Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • California district court rules social media company cannot dismiss non-users’ facial scan privacy claims


    On March 2, the U.S. District Court for the Northern District of California denied a motion to dismiss an action for lack of standing in a lawsuit brought under the Illinois Biometric Information Privacy Act (BIPA) against a social media company (defendant) for allegedly collecting and storing non-user facial scans. The action was similar to a consolidated class action lawsuit brought by users of the site in 2016. The court found that the factual difference between the two cases (one involving users and one involving non-users) was irrelevant for its Article III analysis. Citing to his February 26 decision (February decision) in the related case, the judge concluded that the abrogation of the plaintiffs’ procedural rights under BIPA, which allow users to control their biometric information, amounted to a concrete injury under Article III. As the court noted in the February decision: “BIPA vested in Illinois residents the right to control their biometric information by requiring notice before collection and giving residents the power to say no by withholding consent,” and that there is “equally little doubt . . . that a violation of BIPA’s procedures would cause actual and concrete harm.” The court rejected the defendant’s argument that it did not store non-users’ biometric information, stating that such factual evidence, which is disputed by the plaintiffs, goes to the merits of the case and cannot be weighed or resolved at the motion to dismiss stage.

    Courts Privacy/Cyber Risk & Data Security Class Action State Issues

    Share page with AddThis
  • CFPB releases RFI on rulemaking process

    Federal Issues

    On March 7, the CFPB released its seventh Request for Information (RFI) in a series seeking feedback on the Bureau’s operations. This RFI solicits public comment regarding “the overall efficiency and effectiveness of its rulemaking processes.” The RFI emphasizes that the Bureau is not seeking information related to the particular content of any proposed or final rule—existing rules will be addresses in separate RFIs—or information related to elements of the rulemaking process which are required by law. Specifically, the RFI requests feedback regarding the discretionary aspects of the Bureau’s rulemaking processes, including (i) mechanisms (such as RFIs) the Bureau uses to gather information from stakeholders in advance of initiating a rulemaking; (ii) the Small Business Regulatory Enforcement Fairness Act (SBREFA) panel process; (iii) the content and structure of notices of proposed rulemaking (NPRMs); (iv) the NPRM comment process, including time periods and feedback mechanisms; and (v) the content and structure of notices of final rules. The RFI is expected to be published in the Federal Register on March 9. Comments will be due 90 days from publication.

    Federal Issues RFI CFPB Succession Consumer Complaints Agency Rule-Making & Guidance Federal Register

    Share page with AddThis
  • House passes several bills focused on regulatory relief

    Federal Issues

    On March 6, the House passed H.R. 2226, the “Portfolio Lending and Mortgage Access Act,” amending TILA and expanding the safe harbor provisions provided to qualified residential mortgages held in portfolio by banks with less than $10 billion in assets. Under the bill, a mortgage lender would not be subject to civil liability for violating specified ability-to-repay requirements if, among other things, the loan was originated and held continuously in portfolio by a covered institution and complies with certain limitations and requirements related to prepayment penalties and points and fees..

    On the same day, the House also passed H.R. 4725, the “Community Bank Reporting Relief Act,” to amend the Federal Deposit Insurance Act to reduce the regulatory reporting burden on community banks. Specifically, federal banking agencies would be required to issue regulations allowing qualified depository institutions with less than $5 billion in assets to submit abbreviated call reports (consolidated reports of condition and income) every other quarter rather than submitting full call reports every quarter.

    Finally, by a vote of 264-143, the House passed H.R. 4607, the “Comprehensive Regulatory Review Act,” a measure to amend the Economic Growth and Regulatory Paperwork Reduction Act of 1996’s regulatory review process. Among other things, the bill requires federal financial regulators to perform a comprehensive review at least every seven years, instead of every ten years as currently required, to identify regulations that may be tailored to limit burdens on insured depository institutions. 

    Federal Issues Federal Legislation U.S. House Qualified Mortgage Mortgages Community Banks EGRPRA Federal Deposit Insurance Act Bank Regulatory

    Share page with AddThis
  • CFPB releases 2018 lists of rural, underserved counties

    Agency Rule-Making & Guidance

    On March 6, the CFPB released its annual list of rural counties and rural or underserved counties for lenders to use when determining qualified exemptions under certain TILA regulatory requirements. In addition to these lists, the Bureau also directed lenders to use its web-based Rural or Underserved Areas Tool to assess whether a rural or underserved property qualifies for safe harbor for purposes of Regulation Z.

    Agency Rule-Making & Guidance CFPB TILA Regulation Z Consumer Finance Lending

    Share page with AddThis
  • CFPB issues final rule on periodic statements during bankruptcy

    Agency Rule-Making & Guidance

    On March 8, the CFPB issued a final rule updating technical aspects of the upcoming periodic statement requirements for borrowers in bankruptcy under Regulation Z. The Bureau adopted the proposed rule, released in October 2017, without revision (previously covered by InfoBytes here). Specifically, the final rule changes the transition rules for borrowers who enter or leave bankruptcy by replacing the previous single-billing-cycle exemption with a single-statement exemption for the next periodic statement or coupon book that a servicer would otherwise have to provide, regardless of when in the billing cycle the triggering event occurs. The Bureau also added new commentary to clarify the operation of the single-statement exemption. The rule is effective April 19. 

