Democratic Senator Dianne Feinstein announced that she and three other Democratic Senators have introduced a bill, the “Accountability for Wall Street Executives Act of 2017,” that would allow state attorneys general to issue investigative subpoenas to national banks in connection with suspected violations of state law.

The bill appears intended to overturn the U.S. Supreme Court’s 2009 decision in Cuomo v. Clearing House Association interpreting the National Bank Act (NBA) provision that bars state officials from exercising “visitorial powers” over national banks.  While the Supreme Court held in Cuomo that the filing of a civil lawsuit by a state AG against a national bank to enforce state law was not barred as the exercise of “visitorial powers,” it also held that the issuance of extra-judicial subpoenas by a state AG in connection with an investigation was barred.

The bill would amend the NBA (12 U.S.C. 484) to provide that, notwithstanding the limit on visitorial powers, “an attorney general (or other chief law enforcement officer) of a State may issue subpoenas or administer oversight and examination to national banks or officers of national banks upon reasonable cause to believe that the national bank or an officer of a national bank has failed to comply with applicable State laws.”

In attempting to further empower state AGs, the bill likely is a response to the concern of Democratic lawmakers that CFPB enforcement activity will significantly decrease under the Trump administration.  A group of Democratic state AGs recently sent a letter to President Trump in which they threatened to aggressively use their enforcement authority under federal and state law.

In addition to various federal consumer protection statutes that give direct enforcement authority to state AGs or regulators, Section 1042 of the Consumer Financial Protection Act authorizes state AGs and regulators to bring civil actions to enforce the provisions of the CFPA, most notably its prohibition of unfair, deceptive or abusive acts or practices.  A state AG or regulator, before filing a lawsuit using his or her Section 1042 authority, must notify the CFPB and Section 1042 allows the CFPB to intervene as a party and remove an action filed in state court to federal court.

On January 11, 2018, from 12:00 p.m. to 1:00 p.m. ET, Ballard Spahr attorneys will hold a webinar: Who Will Fill the Void Left Behind by the CFPB?  Click here to register.

This week, New York Governor Andrew Cuomo issued a press release directing the New York Department of State to issue a new regulation impacting consumer reporting agencies.  The new regulation was adopted on an emergency basis and went into immediate effect in order to protect consumers from identity theft and other potential economic harms that may arise following a data breach.

The regulation requires consumer reporting agencies to:

  • Identify dedicated points of contact for the Division of Consumer Protection to obtain information to assist New York consumers in the event of a data breach;
  • Respond within 10 days to information requests made on behalf of consumers by the Division of Consumer Protection;
  • File a form with certain information to the Division of Consumer Protection, including all fees associated with the purchase or use of products and services marketed as identity theft protection products as well as a listing and description of all business affiliations and contractual relationships with any other entities relating to the provision of any identity theft prevention or mitigation products or services; and
  • In any advertisements or other promotional materials, disclose any and all fees associated with the purchase or use of proprietary products offered to consumers for the prevention of identity theft, including, if offered on a trial basis, any and all fees charged for its purchase or use after the trial period and the requisites of cancellation of such continued use.

The protections appear targeted to address alleged abuses by the consumer reporting industry following the recent Equifax data breach.  Cuomo also announced that the Division of Consumer Protection will be issuing a demand letter to Equifax for information to assess the damage and risk of identity theft to New York State consumers resulting from the data breach.

Cuomo did not address the status of previously announced proposed regulations of the consumer credit reporting agencies by the New York Department of Financial Services.

The Democratic attorneys general of 15 states and the District of Columbia have sent a letter to President Trump in which they express their support for the CFPB’s consumer protection mission and criticize the President’s appointment of Mick Mulvaney as CFPB Acting Director.  The 15 states are California, Connecticut, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Minnesota, New Mexico, North Carolina, Oregon, Vermont, Virginia, and Washington.  In particular, the AGs contend that various statements made by Mr. Mulvaney about the CFPB “are categorically false, and should disqualify Mr. Mulvaney from leading the agency, even on an acting basis.”

Since the AGs’ presumably realize that their criticism is unlikely to cause President Trump to reconsider his appointment of Mr. Mulvaney, it would appear that the letter’s primary purpose is “saber rattling” by the AGs.  While providing examples of various enforcement matters on which state AGs have worked jointly with the CFPB, the AGs highlight their own “express statutory authority to enforce federal consumer protection laws, as well as the consumer protection laws of our respective states.”  The AGs state that they “will continue to enforce those laws vigorously regardless of changes to the CFPB’s leadership or agenda.  As attorneys general, we retain broad authority to investigate and prosecute those individuals or companies that deceive, scam, or otherwise harm consumers.”

