InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court grants defendant’s motion to compel arbitration in electronic signature case
On August 22, the U.S. District Court for the District of Nevada granted a defendant credit union’s motion to compel arbitration regarding a consumer’s signature on bank-owned equipment. According to the order, the plaintiff alleged that the defendant violated 42 U.S.C. § 407 by transferring Social Security benefits from his savings account to his checking account to pay a debt. In March, a magistrate judge determined “that given ‘the liberal construction courts are to afford pro se complaints, it appears Plaintiff states a claim against [the defendant] at least for purposes of surviving screening’ and ordered that the case would proceed against [the defendant]” who filed the motion to compel arbitration. The order further noted that in support of their assertion, defendant provided documentation evidencing the plaintiff’s agreement to arbitrate all claims regarding his account. The defendant submitted an affidavit, a copy of the signature card that the plaintiff executed when he opened his account with the credit union, all subsequent signature cards executed by the plaintiff, and a copy of the “Important Account Information for Our Members,” among other things. According to the affidavit, the signature card the plaintiff executed when he opened his account included the “agreement to the terms and conditions outlined in the Important Account Information for Our Members,” and further indicated that the “[w]ritten notice we give you is effective when it is deposited in the United States Mail with proper postage and addressed to your mailing address we have on file.” The order noted that the “Notice of Change to the Terms and Conditions of Your Account was provided,” and “[t]hat document included a mandatory arbitration provision and the ability to opt out of arbitration.” The defendant argued “that by not exercising his right to opt-out, the agreement necessitates the action be moved into arbitration.” The plaintiff asserted that his signature was collected on an electronic device and because the signature was collected electronically, it was incorporated by fraud. The plaintiff also contended that he did not explicitly sign a document setting forth an arbitration clause because he only electronically input his signature to obtain a debit card.
According to the district court, the plaintiff “does not assert that he did not sign the signature card when he initially opened his account and received the debit card. He asserts that he never agreed to arbitrate his claims because he never received or signed an arbitration agreement.” The district court granted the defendant’s motion to compel arbitration determining that a valid arbitration agreement existed between the parties and that the agreement encompasses the plaintiff’s claims. Among other things, the district court explained that “a valid arbitration agreement exists,” because the “signature card signed by [the plaintiff] certifies ‘[a]greement to the terms and conditions outlined in the Important Account Information For Our Members disclosure and any other material pertaining to the account.’” The district court further wrote that such “statement plainly refers to an external document, and plainly states that the [plaintiff] agreed to be bound by the terms contained therein. Moreover, [the plaintiff’s] assertion that he did not actually receive the Important Account Information For Our Members disclosure does not defeat the signature card’s statement that [the plaintiff] bound himself to the terms contained therein.” Additionally, by signing the signature card, the plaintiff agreed to arbitrate every claim arising from or relating in any way to his account.
SEC files charges in undisclosed transactions case
On August 30, the SEC filed a complaint against two North Carolina-based executives, and their Malta-based registered investment adviser company (collectively, “defendants”) in the U.S. District Court for the Middle District of North Carolina for allegedly engaging in a fraudulent scheme involving undisclosed transactions. According to the SEC, the defendants “repeatedly recommended and entered into transactions that were not disclosed to and were not in the best interests of their clients.” Specifically, one of the executives allegedly “acquired 100% ownership of four North Carolina insurance companies [] and a reinsurance trust, which gave him control over hundreds of millions of dollars in premiums from their policyholders.” The complaint further stated that “[a]lthough the funds were supposed to be used to pay the policyholders’ insurance claims, [the executive] treated the funds as his own assets and used the money for any purpose he decided was in his best interest.” The SEC found that the executive allegedly conducted the schemes through “complex” investment structures and affiliate companies and allegedly used the proceeds to pay himself or to divert the funds to his other businesses. The complaint also noted that the defendants “breached their fiduciary duties to their advisory clients by engaging in numerous undisclosed related-party transactions and by misappropriating over $57 million in client funds” and over $21.4 million in advisory fees generated in connection with these schemes. The SEC’s complaint alleged violations of anti-fraud provisions of the Investment Advisers Act of 1940. The complaint seeks a permanent injunction against the defendants, disgorgement of ill-gotten gains, penalties, bars, and other equitable relief.
