Editor's Note
A huge solar storm hit this winter, dumping enough energy in two days to power every residence in New York City for two years. It disrupted GPS service and caused other weird stuff. What else could explain havoc like Madonna's half-time show? Spring may have arrived, but a lot of people are still digging out from under this pile of neutrinos.
It is tempting to blame "severe space weather," but it can't account for all the nuttiness. That's where we come in. We brought our pocket translator.
High on the list of things needing translation is the Consumer Financial Protection Bureau ("CFPB"). It is up and running and has the look of Godzilla about to enter Tokyo. Signs from different sectors report, ominously, that disclosures alone aren't going to placate the creature, and that a number of products or industries are going to get flattened first. No one is evacuating yet, but we have our binoculars trained. (See http://www.mofo.com/resources/regulatory-reform /.) We devote an entire section of this Newsletter to the latest sightings of the Bureau. (See Bureau Report).
Speaking of "larger participants," consider consumer arbitration. Teeth are still rattling from the aftershocks of the Concepcion decision. The Ninth Circuit is now falling into line—not very Ninth-ish—but reports show other pockets of resistance in the usual places like California and now, surprisingly, the Second Circuit. We offer a special section on these developments. (See Arbitration Report.) Also, a lot has happened in Washington (see Beltway Report), on privacy (see Privacy Report), in the world of mortgages (see Mortgage Report), and on preemption (see Preemption Report).
Until next time, remember that April is National Anxiety Month. So, measure twice/cut once, don't buy Lady Gaga's used meat dress at the secondhand store (worn just once!), and donate generously to my SuperPac. (See www.emperorforlife.com.)
Beltway Report
Bend Over, Cough
On January 23, 2012, the Federal Deposit Insurance Corporation ("FDIC") published a notice of proposed rulemaking that would require certain large insured depository institutions to conduct annual capitaladequacy stress tests. The proposal, implementing section 165(i)(2) of the Dodd- Frank Act, would apply to FDIC-insured state nonmember banks and FDIC-insured state-chartered savings associations with total consolidated assets of more than $10 billion. The FDIC regulated 23 state nonmember banks with total assets of more than $10 billion as of Sept. 30, 2011. The stress tests would provide forward-looking information that would assist the FDIC in assessing the capital adequacy of the banks covered by the rule. The banks that would be required to conduct the stress tests also are expected to benefit from improved internal assessments of capital adequacy and overall capital planning.
Get Your Annual Stress Test
The OCC requested public comment on a proposed rule to implement section 165(i)(2) of the Dodd-Frank Act. This proposed rule would require national banks and federal savings associations with total consolidated assets of more than $10 billion to conduct an annual stress test as prescribed by the proposed rule. In addition to the annual stress test requirement, such institutions would be subject to certain reporting and disclosure requirements.
Robocall Rules
On February 15, 2012, the Federal Communications Commission published a long-awaited final rule on the delivery of autodialed and prerecorded telephone calls. The final rule is intended to protect consumers from certain unwanted telemarketing calls and to maximize consistency with the Federal Trade Commission's ("FTC") Telemarketing Sales Rule. For additional information, please review our client alert at: http://www.mofo.com/files/Uploads/Images/120316-FCCAdopts-New-Rules-for-the-Delivery-of-Telemarketing-Calls-to-Cell-Phones.pdf .
CRA Adjusts for Size
On December 22, 2011, the federal banking agencies published their annual Community Reinvestment Act ("CRA") asset-size threshold adjustments for small and intermediate small depository institutions, based upon changes in the average of the Consumer Price Index ("CPI") for Urban Wage Earners and Clerical Workers. For the period ending in November 2011, the CPI increased 3.43%, and effective January 1, 2012, a "small bank" or "small savings association" is one that as of December 31 of either of the prior two calendar years had assets of less than $1.160 billion. An "intermediate small bank" or "intermediate small savings association" had assets of at least $290 million as of December 31 of both of the prior two calendar years, and less than $1.160 billion as of December 31 of either of the prior two calendar years.
