties disagreed as to whether “discovery by the plaintiff of the violation,” which triggers the two-year limitations period, requires that a plaintiff only discover the facts constituting the basis for the violation, as argued by the defendant, or instead requires that a plaintiff also know that the MLA was violated, as the plaintiffs argued. While acknowledging that the text in question is inconclusive, the court stated that since the MLA “does not require ‘discovery’ of both the ‘violation’ and ‘liability’ but only the ‘violation that is the basis for such liability,’ the text appears to support the interpretation that only discovery of the violative conduct is required, and
not discovery of the actionability of that conduct.” The court also reviewed other federal statutory discovery rules where other courts “have consistently found that ‘discovery’ requires that a plaintiff have knowledge only of the facts constituting the violation and not the legal implications of those facts.” Relying on this, as well as other court interpretations, the court determined that “the two-year limitations period is triggered when a plaintiff discovers the facts
constituting the basis for the MLA violation and not when the plaintiff recognizes that these facts
support a legal claim.” Thus, the court found that most of the loans underlying the claims are time-barred.
However, for loans that fell within the applicable limitations period, the court granted defendant’s motion to dismiss for failure to state a claim, concluding, among other things, that a creditor is not prohibited from taking a security interest in a plaintiff’s bank account by way of a preauthorized electronic fund transfer provided the military annual percentage rate does not exceed the allowable 36 percent (a claim, the court noted, plaintiffs dismissed and did not otherwise address). Moreover, the court determined that plaintiffs failed to allege that the defendant was a “creditor” under the narrower definition used by the MLA in its refinancing and roll-over prohibition or that the defendant’s “characterization of the convenience of repayment by allotment amounted to a misrepresentation or concealment of facts giving rise to plaintiffs’ MLA claim.”