InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB says TILA does not preempt NY law on commercial disclosures
On December 7, the CFPB issued a preliminary determination that New York’s commercial financing disclosure law is not preempted by TILA because the state’s statute regulates commercial financing transactions and not consumer-purpose transactions. The CFPB issued a Notice of Intent to Make Preemption Determination under the Truth in Lending Act seeking comments pursuant to Appendix A of Regulation Z on whether it should finalize its preliminary determination that New York’s law, as well as potentially similar laws in California, Utah, and Virginia, are not preempted by TILA. Comments are due January 20, 2023. Once the comment period closes, the Bureau will publish a notice of final determination in the Federal Register.
Explaining that recently a number of states have enacted laws to require improved disclosures of information contained in commercial financing transactions, including loans to small businesses, in order to mitigate predatory small business lending and improve transparency, the Bureau said it received a written request to make a preemption determination involving certain disclosure provisions in TILA. While Congress expressly granted the Bureau authority to evaluate whether any inconsistencies exist between certain TILA provisions and state laws and to make a preemption determination, the statute’s implementing regulations require the agency to request public comments before making a final determination.
While New York’s Commercial Financing Law “requires financial disclosures before consummation of covered transactions,” the Bureau pointed out that this applies to “commercial financing” rather than consumer credit. The request contended that TILA preempts New York’s law in relation to its use of the terms “finance charge” and “annual percentage rate”—“notwithstanding that the statutes govern different categories of transactions.” The request outlined material differences in how the two statutes use these terms and asserted “that these differences make the New York law inconsistent with Federal law for purposes of preemption.” As an example, the request noted that the state’s definition of “finance charge” is broader than the federal definition, and that the “estimated APR” disclosure required under state law “for certain transactions is less precise than the APR calculation under TILA and Regulation Z.” Moreover, “New York law requires certain assumptions about payment amounts and payment frequencies in order to calculate APR and estimated APR, whereas TILA does not require similar assumptions,” the request asserted, adding that inconsistencies between the two laws could lead to borrower confusion or misunderstanding.
In making its preliminary determination, the Bureau concluded that the state and federal laws do not appear “contradictory” for preemption purposes based on the request’s assertions. The Bureau explained that the statutes govern different transactions and disagreed with the argument that New York’s law impedes the operation of TILA or interferes with its primary purpose. Specifically, the Bureau stated that the “differences between the New York and Federal disclosure requirements do not frustrate these purposes because lenders are not required to provide the New York disclosures to consumers seeking consumer credit.”
California appellate court upholds judgment in RFDCPA suit
On November 23, the California Court of Appeal for the Fourth Appellate District upheld a summary judgment ruling for a creditor over allegations that it violated the Rosenthal Fair Debt Collection Practices Act (RFDCPA). The plaintiff, the widow of a former patient of the defendant doctor, asserted claims against the doctor and his professional corporation (collectively, “defendants”) alleging that they were debt collectors within the meaning of the RFDCPA. The plaintiff alleged that the defendants violated the RFDCPA by sending “multiple bills and making incessant” phone calls seeking payment for services provided to her husband before he died. The plaintiff requested that the defendants stop contacting her and seek payment through insurance and the hospital. The defendants used two different companies for its third-party billing services, and those companies sent invoices to the plaintiff, who responded that payment inquiries for her deceased husband should only be submitted to the insurance company and the medical center. The trial court granted the defendants’ motion for summary judgment, ruling they did not meet the statute’s definition of a debt collector.
The appellate court affirmed, finding that “a medical service provider that exclusively uses an unaffiliated, third-party billing service to collect payment for services rendered to patients” is not a “debt collector” within the meaning of the RFDCPA. The court found that although the RFDCPA “applies to those who collect debts on behalf of themselves,” the law still requires that a defendant “must regularly and in the ordinary course of business ‘engage in’ debt collection” for liability to attach. The appellate court emphasized that it was not holding that “a creditor may never be vicariously liable for the actions of a debt collector on an agency theory.” Instead, the plaintiff carried “the burden to demonstrate a triable issue of material fact on the existence of such an agency relationship, and she failed to do so on this record.”
