InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB contests motions for preliminary injunctions to block enforcement of Small Business Lending Rule
On August 22, the CFPB filed an opposition to a motion made by a group of intervenors seeking to expand the scope of a preliminary injunction issued by the U.S. District Court for the Southern District of Texas, which enjoined the CFPB from implementing its Small Business Lending Rule. As previously covered by InfoBytes, the original plaintiffs in the litigation, a Texas banking association and a Texas bank, challenged the legality of the CFPB’s Small Business Lending Rule. After the American Bankers Association joined the case, the plaintiffs sought, and the court granted, a preliminary injunction enjoining implementation and enforcement of the rule against plaintiffs and their members. The intervenors, who consist of both banking and credit union trade associations, as well as individual banks and credit unions, seek a nationwide injunction that would apply beyond the parties to the case, or at least to the intervenors and their members. The CFPB’s opposition to this request for an expanded preliminary injunction argues that the intervenors fail to show that they would suffer immediate harm from enforcement of the Small Business Lending Rule.
In a related matter, on August 21, a group of Kentucky banks and a Kentucky banking association filed a motion for a preliminary injunction in the U.S. District Court for the Eastern District of Kentucky against the CFPB, seeking a preliminary injunction enjoining the CFPB from enforcing the Small Business Lending Rule against the plaintiffs and their members. Referencing the parallel Texas litigation, the Kentucky plaintiffs allege that they are entitled to an order enjoining enforcement of the Small Business Lending Rule against them for the same reasons that the Texas district court enjoined enforcement of the rule.
The most recent litigation activity follows a request from a group of trade associations to the CFPB to take administrative action to address the disparity in compliance dates that results from the district court’s injunction, a disparity that the trade associations argue is both unfair and disruptive to the market’s compliance efforts. The CFPB declined this request.
Both of these challenges to the Small Business Lending Rule point to a recent decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here), as justification for why the final rule should ultimately be set aside.
7th Circuit affirms dismissal of proposed Driver’s Privacy Protection Act class action
On August 22, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a proposed class action alleging that defendant insurance companies leaked the plaintiffs’ drivers license numbers, holding that the plaintiffs lacked standing to sue the insurance companies. In a split decision, the majority opinion held that plaintiffs failed to establish standing to bring a lawsuit under the Driver’s Privacy Protection Act (DPPA) based on the unauthorized disclosure of their driver’s license numbers through a form on defendant’s website. The majority held that plaintiffs failed to allege a concrete injury, writing that allegations that plaintiffs are worried about future identity theft stemming from the disclosure are insufficient for standing, focusing on legitimate reasons why driver’s license numbers are commonly exposed to third-parties. The majority further held that plaintiffs failed to allege that false unemployment benefit applications submitted in their name were traceable to the disclosure of their driver’s license number, dooming their standing claim. In a dissent, Judge Kenneth Ripple disagreed with the majority’s conclusion that plaintiffs failed to make sufficient allegations to justify standing, reasoning that the DPPA contemplates a private right of action for the types of harms suffered by the plaintiffs and that plaintiffs adequately alleged that they suffered harm from false unemployment benefit applications submitted as a result of the driver’s license number leak.
2nd Circuit affirms leveraged loans are not securities
On August 24, the U.S. Court of Appeals for the Second Circuit affirmed a district court’s order dismissing plaintiff’s claim that a national bank’s nearly $1.8 billion syndicated loan for a drug testing company were securities. The drug testing company filed for bankruptcy subsequent to a $256 million global settlement with the DOJ in qui tam litigation involving the company’s billing practices.
Plaintiff, a trustee of the drug testing company, brought claims to the New York Supreme Court in 2017 against defendant for violations of (i) state securities laws; (ii) negligent misrepresentation; (iii) breach of fiduciary duty; (iv) breach of contract; and (v) breach of the implied contractual duty of good faith and fair dealing. Defendant filed a notice of removal to the U.S. District Court for the Southern District of New York, where the district court denied plaintiff’s motion to remand after concluding it had jurisdiction under the Edge Act, and later granted defendant’s motion to dismiss because plaintiff failed to plead facts plausibly suggesting the notes are securities.
The 2nd Circuit held that the district court had subject matter jurisdiction pursuant to the Edge Act. The court then applied a “family resemblance” test to determine whether a note is a security and examined four separate factors to help uncover the context of a note. In comparing the loan note to “judicially crafted” list of instruments that are not securities, the court found that the defendant’s note “‘bears a strong resemblance’” to one, therefore concluding that the note is not a security and affirming the district court’s earlier decision.