FRB's Financial Stability Analysis
The FRB issued an approval order in connection with the proposed acquisition of RBC Bank by The PNC Financial Services Group, and included the first financial stability analysis required by the Dodd-Frank Act. The Act amended Section 3 of the Bank Holding Company Act of 1956 to require FRB to consider "the extent to which a proposed acquisition, merger, or consolidation would result in greater or more concentrated risks to the stability of the U.S. banking or financial system." In the PNC-RBC transaction, the FRB considered whether the proposal would result in a material increase in risks to financial stability due to the increase in size of the combining entities, a reduction in the availability of substitute providers, the interconnectedness among the combining entities and the rest of the financial system, the extent of crossborder activities of the combining entities, and the degree of difficulty of resolving the combined entities. For each factor, the FRB looked at size, substitutability, interconnectedness, complexity, crossborder activity, and all of the financial stability factors in combination.
Living Wills For The Over 50s
The FDIC approved a final rule requiring insured depository institutions with $50 billion or more in total assets to submit to the FDIC periodic contingency plans concerning their resolution in the event of its failure. These resolution plans will inform the FDIC's ability, as receiver, to resolve the institution in a manner that ensures that depositors receive access to their insured deposits within generally one business day of the institution's failure, maximizes the net-present-value return from the sale or disposition of its assets, and minimizes the amount of any loss to be realized by the institution's creditors. This final rule replaces an interim final rule adopted by the FDIC in September 2011, and complements the separate joint rulemaking by the FRB and the FDIC. Currently, 37 depository institutions are covered by this rule, which becomes effective on April 1, 2012.
Guidance on Junior Lien Loan Loss Allowances
On January 31, 2012, the federal banking agencies and the National Credit Union Administration issued supervisory guidance on allowance for loan and lease losses (ALLL) estimation practices associated with loans and lines of credit secured by junior liens on one- to four-family residential properties. The guidance reiterates policy and reminds regulated financial institutions to monitor all credit-quality indicators relevant to credit portfolios, including junior liens. The agencies reiterate key concepts included in generally accepted accounting principles and existing ALLL supervisory guidance related to the ALLL and loss estimation practices, and reminded institutions to follow appropriate risk-management principles in managing junior lien loans and lines of credit.
Bureau Report
Is CFPB Too Big to Fail?
The CFPB released its budget for FY 2012 and FY 2013. The plan calls for 942 full time equivalent employees ("FTEs") in FY 2012 (ending Sept 30, 2012), and 1,359 FTEs in FY 2013. Total expenditures would be about $356 million in FY 2012 and $448 million in FY 2013. This compares to a $300 million FY 2013 budget request from the FTC and more than $2 billion from the SEC – just to give a sense of the differing scale of federal agencies.
What Have You Done For Me Lately?
The Dodd-Frank Act requires the CFPB to report to Congress twice each year about its activities. The first such report was filed at the end of January. The Report reiterates that the CFPB's primary focus is mortgages, mortgage servicing, credit cards and student loans, but it also mentions payday lending, deposit accounts and prepaid cards. The Report includes a list of the CFPB's regulatory priorities. See http:// www.consumerfinance.gov/wp-content/uploads/2012/01/Congressional_Report_Jan2012.pdf .
Highlights:
- The CFPB "has begun assessing the policies and practices of certain mortgage servicing companies, including their default servicing practices like loan modification and foreclosure."
- The CFPB has hired 757 employees, and fewer than a third transferred from federal banking regulators and other agencies.
- The Report describes the CFPB's complaint handling process (pages 16- 20), and recaps various reports, rules, policies and financial highlights.
March Madness
How can you be sure that sensitive materials you turn over to the Bureau won't wind up on Wikileaks? Or in the hands of class action lawyers?