In addition to various federal consumer protection statutes that give direct enforcement authority to state AGs or regulators, Section 1042 of the Consumer Financial Protection Act authorizes state AGs and regulators to bring civil actions to enforce the provisions of the CFPA, most notably its prohibition of unfair, deceptive or abusive acts or practices.  A state AG or regulator, before filing a lawsuit using his or her Section 1042 authority, must notify the CFPB and Section 1042 allows the CFPB to intervene as a party and remove an action filed in state court to federal court.  (AGs and regulators in several of the states joining in the letter to President Trump have already filed lawsuits using their Section 1042 authority.)

On January 11, 2018, from 12:00 p.m. to 1:00 p.m. ET, Ballard Spahr attorneys will hold a webinar: Who Will Fill the Void Left Behind by the CFPB?  Click here to register.

The AGs warn that “if incoming CFPB leadership prevents the agency’s professional staff from aggressively pursuing consumer abuse and financial misconduct, we will redouble our efforts at the state level to root out such misconduct and hold those responsible to account.”  They further state that “regardless of the future direction or leadership of the CFPB, we as state attorneys general will vigorously enforce state and federal laws to ensure fairness and deter fraud.”  It is also important to note that CFPB staff, who may feel handcuffed by Mr. Mulvaney, can share information with sympathetic state AGs.

 

Last Friday, as expected, the FTC announced the launch of a coordinated federal-state law enforcement initiative targeting deceptive student loan debt relief companies.  According to the FTC, 11 states and the District of Columbia are participating in the initiative, which is being called “Operation Game of Loans.”  The participating states are Colorado, Florida, Illinois, Kansas, Maryland, North Carolina, North Dakota, Oregon, Pennsylvania, Texas, and Washington,

The initiative includes seven FTC actions, including an action filed by the FTC earlier this month in Florida federal court, and 29 actions by state AGs.

A recent flurry of FTC enforcement activity targeting companies offering student loan debt relief services suggests such companies could be the subject of the announcement scheduled for tomorrow “of a major coordinated consumer fraud enforcement initiative” between the FTC and state attorneys general.

The announcement was originally scheduled to be made on October 11 at a press conference in Chicago, Illinois featuring Thomas Pahl, Acting Director of the FTC’s Bureau of Consumer Protection, and Illinois Attorney General Lisa Madigan.  However, after postponing the press conference and rescheduling it for October 13, the FTC issued an update stating that the FTC “and attorneys general in 11 states and the District of Columbia will issue an announcement” on October 13 that “will be posted on FTC.gov.”  The FTC also indicated that “[s]enior officials from the FTC and the offices of the state attorneys general will be available for telephone interviews upon request.”

Earlier this month, the FTC filed a complaint in a Florida federal court for a permanent injunction and other equitable relief against Student Debt Doctor LLC and its individual principal alleging that the defendants conducted a deceptive student loan debt relief operation.  At the FTC’s request, the court entered an ex parte order temporarily freezing the company’s assets and appointing a receiver.  The FTC filed at least two other actions in federal courts in September 2017 against companies and individuals also alleged to have conducted deceptive student loan debt relief operations.

The cities of Chicago and San Francisco and the Massachusetts Attorney General have filed the first enforcement actions against Equifax following the announcement of a data breach affecting an estimated 143 million consumers.  Equifax announced the data breach on September 7, 2017, after hackers allegedly exploited a vulnerability in open-source software used by Equifax to create its online consumer dispute portal.

The first suits were filed on September 26th by the Massachusetts Attorney General and San Francisco.  Massachusetts’s complaint was filed in Superior Court in Suffolk County and alleges that Equifax knew or should have known about the vulnerability and that hackers were attempting to exploit it, but that Equifax failed to take known and available measures to prevent the breach.  Massachusetts asserts claims for violations of the Massachusetts data privacy statute and the Massachusetts Consumer Protection Act prohibiting unfair and deceptive practices based on Equifax’s alleged failure to give timely notice of the breach, failure to safeguard personal information, and failure to take other actions that Equifax was uniquely positioned to provide that would have mitigated damages to Massachusetts consumers.  The Massachusetts Attorney General is seeking unspecified civil penalties, disgorgement of profits, restitution, costs and attorney’s fees.

San Francisco’s complaint, filed in the Superior Court of San Francisco, asserts claims under the California Business and Professions Code for unlawful, unfair or fraudulent business practices, alleging that Equifax failed to maintain reasonable security practices and procedures, failed to provide timely notice of the security breach, and failed to provide complete, plain and clear information when notice was provided.  The lawsuit seeks restitution for all California consumers, civil penalties up to $2,500 per violation of law, restitution, costs, and a court order requiring Equifax to implement and maintain appropriate security procedures in the future.