2nd Circuit affirms dismissal of FCA claims following government motion to dismiss
On August 21, the U.S. Court of Appeals for the Second Circuit upheld the dismissal of a whistleblower False Claims Act (FCA) case, holding that FCA qui tam relator complaints may be dismissed upon the government’s motion without a hearing, provided the district court consider the parties’ arguments. The plaintiff qui tam here alleged that a bank (defendant) failed to pay penalties to the government for violating economic sanctions. Plaintiff’s complaint specifically alleged that defendant facilitated illegal transactions violating economic sanctions and defrauded the government by concealing the extent of its illegal activities during negotiation of a deferred prosecution agreement. In a summary order without precedential effect, the 2nd Circuit upheld the dismissal of plaintiff’s complaint.
Plaintiff’s complaint was initially dismissed by the district court following a motion to dismiss by the government, which intervened in the action to argue that the complaint should be dismissed because it lacked merit and would waste government resources. Consideration of plaintiff’s appeal of the dismissal was delayed until after the Supreme Court issued a decision in Polansky v. Executive Health Resources, Inc., a different FCA case raising applicable issues regarding when the government has the authority to force the dismissal of an FCA case brought by a whistleblower.
Following the Supreme Court’s ruling in Polansky, the 2nd Circuit upheld the dismissal of plaintiff’s complaint, reasoning that district court properly dismissed the qui tam relator claim after the government’s intervention seeking dismissal, since the defendant bank had not yet answered the complaint or moved for summary judgment. The 2nd Circuit held that “the district met the hearing requirement” established by Polansky for dismissing qui tam relator cases through its careful consideration of the briefs and materials submitted by the parties. In reaching this conclusion, the 2nd Circuit noted that Polansky does “not mandate universal requirements” for an FCA hearing in every case. The 2nd Circuit also rejected plaintiff’s due process arguments, plaintiff’s claim that the court failed to evaluate defendant’s settlement with the government resolving related criminal and administrative violations, and plaintiff’s claim that the district court erred in denying its motion for an indicative ruling, based on new evidence published while the appeal was pending.
FTC, DOJ issue permanent injunction and civil penalty for violations of CAN-SPAM Act
On August 22, the DOJ and the FTC jointly announced a permanent injunction and civil penalty of $650,000 against a company that offers credit information, analytical tools, and marketing services for alleged violations of the CAN-SPAM Act, the CAN-SPAM Rule, and the FTC Act. The case, which was filed in the District Court for the Central District of California, asserts that millions of commercial emails sent to consumers did not give the recipients requisite notice of the option to opt-out of future such emails, in violation of the CAN-SPAM Act and Rule. The order enjoined the company from sending commercial emails that do not provide notice of the recipient’s ability to opt-out of future emails, it also enjoins the company from otherwise violating the CAN-SPAM Act, and subjects it to a civil penalty judgment of $650,000.
District Court files temporary restraining order to stop scammers in FTC suit
On August 21, the FTC announced it has stopped California-based scammers (defendants) who allegedly preyed on students seeking debt relief by pretending to be affiliated with the Department of Education. According to the August 14 complaint, since at least 2019, the defendants allegedly targeted students and illegally collected $8.8 million in advance fees in exchange for student loan debt relief services that did not exist. The defendants allegedly misled consumers by charging them for services that are free through the Department of Education, claiming consumers needed to pay fees or make payments to access federal student loan forgiveness, using names like "Biden Loan Forgiveness," that does not correspond to any actual government program. For instance, one consumer was asked to pay $375 for a processing fee to have up to $20,000 in loans forgiven because of a Pell Grant. Another was told they would get a $10,000 reduction in their loan balance and a new repayment plan with six $250 monthly payments under the “student loan forgiveness program.” The FTC alleges violations of Section 5 of the FTC Act, which prohibits deceptive acts or practices, TCPA, and the Gramm-Leach-Bliley Act. The complaint also alleges that the defendants used such misrepresentations to illegally obtain consumers’ banking information, and typically collected hundreds of dollars in unlawful advance fees—sometimes through remotely created checks in violation of the Telemarketing Sales Rule. The U.S. District Court of the Central District of California filed a temporary restraining order, resulting in an asset freeze, among other things. The FTC seeks preliminary, and permanent injunctive relief, monetary relief, and other relief.
District court declines to reconsider BIPA accrual ruling
On August 14, an Illinois District Court denied in part and granted in part a tech company’s motion to dismiss a class-action suit that alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”). The complaint alleged that the tech giant failed to safeguard the facial data in its photo service as closely as it protected other types of data and violated its own policy governing biometric identifier storage. BIPA requires companies to store, transmit, and protect biometric data using the reasonable standard of care within the company’s industry and to protect that data in either the same or more protective manner as it protects other types of confidential data.
In permitting the complaint to move forward, the court noted that the defendant’s internal documents allegedly show that it made minimal investment in its photo service and made no attempt to identify flaws in the system. Further, the court referred to allegations in the complaint that the defendant devotes fewer resources and staffing to protecting the photo service. The court noted that the allegations were sufficient because the lack of protocols made consumers’ critical metadata “vulnerable to attacks.”