On March 15, 2012, the CFPB requested comment on a proposed rule that would establish protections for privileged information submitted to the CFPB by the financial institutions it supervises. The proposed rule would provide that the submission of information by a supervised entity to the CFPB would not waive any applicable privilege that the institution could claim with respect to that information (including if the CFPB ultimately provided such information to a federal or state agency). The proposal also would allow the disclosure of privileged documents from the CFPB to "any state or federal agency," including, presumably, law enforcement agencies, without waiving attorney client privilege. The proposed rule is designed to fill a potential gap left open by the Dodd-Frank Act, which did not expressly list the CFPB as a "prudential regulator" regarding which attorney-client privilege would not be waived. Note that the House Financial Services Committee recently approved a bill that would close this gap. Comments are due April 16.
Meanwhile, the House passed an ABAsupported bill (H.R. 4014) that would protect confidential bank examination information provided to the Bureau.
Kvetching Central
Got a beef? The CFPB recently started accepting complaints from consumers about student loans and consumer bank accounts (checking and savings accounts, CDs and related services). The CFPB had started by taking credit card complaints, and then expanded that to complaints on mortgages and checking accounts. By the end of the year, the CFPB has said that it will be able to collect complaints about all bank and nonbank consumer financial products. Recently, the CFPB staff posted icons indicating that consumers could submit complaints about installment loans and other "personal loans." These icons were posted prematurely, however, and the CFPB is not yet ready to accept complaints for any lenders beyond the 110 banks currently being examined. The CFPB expects banks to respond to complaints within 15 days with the steps they have or plan to take, and wants the complaints closed in 60 days. Consumers can check the status of their complaint by logging onto the CFPB website and searching for the tracking number assigned to their complaint.
The "Penalty Box"
The CFPB launched an inquiry into checking account overdraft programs to determine how these practices are impacting consumers. Specifically, on February 22, 2012, the CFPB requested public comment on a prototype "penalty fee box" to appear prominently on checking account statements highlighting the amount overdrawn and total overdraft fees charged. The CFPB inquiry consisting of a data request to a number of banks and the request for public comment regarding issues such as reordering of payment items, adequacy of overdraft fee disclosures and alternatives, misleading marketing materials that may affect consumer opt-in rates, and disproportionate impact on low-income and young consumers.
Debt Collectors May Be "Large," Credit Reporting Agencies Too
On February 17, 2012, the CFPB published its first proposed rule defining certain "larger participants" in two nonbank markets for consumer financial products or services—debt collection and consumer reporting. The proposed rule defines "larger participants" in these markets based on the annual receipts of the participant for the covered activities, although the CFPB noted that subsequent rulemakings covering additional markets may use different criteria as appropriate for each market. With respect to debt collection, a debt collector with annual receipts of more than $10 million would be subject to supervision. For consumer reporting, the threshold would be $7 million. Comments are due by April 17, 2012. For additional information, please review our client alert at: http://www.mofo.com/files/Uploads/Images/120216-CFPBLarger-Participants.pdf .
Final Rule on Remittance Transfers
On February 7, 2012, the CFPB published a final rule providing an entirely new regulatory scheme for companies that provide remittance transfers, including banks. Remittance transfers are electronic transfers of money from U.S. consumers to recipients in foreign countries. Among other things, the CFPB's final rule: (1) requires that specific disclosures be given to each "sender" of a remittance transfer showing how much money will be received by the recipient of the transfer in local currency; (2) enables senders to dispute errors for up to 180 days following a remittance transfer; and (3) allows senders to cancel remittance transfer transactions within 30 minutes. For additional information, please review our client alert at: http://www.mofo.com/files/Uploads/Images/120210-Remittance-Transfers.pdf .
Shopping Challenged?