    Agency Rule-Making & Guidance CFPB Mortgage Servicing Bankruptcy Consumer Finance Regulation Z

    Share page with AddThis
  • New York Attorney General settles HIPAA allegations with a health insurance company

    State Issues

    On March 6, the New York Attorney General announced a settlement with a healthcare provider for an alleged violation of the Health Insurance Portability Accountability Act (HIPAA) concerning a mailing error, which resulted in the disclosure of over 80,000 social security numbers. According to the announcement, in October 2016, the healthcare provider discovered that its mailing envelopes for certain health policies inadvertently included the customers’ social security numbers as part of the “Health Insurance Claim Number” printed on the envelope. Under the terms of the settlement, the healthcare provider is required to pay a $575,000 fine, review its policies and procedures, and implement a corrective action plan which includes an analysis of the security risks associated with the mailing of policy documents. 

    State Issues State Attorney General Privacy/Cyber Risk & Data Security Settlement

    Share page with AddThis
  • International bank settles with New York Attorney General for $500 million for RMBS misconduct


    On March 6, the New York Attorney General announced a $500 million settlement with an international bank to resolve allegations of misrepresentations in the sale of residential mortgage-backed securities (RMBS), in violation of New York’s Martin Act and Section 63(12) of New York’s Executive Law. According to the settlement agreement, the investigation focused on 44 securitizations sold by the bank between 2006 and 2007. In addition to the alleged misrepresentations in the offering documents, the bank also included loans in the sales portfolio that due diligence vendors warned did not comply with underwriting guidelines. The $500 million settlement includes $100 million in damages to New York State and $400 million to consumer relief programs.

    As previously covered by InfoBytes, the bank recently settled with the California Attorney General for misrepresentations while selling RMBS to California’s public employee and teacher pension fund.

    Securities State Attorney General State Issues RMBS Settlement Mortgages

    Share page with AddThis
  • Pennsylvania judge partially dismisses action against investors of an online lending scheme


    On January 26, the U.S. District Court for the Eastern District of Pennsylvania partially dismissed an action brought by the Pennsylvania Attorney General against out-of-state investors of an online payday lender and the lender for violating Pennsylvania’s Corrupt Organizations Act (COA). The Attorney General alleged that an online payday lender and the investors “designed, implemented, and profited from a consumer lending scheme to circumvent the usury laws of states.” The alleged conduct, which the court referred to generally as “rent-a-bank” and “rent-a-tribe” schemes, involved the online lender partnering with an out-of-state bank and later with tribal nation to act as the nominal lenders of the loans. The investors moved to dismiss the claims against them, arguing that the court lacked personal jurisdiction over them and that the Attorney General failed to plead sufficient allegations with respect to the investors’ involvement in the “rent-a-bank” scheme. The court rejected the jurisdictional arguments, holding that even though the investors were a Delaware LLC with no physical connection to the state, their participation in a scheme targeting Pennsylvania consumers constituted sufficient minimum contacts. However, the court dismissed the “rent-a-bank” aspects of the complaint as to the investors because it found that the Attorney General failed to allege that they were anything more than passive investors in the scheme.

    Courts Payday Lending State Attorney General Jurisdiction Lending

    Share page with AddThis
  • Nebraska, South Dakota enact legislation relating to security breaches and credit freezes

    Privacy, Cyber Risk & Data Security

    On March 1, the governor of South Dakota signed House Bill 1078 to revise certain provisions addressing the removal of credit security freezes. The amended act states that a security freeze will remain in place until a consumer requests the removal from the consumer reporting agency. The consumer reporting agency is then required to remove the freeze within three business days. Separately, on February 27, the governor signed House Bill 1127 (HB 1127) to revise certain provisions concerning fees charged for security freezes. Among other things, HB 1127 prohibits consumer reporting agencies from charging a fee for placing or removing a security freeze, and stipulates that a consumer reporting agency may advise a third party that a consumer’s credit report has been frozen.

    On February 28, the governor of Nebraska approved Legislative Bill 757 strengthening certain provisions of the state’s Credit Report Protection Act and the Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006. Among other things, the amendments state that (i) any individual or commercial entity in the state that possesses computerized data containing personal information of Nebraska residents must maintain reasonable security and disposal procedures and practices; (ii) nonaffiliated third-parties with access to personal information must also maintain reasonable security and disposal procedures; and (iii) consumer reporting agencies must provide services free-of-charge for the placement or removal of a credit security freeze. The legislation also outlines additional violations under which the Nebraska Attorney General can 

    Privacy/Cyber Risk & Data Security State Issues State Legislation Data Breach

    Share page with AddThis
  • 9th Circuit reverses lower court’s dismissal of TCPA claim


    On February 28, the U.S. Court of Appeals for the 9th Circuit reinstated a consumer’s lawsuit against two banks on charges that the nearly 300 calls she received seeking payment of a debt may have violated the Telephone Consumer Protection Act (TCPA). The three-judge panel stated that the district court’s decision to dismiss the case on standing grounds was incorrect in light of a subsequent 9th Circuit ruling in a different case, which held that “a violation of the TCPA is a concrete, de facto injury.” The court further held that the TCPA is not limited to telemarketing calls, and that the unsolicited contact—“regardless of caller or content”—is evidence of “concrete harm” that can be traced back to the conduct at issue. Additionally, the panel also held that the district court erred in granting the banks’ request for summary judgment on the plaintiff’s claim under California’s Rosenthal Fair Debt Collection Practices Act and her claim for “intrusion upon seclusion,” finding that the banks’ actions “allegedly caused harm” to the plaintiff’s solitude. The court reversed and remanded the case for further proceedings.

    Courts Appellate Ninth Circuit TCPA Debt Collection

    Share page with AddThis