District Court preliminarily approves $2.25 million settlement resolving credit card upgrade claims
On August 29, the U.S. District Court for the District of New Jersey preliminarily approved a class action settlement in which a national bank agreed to pay $2.25 million to resolve misleading credit card upgrade claims made to secured credit card holders. Plaintiffs alleged in their motion for preliminary approval that they each signed an agreement with the bank that said if they used and maintained a secured credit card account for seven consecutive billing months without defaulting they would be eligible to automatically “graduate” to an unsecured credit card. Transitioning to an unsecured credit card allows customers to regain control of the collateral deposits and receive a prorated refund of the annual fee they paid while they had secured cards, plaintiffs asserted. Plaintiffs claimed that while the bank’s “form contract and promotional materials promised a meaningful review of secured card accounts after seven months in good standing that review, in fact, did not occur in a fashion consistent with the parties’ contract.” The bank denied the claims. According to court documents, this past January the bank amended the graduation provision at issue in its agreement for secured credit cards to “more adequately disclose how a cardholder becomes eligible for an unsecured credit card.” The court deemed the proposed settlement to be “fair, adequate and reasonable to the settlement class,” and granted class certification. If granted final approval, class members would be awarded a portion of the annual fee paid on their secured credit card.
3rd Circuit vacates dismissal of FCRA lawsuit regarding sovereign immunity
On August 24, the U.S. Court of Appeals for the Third Circuit vacated the dismissal of an FCRA lawsuit, holding that the federal government does not have sovereign immunity under the statute and can be held liable for reporting requirement violations. The plaintiff sued the Department of Agriculture (USDA) and a student loan servicer for allegedly reporting two loans as past due even though he claimed both were closed with a $0 balance. The plaintiff notified the relevant consumer reporting agency who in turn notified the USDA and the servicer. When neither entity took action to investigate or correct the disputed information, the plaintiff sued all three parties for damages under Section 1681n and 1681o of the FCRA. The USDA moved to dismiss for lack of subject matter jurisdiction based on sovereign immunity claims, which the district court granted on the grounds that the United States and its agencies are not subject to liability under the FCRA—a decision in line with opinions issued by the 4th and 9th Circuits.
On appeal, the 3rd Circuit disagreed, instead siding with opinions issued by the D.C. and 7th Circuits that reached the opposite conclusion. According to the 3rd Circuit, the federal government and its agencies enjoy sovereign immunity from civil suits unless Congress unambiguously waives it within a statute. The FCRA provides that any “person” who either negligently or willfully violates the statute is liable to the consumer for civil damages, the appellate court wrote, noting that the term “person” is defined to include any “government or governmental subdivision or agency.” The appellate court stressed that Congress need not express its intent in any particular way, and that courts need only look at the statutory text to discern Congress’ intent. Where Congress wanted to use a narrower definition of “person” in the FCRA, it did so, the appellate court said, pointing to where the FCRA specifically excludes the federal government from the statutory obligations for persons who make adverse employment decisions based on credit reports. “We presume, therefore, that Congress’s failure to do so in §§ 1681n and 1681o was deliberate and intended to convey the full statutory definition,” the 3rd Circuit wrote, finding that Congress unambiguously waived the government’s sovereign immunity in enacting FCRA.
3rd Circuit: District Court erred in applying ascertainability precedent when denying class action certification
On August 24, the U.S. Court of Appeals for the Third Circuit vacated a ruling denying class certification in an action concerning inaccurate consumer reports, holding that the district court misinterpreted Section 1681g(a) of the FCRA and erred in applying the appellate court’s ascertainability precedent. According to the plaintiffs, the defendant, a consumer reporting agency (CRA), provided inaccurate consumer reports as part of a rental application process. The plaintiffs further alleged that the defendant refused to correct the information on the reports unless plaintiffs “obtained proof of the error from [the defendant’s] sources” despite failing to provide the identity of the sources to the plaintiffs. Plaintiffs responded by filed a putative class action alleging the defendant “violated its obligation under the FCRA to disclose on request ‘[a]ll information in the consumer’s file at the time of the request’ and ‘the sources of that information.’” However, the district court denied class certification on the grounds that class members “failed to satisfy Rule 23(b)(3)’s predominance and superiority requirements and that their proposed class and subclass were not, in any event, ascertainable.”
