InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit concludes district attorneys can sue national banks in state court
On February 27, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s decision to abstain from enjoining a state action brought by a California county district attorney (DA) against a national bank, concluding that the enforcement action was not an exercise of “visitorial powers.” According to the opinion, the DA launched an investigation into the bank’s vendor and issued the bank an investigative subpoena seeking records of its banking activities. The bank objected, claiming the request “improperly infringes on the exclusive visitorial powers of the [OCC]” because it sought to inspect the bank’s books and records. The bank subsequently filed a complaint in the U.S. District Court for the Central District of California asking the court to enjoin the state action and requesting injunctive relief to prevent the DA from taking any action to enforce federal and state lending, debt collection, and consumer laws against the bank, or from exercising visitorial powers in violation of the National Bank Act (NBA). The DA withdrew his investigative subpoena and moved to dismiss for lack of subject matter jurisdiction on the ground that the case was now moot. The motion to dismiss was denied on the premise that the DA had not demonstrated that a “renewed investigative subpoena against [the bank] ‘could not be reasonably be expected.’”
The DA then filed a complaint in state court claiming the bank violated California law by hiring a third-party vendor to place “extensive harassing” debt collection phone calls to residents in the state. The complaint alleged violations of California’s Unfair Competition Law, the Rosenthal Fair Debt Collections Practices Act, and the right to privacy under the California Constitution. In federal court, the bank moved for summary judgment, arguing that the state action was an improper exercise of visitorial powers. The district court, however, ruled that the Younger v. Harris abstention (in which a federal court refrains from staying or enjoining pending state criminal prosecutions absent extraordinary circumstances or state civil enforcement actions when certain conditions are met) applied. The bank appealed.
The 9th Circuit considered two questions: (i) whether the Younger abstention was correctly applied, and (ii) whether the DA’s state court action “was an impermissible exercise of visitorial powers vested exclusively with the OCC.” The 9th Circuit held that the district court was correct in applying the Younger abstention doctrine because (i) “the state action qualified as an ‘ongoing’ judicial proceeding because no proceedings of substance on the merits had taken place in the federal action”; (ii) the state court action implicated an important state interest in consumer protection and nothing in federal law bars a DA from suing a national bank; (iii) the bank had the option to raise a federal defense under the NBA in the state court action; and (iv) the injunction the bank requested in the federal action would interfere with the state court proceeding. The 9th Circuit also rejected the bank’s arguments that the state action constituted an illegal exercise of visitorial powers that only belongs to the OCC or state attorneys general. The 9th Circuit cited the U.S. Supreme Court’s decision in Cuomo v. Clearing House Ass’n, L.L.C., in which the high court “held that bringing a civil lawsuit to enforce a non-preempted state law is not an exercise of visitorial powers,” and that “a sovereign’s ‘visitorial powers’ and its power to enforce the law are two different things.” Relying on the Cuomo holding, the 9th Circuit found that accepting the bank’s position “would mean that actions brought against national banks by federal or state agencies or, for that matter, individuals would be forbidden as unlawful exercises of visitorial powers.” “Such a result is wrong. It contradicts established law and is unsupported by any legal authority cited by [the bank]” and would additionally “raise serious anti-commandeering concerns under the Tenth Amendment.”
8th Circuit reverses debt collection action for lack of standing
On February 24, the U.S. Court of Appeals for the Eighth Circuit vacated and remanded the dismissal of a class action lawsuit concerning a medical collection letter that listed amounts due but did not distinguish between the principal and the interest that the debt collectors were attempting to charge. Plaintiff, who never paid any part of the interest or principal, filed a class action against the defendant debt collectors alleging violations of the FDCPA and the Nebraska Consumer Practices Act (NCPA). The defendants moved for summary judgment, arguing that the plaintiff lacked Article III standing. The district court denied the motion and the jury found for the defendants on all counts except for the NCPA claim, which was not tried before a jury. After trial, the district court determined it had provided improper jury instructions, and sua sponte, entered judgment for the plaintiff as a matter of law on both the NCPA and FDCPA claims. The district court specifically ruled that the NCPA does not allow collection of prejudgment interest by a debt collector without an actual judgment. The defendants appealed.