9th Circuit revives data breach class action against French cryptocurrency wallet provider
On December 1, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s dismissal of a putative class action brought against a French cryptocurrency wallet provider and its e-commerce vendor for lack of personal jurisdiction. As previously covered by InfoBytes, plaintiffs—customers who purchased hardware wallets through the vendor’s platform between July 2017 and June 2020—alleged violations of state-level consumer protection laws after a 2020 data breach exposed the personal contact information of thousands of customers. Plaintiffs contended, among other things, that when the breach was announced in 2020, the wallet provider failed to inform them that their data was involved in the breach, downplayed the seriousness of the attack, and did not disclose that the attack on its website and the vendor’s data theft were connected. The district court held that it did not have jurisdiction over the French wallet provider, and ruled, among other things, that the plaintiffs did not establish that the wallet provider “expressly aimed” its activities towards California in a way that would establish specific jurisdiction, and “did not cause harm in California that it knew was likely to be suffered there.” The district court further held that the fact that the vendor was headquartered in California at the time the breach occurred was not sufficient to establish general jurisdiction because the vendor moved to Canada before the class action was filed. “Courts have uniformly held that general jurisdiction is to be determined no earlier than the time of filing of the complaint,” the district court wrote, dismissing the case with prejudice.
On appeal, the 9th Circuit concluded that dismissal was improper because the French wallet provider’s contracts with California were sufficient to establish jurisdiction under the “purposeful availment” framework. The appellate court explained that because the French wallet provider sold roughly 70,000 wallets in the state, collected California sales tax, and shipped wallets directly to California addresses, the “facts suffice to establish purposeful availment because [the French wallet provider’s] contacts with the forum cannot be characterized as ‘random, isolated, or fortuitous.’” However, the 9th Circuit limited the claims to only those brought by California residents under the state’s consumer protection laws. A forum-selection clause in the French wallet provider’s privacy policy and terms of use documents provided that disputes would be subject to the exclusive jurisdiction of French courts, the appellate court said, which was enforceable except with respect to the class claims of California residents brought under California law “because it violated California public policy against waiver of consumer rights under California’s Consumer Legal Remedies Act.”
The 9th Circuit also determined that the district court abused its discretion in disallowing any jurisdictional discovery concerning the defendant e-commerce vendor. Explaining that the e-commerce vendor employs more than 200 people who work remotely from California, including a data-protection officer (DPO) who may have played a role related to the data breach, the appellate court wrote that “[b]ecause more facts are needed to determine whether those activities support the exercise of jurisdiction, we reverse the district court’s denial of jurisdictional discovery with respect to the DPO’s role and responsibilities and his relationship to [the e-commerce vendor], which processed and stored the data.”
NYDFS proposes virtual currency firms to pay supervision fees
Recently, NYDFS announced it is seeking public comment on a proposed rule establishing how certain licensed virtual currency businesses would be assessed for the costs of their supervision and examination. According to NYDFS, the proposed regulation establishes a provision in the state budget granting NYDFS new authority to collect supervisory costs from virtual currency businesses that are licensed pursuant to the Financial Services Law, and will permit NYDFS “to continue adding top talent to its virtual currency regulatory team.” The proposed regulation states that it will apply only to licensed persons engaged in virtual currency business activity and that the fees will only cover the costs and expenses associated with NYDFS's oversight of each licensee. Specifically, the draft regulation states that a licensee's total annual assessment fee will be the “sum of its supervisory component and its regulatory component” and that each licensee will be billed five times per fiscal year. According to the regulation, there will be four quarterly fees, each approximately 25 percent of the anticipated annual amount, and a final fee based on the actual total operating cost for the fiscal year. Comments on the proposed regulation are due March 20.
NY passes crypto mining bill
On November 22, the New York governor signed AB 7389, which establishes a moratorium on cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transaction. Among other things, the bill also establishes a section on the moratorium on air permit issuance and renewal that states that the state cannot approve a new application, or issue a new permit, for an electric generating facility that utilizes carbon-based fuel and that provides behind-the-meter electric energy consumed or utilized by cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transactions. The bill is effective immediately.