On appeal, the 3rd Circuit closely reviewed when the provisions of § 1681g(a) were applicable. The appellate court first determined the disclosure requirements of § 1681g(a) could only be triggered by a direct request from a consumer, and not a third-party request as the plaintiffs had argued. In so doing, the appellate court found that the district court was “right to distinguish between consumers who made direct requests under § 1681g and consumers who received courtesy copies of the property managers’ Rental Reports,” and affirmed the denial of the “All Requests” class sought by plaintiffs. The appellate court next determined that the district court incorrectly narrowed the disclosure requirements of § 1681g(a) to where a request was specifically made for a consumer’s “file” as opposed to a request for a “report.” The appellate court concluded that “[n]othing in the statute’s text, context, purpose, or history indicates that any magic words are required for a consumer to effect a ‘request’ under § 1681g(a) or that a consumer’s request for ‘my consumer report’ is any less effective at triggering the CRA’s disclosure obligations than a request for ‘my file.’” As a result, the appellate court vacated the district court’s finding as to the predominance requirement of class certification and remanded for the district court “to consider whether Rule 23(b)(3)’s predominance and superiority requirements are satisfied with respect to” consumers in a purported subclass who had made a direct request for a report or file.
The appellate court concluded by determining the district court had additionally errored in its analysis of ascertainability of the proposed class by requiring too high a standard for administrative feasibility. The district court had ruled that where identification of putative class members would require a file-by-file review, ascertainability was “not administratively feasible.” The appellate court disagreed, stating that ascertainability does not mean that “no level of inquiry as to the identity of class members can ever be undertaken,” as it “would make Rule 23(b)(3) class certification all but impossible.” The appellate court instead held that “a straightforward ‘yes-or-no’ review of existing records to identify class members is administratively feasible even if it requires review of individual records with cross-referencing of voluminous data from multiple sources.”
District Court approves class action settlement against securities trading platform and broker-dealer
On May 16, the U.S. District Court for the Northern District of California granted final approval of a settlement in a class action against a securities trading platform and broker-dealer (defendant) for allegedly allowing unauthorized users access to customers’ accounts. As described in plaintiffs’ motion for preliminary approval of settlement, class members alleged the defendant “lacked security measures used by other broker-dealer online systems,” which allowed “thousands of [the defendant’s] customer accounts [to be] accessed by unauthorized users.” Based on these allegations, class members brought claims for negligence, breach of contract, and violations of various state consumer privacy, competition, and advertising laws. Under the terms of the settlement, the defendant must provide cash payments of up to $260 each to settlement class members who submit a claim, up to a total amount of $500,000. Additionally, among other things, the defendant must “provide two years of credit monitoring and identity theft protection services to those who elect to receive it,” must “maintain improvements to its security protocols and policies to decrease the risk of unauthorized access to its customers’ accounts,” and must “respond effectively to instances of potential unauthorized access” in the future.
9th Circuit affirms $20.8 million disgorgement award
On August 24, the U.S. Court of Appeals for the Ninth Circuit affirmed a $20.8 million disgorgement award and agreed with a district court’s decision to hold the defendants jointly and severally liable. The defendants appealed the district court’s 2021 final judgment of disgorgement, which ordered them to disgorge more than $20.8 million in an action concerning money that was collected from investors for a cancer treatment center that was never built. As previously covered by InfoBytes, the district court’s order followed a 2020 U.S. Supreme Court ruling (covered by InfoBytes here), in which the high court examined whether the SEC’s statutory authority to seek “equitable relief” permits it to seek and obtain disgorgement orders in federal court. The Supreme Court ultimately held that the SEC may continue to collect disgorgement in civil proceedings in federal court as long as the award does not exceed a wrongdoer’s net profits, and that such awards for victims of the wrongdoing are equitable relief permissible under § 78u(d)(5). The Supreme Court vacated the original $26.7 million judgment and remanded to the lower court to examine the disgorgement amount in light of its opinion. Of the nearly $27 million raised, the SEC alleged the defendants misappropriated approximately $20 million of the funds through payments to overseas marketing companies and to salaries. To calculate the final disgorgement award, the court subtracted what it determined were “legitimate expenses,” including $2.2 million in administrative expenses and $3.1 million in business development expenses, from the nearly $27 million raised.
On appeal, the 9th Circuit reviewed the proper method of calculating disgorgement as an equitable remedy in an SEC enforcement action and found “no error with the district court’s factual findings as to the illegitimate expenses or with the district court’s disgorgement award.” In so finding, the 9th Circuit explicitly rejected appellants argument that disgorgement was improper because the venture resulted in “no revenues and no profit,” finding that such a result “would not produce an equitable remedy.” The appellate court also determined that because the common law “permit[s] liability for partners engaged in concerted wrongdoing,” the district court did not err in holding both defendants jointly and severally liable where there was evidence the appellant in question “played an integral role” in the fraudulent scheme.