The CFPB's Semi-Annual Report contains a lengthy discussion of "challenges" faced by consumers when shopping for financial products and services. Although the discussion focuses on mortgages, credit cards and student loans, the CFPB also highlights several general "shopping challenges," which are relevant to financial companies beyond those three markets, and may provide a window into practices that the CFPB might consider to be deceptive, unfair, or the elusive "abusive":
- Nonstandard Information. The Report claims that, for many product disclosures (prepaid cards and checking accounts), fees are not standardized and information about fees is not readily available.
- Complicated Pricing. Consumer financial products can have a wide variety of rates and fees, some of which will apply only in certain circumstances or depending on a "complicated set of legal rules." Ominously, the Report states that, "In this context, disclosures mandated by government can simplify the price but only to a degree," signaling that the CFPB may move beyond regulation of disclosures.
- Consumer Behavior. The Report states that the actual price that a consumer pays for a financial product may depend on how the consumer ultimately uses a product, "which can be difficult for the consumer to predict when they choose one offer over another." The Report cites credit cards and checking accounts as examples of how usage can affect overall cost. The Report repeats that "sometimes pricing is so complex that it cannot be reduced to an easyto- understand disclosure, and that is when shopping may be most difficult," again signaling that the CFPB may begin to move beyond disclosures to product terms and conditions.
- Risk-Based Pricing. The Report claims that risk-based pricing of credit products makes comparison shopping harder, because the lender does not determine the exact price it will charge a particular consumer until the lender has reviewed information about the borrower, and only the lowest-risk borrowers can rely on prices quoted in advertising, but higher-risk borrowers "may not obtain an accurate price quote until after they have invested time and effort, and sometimes until after they have paid a fee to apply for a loan."
CFPB, FTC Hold Hands and Recite Vows
On January 20, 2012, the CFPB entered into an agreement with the FTC to coordinate efforts. The MOU establishes procedural requirements, rather than jurisdictional limitations—that is, rather than dividing up jurisdiction over specific products, the MOU requires the agencies to consult with one another before initiating rulemaking proceedings, investigations, or enforcement actions. The two agencies have agreed to meet regularly to coordinate upcoming law enforcement, rulemaking, and other activities; to keep each other informed of investigations or enforcement actions in an attempt to prevent duplicative or conflicting enforcement efforts and undue burdens on industry; and to consult on rulemaking and guidance initiatives, cooperate on consumer education efforts, and share consumer complaints. The agreement, which is required by Section 1024(c)(3)(A) of the Dodd-Frank Act, is important to the broad array of nonbank or nondepository companies potentially subject to overlapping enforcement jurisdiction by the FTC or the CFPB.
The CFPB defines nonbanks as companies that offer or provide financial products or services to consumers but that do so without a bank, thrift, or credit union charter. Nonbanks include mortgage lenders and servicers, payday lenders, consumer reporting agencies, debt collectors, and money services companies, the CFPB said.
Mortgage Report
RESPA Kickback Claims "Inherently Unsuitable"
In Howland v. First American Title Insurance Co., __ F.3d __, 2012 WL 695636 (7th Cir. Mar. 6, 2012), the Court of Appeals for the Seventh Circuit affirmed the denial of class certification where the plaintiff insureds alleged that the defendant title insurer made illegal kickbacks to real estate attorney title agents for nominal or duplicative services in violation of RESPA and the Illinois Consumer Fraud Act. The Seventh Circuit held that "Section 8 kickback claims premised on an unreasonably high compensation for services actually performed are inherently unsuitable for class action treatment, and this case is no exception. Further, the plaintiffs cannot establish the sole recognized exception, namely that First American split fees with attorney agents in fact who performed no services on a classwide basis. Accordingly, the district court did not err in determining that individual issues predominate over common ones."
Model Monthly Mortgage Message
Section 1420 of the Dodd-Frank Act requires mortgage lenders and servicers to send mortgage borrowers a periodic statement for each billing cycle, and the CFPB is required to develop a model form for this statement. The CFPB has published a prototype mortgage statement. See http://www.consumerfinance.gov/pressrelease/consumer-financialprotection-bureau-seeks-input-on-draftmonthly-mortgage-statement /.