Finally, the City of Chicago filed suit on September 28th in Cook County Circuit Court and asserts claims arising under both state law and city ordinance.  Specifically, Chicago alleges Equifax violated a local ordinance prohibiting fraudulent, unfair, and deceptive business practices, as well as the Illinois Consumer Fraud and Deceptive Business Practices Act.  Chicago’s claims are based on allegations that Equifax failed to give prompt notice of the breach, failed to safeguard personal information, and deceived consumers by requiring them to waive their legal rights in exchange for credit monitoring services and by misrepresenting that the offered credit monitoring was free.  Chicago seeks civil monetary penalties in the amount of $10,000 for each day a violation has existed that involves a Chicago resident, restitution, and injunctive relief requiring Equifax to maintain adequate security measures to prevent data breaches.

These are likely just the first of many lawsuits to be filed against Equifax by state and local officials.  Further action at both the federal and state level seems all but certain.  For example, the Federal Trade Commission and Department of Justice have confirmed they are investigating the breach, and the New York Department of Financial Services confirmed that it recently issued a subpoena to Equifax for more information about the breach.  This vigorous and immediate government enforcement effort further supports our position that private class action lawsuits are an unnecessary and inappropriate tool for vindicating any harm caused by the data breach.  We will continue to follow these significant cases and update you as events unfold.

 

Last week, New York Governor Andrew Cuomo issued a press release directing the New York Department of Financial Services (“NYDFS”) to impose new rules on consumer reporting agencies (“CRAs”).  The proposed regulation would subject CRAs that issue consumer reports (as defined in a manner similar to the federal Fair Credit Reporting Act) about consumers located in New York to new requirements, including:

  • Annual registration with NYDFS – such registration must identify officers and/or directors that are responsible for the CRAs’ compliance with the new regulation;
  • Annual, and in some cases quarterly, information reporting requirements to NYDFS;
  • NYDFS examinations to be conducted as often as NYDFS considers “necessary”;
  • Prohibitions against various activities, such as including inaccurate information in a consumer report or engaging in any unfair, deceptive, abusive, and/or predatory acts or practices;
  • Communicating with consumers’ authorized representatives; and
  • Compliance with the newly issued NYDFS cybersecurity regulation (see Ballard alert).

Except for requiring CRAs to comply with the NYDFS cybersecurity regulation, it is unclear how the other requirements would address the risks posed by the recent Equifax breach, which was the purported reason for Governor Cuomo’s announcement.

Importantly, by requiring CRAs to register on an annual basis, the proposed regulation would empower NYDFS to suspend or revoke such registration based not only on the bad acts of a CRA itself, but also based on the bad acts of individual members, principals, officers, directors, or controlling persons at the CRA.  Without a valid registration, a CRA would be prohibited from providing any consumer reports about consumers located in New York, any companies licensed by NYDFS would be prohibiting from purchasing consumer reports from the CRA, and any companies licensed by NYDFS would be prohibited from furnishing information about consumers located in New York to the CRA.

Although a version of the proposed regulation was released with Governor Cuomo’s announcement, NYDFS is expected to release an official version for public comment in the coming weeks.  CRAs and companies that rely on CRAs to provide information about consumers located in New York should strongly consider participating in this rulemaking process.

In an unusual procedural move last week in the RD Legal Funding case about which we have previously blogged, SDNY Judge Loretta Preska (the judge presiding over the CFPB’s lawsuit against RD Legal Funding) has referred to EDPA Judge Anita Brody the question of whether the NFL Concussion Litigation settlement agreement forbids assignments of settlement benefits. Judge Brody has been presiding over the multidistrict litigation for over five years and is currently overseeing the implementation of the settlement. Within the Order, Judge Preska noted “[t]his case presents an unusual situation in which the Defendants’ underlying conduct is intertwined with an MDL class action settlement in another court,” and stated the referral “ensures uniformity of adjudication with a single ruling that will apply not only to the Defendants in this action but also to other potential lenders to class members who might assert the same defense[.]” The referral had been requested by the NFL Concussion Litigation Co-Lead Class Counsel, Christopher Seeger.

In related news, earlier this week Judge Brody granted a request from Seeger to compel several entities to produce (1) a list of all retired NFL players with whom the entities communicated, (2) a list of all retired NFL players with whom the entities entered into agreements related to the NFL Concussion Settlement, and (3) a copy of any agreement related to the settlement. However, Judge Brody denied Seeger’s request to compel production of similar information from RD Legal Funding.