On appeal, the 8th Circuit focused on whether the plaintiff had standing. The appellate court held that the collection letter did not cause the plaintiff concrete harm, and concluded (quoting TransUnion LLC v. Ramirez, citing Spokeo, Inc. v. Robins) that without a concrete injury in fact, she “is ‘not seeking to remedy any harm to herself but instead is merely seeking to ensure a defendant’s compliance with regulatory law (and, of course, to obtain some money via the statutory damages).’” Without suffering a tangible harm, the appellate court said it could only recognize injuries with “a ‘close relationship’ to harm ‘traditionally’ recognized as providing a basis for a lawsuit in American courts.” The plaintiff pointed to fraudulent misrepresentation and conversion as analogous to her alleged injury, but the appellate court disagreed and determined that the consumer could not establish injury sufficient to satisfy Article III standing. In vacating and remanding the district court’s ruling, the 8th Circuit pointed out that, absent standing, it lacked jurisdiction to decide any other issues raised on appeal.
DFPI settles with student loan debt relief company
On February 28, the California Department of Financial Protection and Innovation (DFPI) announced a settlement with an unlicensed student debt relief company and its owner. The announcement is part of the DFPI’s continued crackdown on student loan debt relief companies found to have violated the California Consumer Financial Protection Law (CCFPL), the Student Loan Servicing Act (SLSA), and the Telemarketing Sales Rule (TSR). According to the settlement, a DFPI inquiry into the company’s practices found that since at least 2018, the company placed unsolicited phone calls to consumers advertising its student loan forgiveness and modification services. The company allegedly gave borrowers the impression that it was a part of, or affiliated with, an official government agency, and would act “as an intermediary between borrowers and the borrowers’ lenders or loan servicers with the goal of helping those consumers lower or eliminate their student loan debts.” The DFPI found that since 2018 at least 790 California consumers enrolled in the company’s debt relief program, whereby the company collected at least $713,000 through up-front servicing fees ranging from $116 to $2,449 from California consumers. By allegedly engaging in unlicensed student loan servicing activities, engaging in unlawful, unfair, deceptive, or abusive acts or practices with respect to consumer financial products or services, and by charging advance fees for debt relief services, the DFPI claimed the company violated the SLSA, CCFPL, and TSR.
Under the terms of the consent order, the company and owner must desist and refrain from engaging in the alleged conduct, rescind all debt relief, debt management, or debt consulting service agreements, and issue refunds to California consumers. The owner is also ordered to “desist and refrain from owning, managing, operating, or controlling any entity that services student loans, or which offers or provides any consumer financial products or services as defined by the CCFPL, unless and until he or the entity has the applicable approvals from the DFPI and is in compliance with the SLSA, CCFPL, TSR, and the Federal Trade Commission Act.”
DFPI modifies CCFPL proposal
On February 24, the California Department of Financial Protection and Innovation (DFPI) released modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. As previously covered by InfoBytes, DFPI issued a notice of proposed rulemaking (NPRM) last June to implement sections 22159, 22800, 22804, 90005, 90009, 90012, and 90015 of the CCFPL related to the offering and provision of commercial financing and other financial products and services to small businesses, nonprofits, and family farms. According to DFPI, section 22800 subdivision (d) authorizes the Department to define unfair, deceptive, and abusive acts and practices in connection with the offering or provision of commercial financing. Section 90009, subdivision (e), among other things, authorizes the Department’s rulemaking to include data collection and reporting on the provision of commercial financing or other financial products and services.
After considering comments received on the NPRM, changes proposed by the DFPI include the following:
- Amended definitions. The proposed modification defines a “commercial financing transaction” to mean “a consummated commercial financing transaction for which a disclosure is provided in accordance with California Code of Regulations, title 10, section 920, subdivision (a).” The modifications to the definitions also amend a “covered provider” to exclude “any person exempted from division 24 of the Financial Code under Financial Code section 90002,” and defines a “small business” to be “a business entity organized for profit with annual gross receipts of no more than $16,000,000 or the annual gross receipt level as biennially adjusted by the Department of General Services in accordance with Government Code section 14837, subdivision (d)(3), whichever is greater.” In determining a business entity’s annual gross receipts, the proposed modifications state that covered providers “may rely on any relevant written representation by the business entity, including information provided in any application or agreement for commercial financing or other financial product or service.”