HUD Reveals Sexual Orientation, Gender Access
On February 3, 2012, HUD issued its final rule providing for equal access to housing regardless of sexual orientation, gender identity, or marital status. Owners and operators of HUD-assisted housing or housing for which financing is insured by HUD are restricted from obtaining applicant information about sexual orientation and gender identity. The final rule also requires owners and operators to make housing available without regard to those factors. It also prohibits lenders from making eligibility determinations for FHA-insured financing based on sexual orientation or gender identity. The rule became effective on March 5, 2012.
Fed To Servicers: Fix Plumbing, Servicing
On February 27, 2012, the Federal Reserve released action plans from large residential mortgage servicers, detailing the steps each servicer will take to fix problems related to loan servicing and foreclosure processing. The Fed and the Office of the Comptroller of the Currency issued enforcement orders last April, requiring the 14 largest mortgage servicers to correct problems in their servicing and foreclosure processes. The enforcement actions also require mortgage servicers to provide remediation to borrowers who suffered financial injury due to servicing errors. "The Federal Reserve will closely follow the implementation of action plans to ensure that the financial institutions correct deficiencies and evaluate any harm that was done to homeowners in the foreclosure process in 2009 and 2010," the agency said in a press release.
More MERS
The New York Attorney General sued three of the nation's largest banks, alleging their use of the Mortgage Electronic Registration System ("MERS") has led to deceptive and illegal business practices, including fraudulent foreclosure actions. MERS is a private electronic registry tracking the transfer of interests in loans. The lawsuit against Bank of America, Wells Fargo, and JPMorgan Chase was filed in state court in Brooklyn. The complaint claimed that the defendants and others used MERS to file foreclosures and other actions without legal power to do so. MERS has been the subject of numerous lawsuits, many of which claim it has no legal authority to act as a stand-in on mortgage-related transactions.
Courts Split over HAMP
While the Administration continues to reshape its loan modification initiatives, courts remain inundated with claims stemming from the initial Home Affordable Modification Program ("HAMP") rollout in early 2009. Although the majority of district courts have concluded that the initial form for the Trial Period Plan ("TPP") drafted by the Treasury is not sufficient to create a contractual obligation guaranteeing a mortgage modification, there have been a range of decisions on this issue. The TPP conditions any permanent loan modification on the borrower receiving a fully executed copy of a modification agreement. Referencing the TPP's language, the California Court of Appeal concluded: "As a matter of law, there was no contract here."
Likewise, the Fourth Circuit affirmed a lower court decision that the TPP contained no agreement that a loan modification would be reached unless and until the TPP's conditions precedent— including the determination that the borrower qualified for modification— were met. Though the decision was unpublished, it is instructive. The Seventh Circuit reached a different outcome, but rested its conclusion on the formation of a contractual obligation on the fact that the servicer countersigned the TPP and sent it back to the borrower. Although several courts have commented that the HAMP cases are unsuitable on their face for class treatment, there have been no significant class certification decisions as yet.
Bureau Wants to be Friend of Court
The Bureau filed its first amicus brief on March 26. Is it sufficient for a borrower who did not receive his TILA disclosures to simply notify the lender of their intent to cancel within three years, or must he actually file suit? The CFPB, in an amicus brief filed in Rosenfield v. HSBC Bank, No. 10-1442 (10th Cir.), says notice alone is enough.
Operations Report Basel Proposes Principles
The Basel Committee on Banking Supervision issued proposed principles regarding the supervision and regulation of financial conglomerates, particularly financial conglomerates with cross-border operations. The Committee also issued proposed clarifications for the Basel III capital rules with respect to adjustments in the calculation of a bank's regulatory capital due to unrealized gains and losses resulting from changes in the fair value of derivatives.