RD Legal Funding, LLC is seeking to dismiss the lawsuit filed against it, two of its affiliates, and their individual principal in February 2017 by the CFPB and the New York Attorney General in a NY federal district court alleging that a litigation settlement advance product offered by the defendants is a disguised usurious loan that is deceptively marketed and abusive.  In particular, the complaint alleged that the transactions were falsely marketed as assignments rather than loans and violated New York usury laws. The complaint also alleged that the transactions could not be assignments because the underlying settlements expressly prohibited assignment of claimant recoveries.

In the complaint, both the CFPB and the NY AG asserted deception and abusiveness claims under Sections 1031 and 1042 of Dodd-Frank.  In addition to alleged violations of state civil and criminal usury laws (which were the predicate for one of the CFPB’s deception claims), the NY AG’s state law claims included alleged violations of NY’s UDAP statute.

In their motion to dismiss, the defendants argue that the court should strike down the CFPB as a whole (rather than make the Director removable without cause as the D.C. Circuit panel did in PHH) because its structure is unconstitutional.  The defendants’ other arguments for dismissal include: (1) the court does not have jurisdiction under the CFPA because the defendants’ transactions did not involve an extension of credit and therefore none of the defendants are “covered persons” under the CFPA, (2) the complaint’s deceptive conduct claims fail to meet the heightened pleading standard for claims based on allegations of fraud, (3) the complaint fails to allege abusive conduct because the defendants’ representations about the nature of the transactions were truthful and consumers were encouraged to seek professional advice before entering into a transaction, and (4) state usury laws do not apply because the transactions were sales.

In addition to defending the constitutionality of the CFPB’s structure in their opposition to the motion to dismiss , the CFPB and NY AG assert that the defendants are “covered persons” under the CFPA because they offered or extended credit through the transactions and that all counts in the complaint state valid claims for relief (for reasons that include the argument that heightened pleading standards for fraud claims do not apply to consumer protection claims under the CFPA or NY law.)

When the complaint was filed, the CFPB and the NY AG issued press releases and prepared remarks in which they referenced transactions entered into by the defendants with former NFL players who were entitled to payments from the settlement of the NFL concussion litigation.  Class counsel for the plaintiff settlement class in the concussion litigation filed a letter with the NY district court seeking permission to file a memorandum of law as amicus in support of the CFPB.  In their proposed memorandum, they assert that their participation is intended to address the defendants’ “erroneous” position that the settlement agreement in the concussion litigation permits the assignment of the settlement’s monetary awards.

A request to file a memorandum of law as amicus in support of the CFPB was also filed by the American Legal Finance Association (ALFA), which describes itself as a trade association that represents the country’s leading consumer legal funding companies.  In its memorandum, ALFA indicates that, due to the possibility that a holding in the case could impact the entire legal funding industry, its participation is intended to “assist the Court with expertise not otherwise represented by the parties” regarding the differences between the pre-settlement legal funding transactions offered by ALFA members and the defendants’ transactions.

The defendants opposed the requests of class counsel and ALFA to participate as amici and while the case docket indicates that the court granted permission to ALFA to file its amicus memorandum, it does not indicate the disposition of class counsel’s request.

On November 21, 2017, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar: Litigation Funding: Risks and Rewards.  Click here to register.

 

The Minnesota Attorney General announced that she has filed a lawsuit in state court against two pension advance companies.

According to the AG’s press release, the companies often solicited borrowers through their own websites or websites of “lead generators” who marketed “pension loans” or “loans that can fit your needs.”  The press release states that the transactions required military veterans and senior citizens to assign portions of their monthly pension payments for up to ten years in exchange for much smaller cash amounts (usually less than $5,000) on which the AG claimed the companies typically charged annual percentage rates of 200 percent.

The lawsuit is reported to allege that the companies violated Minnesota lending laws by making loans to Minnesota borrowers without being licensed as a lender and sought to evade Minnesota law by falsely characterizing the transactions as pension “purchase agreements” rather than loans.

In February 2017, the CFPB and the New York Attorney General filed a lawsuit in which they alleged that a litigation settlement advance product offered by the defendant was a usurious loan that was deceptively marketed as an assignment.  In August 2015, the CFPB and the New York Department of Financial Services filed a lawsuit against two pension advance companies in which the CFPB and NYDFS made similar allegations regarding the advances made by the companies.

The Minnesota AG’s lawsuit and the CFPB/NY lawsuits not only indicate that pension advance companies and litigation funding companies have become targets of regulatory enforcement actions, but also suggest that merchant cash advance providers and other finance companies whose products are structured as purchases rather than loans could face heightened scrutiny from state and federal regulators.