- UDAAP. In addition to making several technical changes, the proposed modifications clarify that “[i]t is unlawful for a covered provider to engage or have engaged in any unfair, deceptive, or abusive act or practice in connection with the offering or provision of commercial financing or another financial product or service to a covered entity.” The changes remove text that would have made it unlawful should a covered provider “propose to engage” in any if these practices.
- Annual reporting requirements. The proposed modifications specify that covered providers who offer commercial financing will be required to electronically file reports to the DFPI on or before March 15 of each year starting in 2025. The proposed changes to the reporting requirements also clarify certain terms, address when covered providers are not required to calculate or report certain information, and stipulate that covered providers “licensed under division 9 (commencing with section 22000) of the Financial Code shall not include in the report required under this section information for activity conducted under the authority of that license.”
Comments on the proposed modifications are due March 15.
New York AG sues crypto trading platform for failing to register
On February 22, the New York attorney general filed a petition in state court against a virtual currency trading platform (respondent) for allegedly failing to register as a securities and commodities broker-dealer and falsely representing itself as a cryptocurrency exchange. The respondent’s website and mobile application enable investors to buy and sell cryptocurrency, including certain popular virtual currencies that are allegedly securities and commodities. According to the AG, securities and commodities brokers are required to register with the state, which the respondent allegedly failed to do. The AG further maintained that the respondent claimed to be an exchange but failed to appropriately register with the SEC as a national securities exchange or be designated by the CFTC as required under New York law. Nor did the respondent comply with a subpoena requesting additional information about its crypto-asset trading activities in the state, the AG said. The state seeks a court order (i) preventing the respondent from misrepresenting that it is an exchange; (ii) banning the respondent from operating in the state; and (iii) directing the respondent to undertake measures to prevent access to its mobile application, website, and services from within New York.
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.
Montana amends mortgage servicing laws
On February 16, the Montana governor signed HB 30, which amends certain provisions of the state’s mortgage laws. Among other things, the act outlines provisions related to financial condition requirements, model state regulatory prudential standards for nonbank mortgage servicers, risk assessments, and licensee reporting requirements. The act also permits remote work provided certain conditions are met, including that a licensee’s employees and independent contractors do not meet with the public in an unlicensed personal residence, business records are not stored at the remote locations, appropriate security measures are put in place to ensure the confidentiality of customer information, and the NMLS record reflects the designation of a properly licensed location as the mortgage loan originator’s official workstation. In addition, the act amends provisions related to the denial of a licensee’s application or renewal, and updates designated manager and branch office licensing requirements to account for the remote location allowance. The act further provides the Department of Administration (acting through the Division of Banking and Financial Institutions) with rulemaking authority for addressing the revocation or suspension of licenses for cause, investigations into alleged violations, and fees, among other things. Additional amendments address the sharing of confidential supervisory information with state and federal financial regulators. Exempt from the act’s requirements are not-for-profit servicers and housing financing agencies, while servicers solely involved in reverse mortgage servicing are exempt from certain portions of the act. Similarly, servicers with 25 or fewer loans, or servicers wholly owned and controlled by one or more state- or federally-regulated depository institutions are also exempt from certain portions of the act. A servicer that is also licensed as an escrow business may apply to waive or adjust certain financial condition requirements. The act is effective July 1.
DFPI launches crypto scam tracker
On February 16, the California Department of Financial Protection and Innovation (DFPI) launched a database to help consumers in the state spot and avoid crypto scams. The Crypto Scam Tracker compiles details about apparent crypto scams identified through a review of public complaints submitted to the DFPI, and is searchable by company name, scam type, or keywords. “Through the new Crypto Scam Tracker, combined with rigorous enforcement efforts, the DFPI is committed to shining a light on these ruthless predators and protecting consumers and investors,” DFPI Commissioner Clothilde Hewlett said in the announcement.