How to Increase Supervisory Ratings
On March 2, 2012, the FRB issued guidance to advise community banks with consolidated assets of $10 billion or less on the factors considered by FRB in determining whether to upgrade the supervisory ratings of a bank. The FRB will look for "a demonstrated improvement" in the bank's financial condition and risk management practices, and whether such improvements are sustainable. The FRB will assess the quality of the oversight provided by the bank's board of directors and whether the board actively engages in the process of correcting deficiencies.
Privacy Report
States Data Security Legislation
Several states have continued to be quite active with respect to data security so far this year with a number of data security bills being introduced in at least five different states. For example, Connecticut H.B. 5427 would amend the state's security breach notification law to require notice to the Connecticut AG of a breach. Moreover, New Jersey A.B. 1238 would impose a disposal obligation with respect to information stored on copy machines. In addition, Hawaii H.B. 2047 and S.B. 2389 would require that businesses that retain personal information must develop comprehensive written information security programs that include administrative, technical and physical safeguards to protect, among other things, financial records.
White House Consumer Data Privacy Framework
On February 23, 2012, the Obama Administration released its framework for comprehensive data privacy protection. The Administration's proposal starts from the position that the existing privacy framework in the U.S. addresses only some privacy issues and that additional protections are necessary to preserve consumer trust. For example, the Administration's framework would provide a baseline of protections that it believes consumers need, including, for example, consumer rights to control what personal data is collected and an expectation that personal data will only be used and disclosed consistent with the context in which consumers provide the data, as well as consumer rights to access and correct personal data. Moreover, the Administration's proposal suggests that Congress should provide the FTC and state Attorneys General with specific authority to enforce these comprehensive privacy protections.
Federal Cybersecurity Bills
While Congress considers many privacy and data security bills, there has been a shift in focus to protection of the country's communications and information networks from cyberattacks. Competing cybersecurity Senate bills have been introduced by both parties. First, S. 2105 introduced by Senator Lieberman (I-CT) would give the Department of Homeland Security the authority to define what types of systems and assets should be considered "covered critical infrastructure," designate systems and assets as covered (including those within the financial sector) and develop and enforce standards for the protection of those systems and assets. Alternatively, S. 2151 would take a narrower approach and focus on improving information sharing between the government and private sector without imposing a new regime for protection of systems and assets. While the passage of any cybersecurity bill during this Session is unclear, Senate Majority Leader Reid (D-NV) has expressed his intention to bring S. 2105 to the floor for consideration.
Don't Forget: "Right to be Forgotten"
On March 2, 2012, Spain's National Court announced that it had requested an opinion from the European Court of Justice regarding a novel and far-reaching privacy issue. Specifically, the Spanish court requested an opinion on whether Spain's data protection authority can require Google to remove material from its search engine results based on a provision in Spain's data protection law regarding an individual's right to opposition and correction. In addition, the Spanish court requested an opinion on whether the Spanish and European Union laws can apply to Google's California-based operations. The resolution of these issues could be significant. Depending on the court's opinion, the result could require U.S. companies to remove legitimately obtained public personal data regarding an individual from the Internet upon the individual's request.
SEC, CFTC Wave FCRA Red Flags
On February 28, 2012, the SEC and the CFTC jointly issued proposed rules under the Fair Credit Reporting Act ("FCRA"), as amended by the Dodd-Frank Act, to require financial institutions and creditors subject to SEC and CFTC enforcement authority to establish identity theft red-flags programs. The proposed rules would require registered investment companies, investment advisers, commodity pool operators, commodity trading advisors, and other SEC- or CFTC-regulated entities to create programs to detect and respond to red flags. The proposed rules also would establish special requirements for certain credit and debit card issuers to assess the validity of notifications of changes of address in certain circumstances. As indicated in the proposal, the agencies have attempted to ensure that their proposals are substantially similar to the red-flags rules issued by the federal banking agencies, NCUA and FTC. Comments on the proposed rules are due by May 7, 2012.