In granting the motion related to violation of the defendant’s policies, the court noted that plaintiffs did not show they were personally injured by the alleged violation. The defendant’s policy requires it to delete files for accounts that have been abandoned for two years, for which image recognition was disabled, or where user deleted their photo account. However, the court concluded that the complaint did not allege that plaintiffs did any of these actions.
USDA urges Supreme Court to overturn FCRA 3rd Circuit ruling
On August 15, the USDA filed a brief urging the U.S. Supreme Court to overturn a U.S. Court of Appeals for the Third Circuit decision to reverse its FCRA lawsuit brought by a plaintiff who alleged that the consumer credit reporting agency reported two loans as past due even though he claimed both were closed with a $0 balance. In August 2022, the 3rd Circuit reversed a district court’s decision to grant a student loan servicer, consumer credit reporting agency, and the USDA’s (defendants) motion to dismiss a case finding that Congress unambiguously waived the government’s sovereign immunity in enacting FCRA (covered by InfoBytes here). The USDA argues that the district court was wrong in its decision, and that the FCRA does not waive the U.S.’s sovereign immunity for claims under 15 U.S.C. 1681n and 1681o because, among other things, (i) a waiver of sovereign immunity requires “unmistakably clear” statutory language; (ii) the FCRA does not create a cause of action that “‘expressly authorizes suits against sovereigns,’ and ‘recognizing immunity’ would ‘negate[]’ that express authorization”; (iii) the FCRA uses “persons” in a way that does not distinguish between sovereign and non-sovereign senses; (iv) “inexplicable incongruencies” with the term “person” within the context of §§ 1681n and 1681o includes a sovereign entity, which would not only expose the federal government but also individual states to potential lawsuits seeking monetary damages; and (v) interpreting the FCRA to permit lawsuits against the U.S. would significantly broaden the scope of liability for federal agencies, creating “overlap” already provided by the Privacy Act.
District Court dismisses suit challenging Biden’s student debt relief plan
On August 14, the U.S. District Court for the Eastern District of Michigan dismissed without prejudice a lawsuit filed against the federal government aimed at blocking the Biden administration’s effort to provide debt relief to student borrowers (covered by InfoBytes here). U.S. District Judge Thomas L. Ludington held that the plaintiffs lacked standing because they failed to plausibly demonstrate how the government’s plans would impact their efforts to recruit participants as qualified employers under the Public Service Loan Forgiveness program. The court detailed that “[Plaintiffs] merely make vague and conclusory statements that some ‘undisclosed’ number of borrowers will receive credit toward loan forgiveness for some periods of forbearance” but “do not allege that any current employee received Adjustment credit.” Furthermore, any such “hypothetical injur[y]” would be traceable to “Plaintiffs’ own employees or prospective employees, not the Adjustment.” Because there was no standing, the court dismissed the complaint without prejudice and denied the plaintiffs’ motion for a temporary restraining order and preliminary injunction as moot.
District Court splits order against crypto platform
On August 11, a split U.S District Court of the Southern District of New York partially granted and partially denied a crypto platform’s (defendant) motion to dismiss most charges for failure to state a claim upon which relief can be granted. Four months after plaintiff opened an account with defendant, a hacker siphoned approximately $5 million worth of Bitcoin from the account. Between the time the hacker accessed the account and withdrew the Bitcoin, plaintiff contacted the platform about being locked out of the account, to which defendant responded that the password change email could be in plaintiff’s spam folder. The complaint alleged that had the company locked the account, plaintiff would still have access to their Bitcoin, and that the platform has a duty to protect its customers’ assets and accounts. Among other things, the complaint also alleged that the platform violated the Electronic Fund Transfer Act (EFTA), the New York General Business Law, and the Michigan Consumer Protection Act.
In its motion to dismiss, defendant argued that Regulation E does not apply to the platform because the EFTA language does not explicitly cover cryptocurrency and only references denominations of the U.S. dollar. Although a separate case against the same defendant determined EFTA did apply to the platform since the statute’s “funds” reference could reasonably cover cryptocurrency (covered by InfoBytes here), the judge’s order focused on, “electronic fund transfer”. The court more closely considered the purpose of the account, expressing uncertainty as to whether it was for personal, family, or household purposes. The court found that the definition of an “account” under EFTA does not include plaintiff’s electronic fund transfer account which was established for investment purposes. In the previous case against the same defendant, the court held that the defendant deceived the users regarding its security measures, but the judge presiding over this case disagreed. The court cut the claims of misrepresentation finding that plaintiff failed to allege that the statements were false at the time they were made. The order denies two claims: (i) that the defendant misrepresented its security level; and (ii) that the defendant failed to meet EFTA requirements and its implementing Regulation E, because investment purposes accounts are precluded from the statute’s protections. The court granted the other four counts.