California fines cosmetics chain for privacy violations
On August 24, the California attorney general announced that following an investigative sweep into online retailers, it entered into a $1.2 million settlement with a cosmetics chain for its alleged failure to disclose to consumers that it was selling their personal information, failure to process user requests to opt-out of such sale via user-enabled global privacy controls, and failure to cure such violations within the 30-day period allowed by the California Consumer Privacy Act (CCPA). The action reaffirms the state’s commitment to enforcing the law and protecting consumers’ rights to fight commercial surveillance, AG Bonata said, emphasizing that “today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law. My office is watching, and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls.”
According to a complaint filed in California Superior Court, third parties monitored consumers’ purchases and created profiles to more effectively target potential customers. The company’s arrangement with these third parties constituted a sale of consumer personal information under the CCPA, therefore triggering certain basic obligations, including telling consumers that it is selling their information and allowing consumers to easily opt-out of the sale of their information. According to the complaint, the company failed to take any of these measures.
Under the terms of the settlement, the company is required to pay a $1.2 million penalty and must disclose to California customers that it sells their personal data and provide a mechanism for consumers to opt out of a sale of their information, including through user-enabled global privacy controls like the Global Privacy Control (GPC). Additionally, the company must ensure its service provider agreements meet CCPA requirements and provide reports to the AG related to its sale of personal information, the status of its service provider relationships, and its efforts to honor the GPC.
The press release also announced that notices were sent to several businesses alleging non-compliance concerning their failure to process consumer opt-out requests made via user-enabled global privacy controls. The AG reiterated that under the CCPA, “businesses must treat opt-out requests made by user-enabled global privacy controls the same as requests made by users who have clicked the “Do Not Sell My Personal Information” link. Businesses that received letters today have 30 days to cure the alleged violations or face enforcement action from the Attorney General.”
District Court preliminarily approves data breach class action settlement
On August 24, the U.S. District Court for the Southern District of New York preliminarily approved a putative consolidated class action settlement that would reimburse members for out-of-pocket costs or expenditures actually incurred in connection with a February 2020 data breach. According to class members’ memorandum in support of their motion for preliminary approval of the settlement, the data breach may have exposed the personal financial information (PFI) of approximately 10,300 individuals, including names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information. Class members alleged that defendants failed to adequately protect the PFI of current and former employees and their beneficiaries, and that the resulting data breach “was a direct result of defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect PFI.” If granted final approval, the settlement will provide each class member the opportunity to make a claim for up to $3,500 in reimbursements for out-of-pocket expenses actually incurred, and compensation for up to four hours of lost time spent remedying issues fairly traceable to the data breach at $18 per hour. Additionally, class members will be given 18 months of credit monitoring protections.
District Court sends cryptocurrency hack suit to arbitration
On August 24, the U.S. District Court for the Eastern District of New York granted a motion to compel arbitration in an action claiming that a mobile communications company’s failure to protect the personal information of a cryptocurrency company founder allowed a hacker to steal $8.7 million in cryptocurrency. The cryptocurrency company and its founder sued the defendant citing violations of the Federal Communications Act and the New York Consumer Protection Act, along with numerous negligence claims. Plaintiff alleged that due to lack of safeguards, a hacker conducted an unauthorized “SIM swap” and used the plaintiff’s personal information to access his cryptocurrency wallets and exchange accounts. Plaintiff further claimed that even though it reported the SIM swap to the defendant, “[m]ore attacks continued to succeed over the following years.” The defendant moved to compel arbitration claiming that the plaintiff electronically signed receipts agreeing to terms and conditions which require the arbitration of disputes unless a customer opts-out. The plaintiff countered that “he was not shown the full terms and conditions to his service; that he could not conduct a ‘complete review and inspection’ of the digital receipt because of the screen’s small size, resolution, and inadequate backlighting; that the displayed receipt did not permit hyperlinked review of the full terms; that the display did not affirmatively seek his consent to arbitration by requiring he press a button or check a box; that the full terms were not separately provided in another form; and that his consent was not otherwise confirmed by [defendant] personnel.”
The court found that had the plaintiff “simply thought he was signing a receipt for equipment purchases–and had no idea that any terms and conditions were displayed on the digital device he signed–the court might have concluded that there remained a question of fact suitable for resolution by a jury.” However, the court found that the plaintiff “never claimed that he was unaware that his transactions with [defendant] carried terms and conditions” nor did he allege that he never received “a notice indicating the existence of the terms” even though the court specifically asked the parties to establish these facts in limited discovery. Accordingly, the court ruled that the plaintiff was on notice of defendant’s terms and agreed to them, thus compelling arbitration.