Consumer Data Privacy Codes
On March 5, 2012, the National Telecommunications and Information Administration ("NTIA") requested public comment on the development of enforceable privacy codes of conduct, including requesting comment on, among other things, the types of privacy issues that should be addressed through a multistakeholder process and how to facilitate a multi-stakeholder process to facilitate the development of such codes. In this regard, the Administration's data privacy framework (discussed above) would provide for a NTIA-convened multi-stakeholder process to develop codes of conduct to specify how the Administration's consumer privacy bill of rights apply in specific business contexts. Comments are due by March 26.
Federal Welcome Mat for TCPA Claims
On January 18, 2012, the U.S. Supreme Court issued a decision regarding the proper forum for cases arising under the Telephone Consumer Protection Act ("TCPA"). Specifically, the Supreme Court resolved a circuit split and held that both state and federal courts have concurrent jurisdiction over private actions brought under the TCPA. Although this decision will foreclose defendants from successfully arguing that a TCPA claim filed in federal court should be dismissed for lack of jurisdiction, the decision also will give defendants expanded opportunities to remove TCPA claims filed in state court to federal court. Nonetheless, federal courts may now face a flood of TCPA litigation.
Obituary: Heartland Breach Suits
On December 1, 2011, a Texas federal court dismissed all but one claim brought by a group of banks in connection with the Heartland payment processor breach involving tens of millions of credit and debit cards. The banks were attempting to recover various costs associated with the breach, including card replacement costs. Nonetheless, the court dismissed ten statutory, contractual and tort claims, while leaving one claim under the Florida UDAP statute. For example, the court dismissed claims brought under New Jersey and New York consumer protection statutes because the payment processor/bank relationship is not consumer oriented. Nonetheless, the Florida UDAP claim survived because large part that statute extends its protections to "persons" and not just "consumers."
Connecticut AG Inquiry Regarding Subpoena "Breach"
On February 8, 2012, the Connecticut AG announced that a bank agreed to change certain of its practices relating to the handling of subpoenas and provide credit monitoring to certain Connecticut residents in connection with a unique subpoena "breach." In this regard, the bank received subpoena requests from the Connecticut Department of Social Services seeking financial records regarding whether certain state employees had falsified financial information on state applications. In turn, the bank forwarded the subpoenas to the relevant bank customers. The subpoenas, however, included the names and Social Security numbers relating to all state employees regarding which state was requesting information.
Massachusetts Service Provider Contract Safe Harbor Expired
On March 1, 2012, the safe harbor in the Massachusetts data security regulations for certain preexisting service provider contracts expired. The regulations require that a covered business take reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures to protect personal information. Further, the regulations require that a covered business require a third-party service provider by contract to implement and maintain "such appropriate security measures." Until March 1, the regulations included a safe harbor that provided that a contract into which a covered business had entered with a third-party service provider to perform services on behalf of the business satisfied the regulations' contract requirement so long as the contract was entered into before March 1, 2010. That safe harbor has now expired.
Illinois AG Issues Information Security and Breach Guidance
On January 27, 2012, the Illinois AG issued guidance for businesses regarding preventing and responding to security breaches. Although Illinois recently enacted a now-effective disposal requirement (as well as revised its security breach law to include notice content requirements), Illinois law does not include general or comprehensive information security requirements. Nonetheless, the AG's guidance includes detailed discussion of various information security controls, including encryption as well as discussion of appropriate steps to respond to a security breach. The AG's guidance may be found at http://illinoisattorneygeneral.gov/consumers/Security_Breach_Notification_Guidance.pdf .
Plastics Report
"One Size" Credit Card Agreement
On December 7, 2011, the CFPB released a two-page draft of what it described as a "prototype" credit card agreement in connection with its "Know Before You Owe" campaign. The agreement is intended to help consumers understand the pricing, risks, and terms of credit cards and to make it easier for consumers to comparison shop. The agreement, however, could raise Truthin- Lending Act compliance issues for issuers. For additional information, see our client alert at: http://www.mofo.com/files/Uploads/Images/111209-CFPBPrototype-Agreement.pdf .