Arizona establishes new limits on consumer debt collection
Recently, the Arizona governor approved Proposition 209, which decreases the maximum lawful annual interest rate on “medical debt” from 10 percent to three percent. Among other things, the proposition defines “medical debt” as “a loan, indebtedness, or other obligation arising directly from the receipt of health care services or of medical products or devices.” Accordingly, in addition to judgments on medical debt, the three percent annual rate limit applies to loans or other financing for health care services or medical products or devices. The proposition also decreases the share of borrowers’ wages that lenders can garnish. The current limit is 25 percent, but that percentage will decrease to 10 percent for many consumers, and to five percent for consumers dealing with extreme economic hardship. Additionally, the proposition increases various exemption amounts, including: (i) $400,000 (up from $150,000) for the homestead exemption; and (ii) $15,000 (up from $6,000) for household furniture, furnishing, goods, and appliances. The proposition is effective immediately.
On December 7, a state court granted a temporary restraining order, which stopped the enactment of the approved measure. An evidentiary hearing is set to happen in December where the plaintiffs are seeking to have the proposition nullified.
States ask FTC to increase consumer data privacy protections
On November 17, the Massachusetts attorney general announced that a coalition of more than 30 state AGs sent a letter to the FTC urging the Commission to consider the heightened sensitivity around consumers’ medical data, biometric data, and location data, along with other dangers that arise from data brokers and the surveillance of consumers in response to the FTC’s August advanced notice of proposed rulemaking (ANPR). As previously covered by InfoBytes, in August the FTC announced the ANPR covering a wide range of concerns about commercial surveillance practices, specifically related to the business of collecting, analyzing, and profiting from information about individuals. In the letter, the AGs expressed that they share the FTC’s concern about “the alarming amount of sensitive consumer data that is amassed, manipulated, and monetized.” The AGs noted, among other things, that many consumers are not even aware that their location information is being collected, and when a consumer wishes to disable location sharing, their options are quite limited. The coalition also urged the FTC to consider the risks of commercial surveillance practices that use or facilitate the use of facial recognition, fingerprinting, or other biometric technologies. The letter stated that “consumers provide this information to companies for security purposes or personal pursuits, such as to learn about their ancestry,” but are not always aware of when and how their data is collected. The AGs emphasized the persistent dangers of data brokers, and warned that data brokers profile consumers by scouring their information and use it to create profiles of certain consumers who are susceptible to certain advertising or are likely to buy certain products. In regard to data minimization, the letter emphasized that it is “vital that the Commission consider data minimization requirements and limitations.” The AGs encouraged the FTC “to examine the approach taken in the California, Colorado, Connecticut, Utah and Virginia consumer privacy laws,” and further explained that “each statute mandates that businesses tie and limit the collection of personal data to what is ‘reasonably necessary’ in relation to specified purposes.”
New York enacts protections for consumers with medical debt
On November 23, the New York governor signed S6522A/A7363A to prohibit certain hospitals and healthcare providers from placing liens on the primary residences of individuals with unpaid medical debts or garnishing wages to collect on unpaid bills or satisfy judgments arising from a medical debt lawsuit. “No one should face the threat of losing their home or falling into further debt after seeking medical care,” Governor Kathy Hochul said in an announcement. “I’m proud to sign legislation today that will end this harmful and predatory collection practice to help protect New Yorkers from these unfair penalties. The bill is effective immediately.
CSBS says FDIC board nominees lack state bank regulatory expertise
On November 29, the Conference of State Bank Supervisors sent a letter to Senator Sherrod Brown (D-OH), Chairman of the Senate Banking Committee, and Rep. Pat Toomey (R-PA), Ranking Member of the House Financial Services Committee, to express their disappointment that none of the nominees to the FDIC Board of Directors have state bank supervisory experience. Last month, President Biden nominated Martin Gruenberg, who has been serving as acting chairman, to serve as chair and member of the board, and in September, Travis Hill and Jonathan McKernan were nominated to fill the board’s two vacant seats (covered by InfoBytes here and here). At the time of the announcement, CSBS President and CEO James M. Cooper issued a statement encouraging the U.S. Senate to ask nominees how they intend to work with state bank regulators. Cooper reiterated in his follow-up letter that the FDI Act requires that at least one board member have state bank supervisory experience, especially since having the Comptroller of the Currency seated on the board represents the interest of national banks. According to Cooper, fulfilling this statutory requirement “can only be met by a person who has worked in state government as a supervisor of state-chartered banks, and as the legislative history notes, [is] someone with ‘state bank regulatory expertise and sensitivity to the issues confronting the dual banking system.’” Cooper asked that the slate of nominees confirmed by the Senate includes at least one individual who fulfills this requirement.