NYDFS adds enhancements for detecting virtual currency fraud
On February 21, NYDFS Superintendent Adrienne A. Harris announced enhancements to the Department’s ability to detect fraud in the virtual currency industry. The new enhancements will improve NYDFS’s ability to combat financial crime and detect illegal activity among state-regulated entities engaged in virtual currency activity through new insider trading and market manipulation risk monitoring tools. Specifically, the enhancements will strengthen NYDFS’s virtual currency supervision and aid the Department in detecting potential insider trading, market manipulation, and front-running activity associated with regulated entities’ and applicants’ exposure or potential exposure to listed virtual currency wallet addresses. The announcement builds upon recently issued guidance related to the use of blockchain analytics tools, the issuance of U.S. dollar-backed stablecoins, and custodial guidance on crypto insolvency, as well as guidance for addressing measures for preventing market manipulation. (Covered by InfoBytes here, here, here, and here.)
Illinois Supreme Court says BIPA claims accrue with every transmission
On February 17, the Illinois Supreme Court issued a split decision holding that under the state’s Biometric Information Privacy Act (BIPA), claims accrue “with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” The plaintiff filed a proposed class action alleging a defendant fast food chain violated BIPA sections 15(b) and (d) by unlawfully collecting her biometric data and disclosing the data to a third-party vendor without first obtaining her consent. According to the plaintiff, the defendant introduced a biometric-collection system that required employees to scan their fingerprints in order to access pay stubs and computers shortly after she began her employment in 2004. Under BIPA (which became effective in 2008), section 15(b) prohibits private entities from collecting, capturing, purchasing, receiving through trade, or otherwise obtaining “a person’s biometric data without first providing notice to and receiving consent from the person,” whereas Section 15(d) provides that private entities “may not ‘disclose, redisclose, or otherwise disseminate’ biometric data without consent.” While the plaintiff asserted that the defendant did not seek her consent until 2018, the defendant argued, among other things, that the action was untimely because the plaintiff’s claim accrued the first time defendant obtained her biometric data. In this case, defendant argued that plaintiff’s claim accrued in 2008 after BIPA’s effective date. Plaintiff challenged that “a new claim accrued each time she scanned her fingerprints” and her data was sent to a third-party authenticator, thus “rendering her action timely with respect to the unlawful scans and transmissions that occurred within the applicable limitations period.” The U.S. District Court for the Northern District of Illinois agreed with the plaintiff but certified its order for immediate interlocutory appeal after “finding that its decision involved a controlling question of law on which there is substantial ground for disagreement.”
The U.S. Court of Appeals for the Seventh Circuit ultimately found that the parties’ competing interpretations of claim accrual were reasonable under Illinois law, and agreed that “the novelty and uncertainty of the claim-accrual question” warranted certification to the Illinois Supreme Court. The question certified to the high court asked whether “section 15(b) and (d) claims accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission[.]”
The majority held that the plain language of the statute supports the plaintiff’s interpretation. “With the subsequent scans, the fingerprint is compared to the stored copy of the fingerprint. Defendant fails to explain how such a system could work without collecting or capturing the fingerprint every time the employee needs to access his or her computer or pay stub,” the high court said. The majority rejected the defendant’s argument that a BIPA claim is limited to the initial scan or transmission of biometric information since that is when the individual loses the right to control their biometric information “[b]ecause a person cannot keep information secret from another entity that already has it.” This interpretation, the majority wrote, wrongfully assumes that BIPA limits claims under section 15 to the first time a party’s biometric identifier or biometric information is scanned or transmitted. The Illinois Supreme Court further held that “[a]s the district court observed, this court has repeatedly held that, where statutory language is clear, it must be given effect, ‘even though the consequences may be harsh, unjust, absurd or unwise.’” However, the majority emphasized that BIPA does not contain language “suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business,” adding that because “we continue to believe that policy-based concerns about potentially excessive damage awards under [BIPA] are best addressed by the legislature, . . . [w]e respectfully suggest that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under [BIPA].”
The dissenting judges countered that “[i]mposing punitive, crippling liability on businesses could not have been a goal of [BIPA], nor did the legislature intend to impose damages wildly exceeding any remotely reasonable estimate of harm.” “Indeed, the statute’s provision of liquidated damages of between $1000 and $5000 is itself evidence that the legislature did not intend to impose ruinous liability on businesses,” the dissenting judges wrote, cautioning that plaintiffs may be incentivized to delay bringing claims for as long as possible in an effort to increase actionable violations. Under BIPA, individuals have five years to assert violations of section 15—the statute of limitations recently established by a ruling issued by the Illinois Supreme Court earlier this month (covered by InfoBytes here).