The following day, during the Senate Banking Committee’s nomination hearing, Republican senators questioned Gruenberg’s role in a dispute between Democratic board members and former Chairwoman Jelena McWilliams related to a joint request for information seeking public comment on revisions to the FDIC’s framework for vetting proposed bank mergers. McWilliams eventually announced her resignation at the end of last year (covered by InfoBytes here). Senator Pat Toomey (R-PA) called Gruenberg’s participation in the dispute “very disturbing,” and expressed concerns that his actions, along with some of his colleagues, “really undermines the [] FDIC and could have lasting implications.” Gruenberg countered that under the FDI Act, “the authority of the agency explicitly is vested in the board of directors, and the majority of the board has the authority to place items before the board.”
Some Republican senators also raised concerns with Gruenberg’s past involvement in Operation Choke Point, with Senator Steve Daines (R-MT) requesting that Gruenberg commit to actively preventing FDIC employees from “criticizing, discouraging or prohibiting banks from lending or doing business with any industries or customers that are operating in accordance with the law.” Gruenberg agreed to do so, saying this has been the FDIC’s policy. The FDIC’s current approach to cryptocurrency was also addressed, while Senator Cynthia Lummis (R-WY) took issue with the fact that none of the board nominees fulfill the Biden administration’s push for diversity and inclusion.
Senators demand answers on collapsed cryptocurrency exchange; NYDFS seeks tougher crypto approach
On November 16, Senator Elizabeth Warren (MA-D) and Senator Richard Durbin (IL-D) sent a letter to the ex-CEO and his successor of a cryptocurrency exchange that filed for bankruptcy. In the letter, the senators requested a series of files from the cryptocurrency exchange, including copies of internal policies and procedures regarding the relationship between the firm and its affiliated crypto hedge fund. The senators stated that the cryptocurrency exchange’s customers and Americans “fear that they will never get back the assets they trusted to [the cryptocurrency exchange] and its subsidiaries.” Additionally, the senators argued that “the apparent lack of due diligence by venture capital and other big investment funds eager to get rich off crypto, and the risk of broader contagion across the crypto market that could multiply retail investors’ losses, ‘call into question the promise of the industry.’” The senators emphasized that “the public is owed a complete and transparent accounting of the business practices and financial activities leading up to and following the cryptocurrency lending firm's collapse and the loss of billions of dollars of customer funds.” Among other things, the senators asked the cryptocurrency exchange to provide requested information by November 28, including: (i) complete copies of all the firm’s and its subsidiaries’ balance sheets, from 2019 to the present; (ii) an explanation of how “a poor internal labeling of bank-related accounts” resulted in the firm’s liquidity crisis; (iii) a list of all the firm’s transfers to its affiliated crypto hedge fund; (iv) copies of all written policies and procedures regarding the relationship between the firm and its affiliated crypto hedge fund; and (v) an explanation of the $1.7 billion in the firm’s customer funds that were allegedly reported missing.
The same day, NYDFS Superintendent Adrienne Harris participated in a “fireside chat” before the Brooking Institute’s event, Digital asset regulation: The state perspective - Effective regulatory design and implementation for virtual currency. During the chat, Harris expressed her support for a national framework similar to what New York has because she believes that “it is proving itself to be a very robust and sustainable regime.” Harris also discussed NYDFS priorities regarding digital assets for the future, stating that crypto companies can expect more guidance on a number of key regulatory issues. Specifically, Harris disclosed that NYDFS will “have more to say on capitalization,” and “on consumer protection, disclosures, advertising … [and] complaints, making sure these companies have an easy way for consumers to complain.” She also warned that NYDFS will “bolster and broaden” its authority, adding that there is “lots of work for us to do to make clear the expectations that we have already, and to make sure that the things we have on the books equip us well to keep up with this marketplace.”
Senators Warren and Sheldon Whitehouse (D-RI) also sent a letter to the DOJ asking that the former CEO and any complicit company executives be held personally accountability for wrongdoing following the cryptocurrency exchange’s collapse.
On December 13, the House Financial Services Committee will hold a hearing to discuss the cryptocurrency exchange’s collapse and the possible implications for other digital asset companies.