Using Debit Cards to Secure Payment A-OK
In Townsel v. DISH Network L.L.C., 668 F.3d 967 (7th Cir. 2012), the Court of Appeals for the Seventh Circuit affirmed dismissal of an action where plaintiff claimed that defendant satellite TV provider violated 42 U.S.C. § 407(a) of the Social Security Act when it deducted a termination fee from a debit card tied to a checking account accepting direct deposits of Social Security benefits. Plaintiff sued DISH, claiming it violated the Social Security Act, which provides that benefits may not be assigned, attached, or garnished at the behest of creditors. The Seventh Circuit disagreed: "Townsel did not agree to hand over any benefits. She simply agreed to pay a particular debt and authorized DISH to use a debit card to facilitate the transfer of funds from the account linked to the card. Townsel was free to put her Social Security benefits in some other account (or in a pillowcase) and use a different source of money to pay DISH and the other merchants to which she presented the debit card. That option is enough by itself to show that no Social Security benefits were assigned to DISH."
Preemption Report
Is There a Bank in the House?
Two close, but no cigar, preemption rulings required courts to consider whether a bank was a real party in interest. In Community State Bank v. Knox, 2012 U.S. Dist. LEXIS 13209 (M.D. N. C. Feb. 3, 2012), a statechartered, federally insured bank filed suit in federal court seeking to compel arbitration of a payday lending dispute filed in state court. The district court explained that if there was an underlying dispute involving the bank, it would have jurisdiction to consider the arbitration issue because the underlying state-law claims were completely preempted by the Federal Deposit Insurance Act. Unfortunately for the bank, though, the court rejected the argument that it was the "true lender" and therefore the real party in interest, because plaintiff had not sued the bank and the agreement between the nominal defendants and the bank indemnified the bank for any potential liability.
A federal court in California rejected a preemption defense to state-law claims challenging student loan disclosures because plaintiff alleged that Sallie Mae, and not the national bank, was the "true lender." Ubaldi v. SLM Corp., 2012 U.S. Dist. LEXIS 17298 (N.D. Cal. Feb. 13, 2012). Although the loan documents identified a national bank as the lender, the court held that plaintiff's detailed allegations that the national bank had rented out its charter to Sallie Mae were sufficient to create an issue of fact as to whether national bank preemption could apply.
Passing the Torch
Did Dodd-Frank's elimination of HOLA's "occupy the field" preemption apply as of the enactment date (July 21, 2010) or the effective date in the statute (July 21, 2011)? Depends who you ask. Recognizing a split in authority, a federal court in Los Angeles found it is the date of enactment that governs. Settle v. World Savings Bank, FSB, 2012 U.S. Dist. LEXIS 4215 (C.D. Cal. Jan. 11, 2012). The court explained that the Dodd-Frank grandfather clause expressly applies to contracts "entered into on or before the date of enactment," and it is this provision, rather than the more general effective date of the statute, that determines the date when the preemption standards for federal thrifts switched to those applicable to national banks. Id. at *39-40 (quoting 12 U.S.C § 5553).
Foreclosed from Express Preemption?
Courts continue to disagree about whether wrongful foreclosure claims are included in the types of state-law claims identified in OTS and OCC regulations as expressly preempted by HOLA or the NBA. In Gerber v. Wells Fargo Bank, N.A., 2012 U.S. Dist. LEXIS 15860 (D. Ariz. Feb. 9, 2012), the court found wrongful foreclosure claims based on failure to disclose an existing first lien were not expressly identified in any of the categories of the OCC express preemption regulation (12 C.F.R. § 34.4(a)) and rejected the national bank's argument that foreclosure is included in the "servicing" category. In Ayiba v. Wells Fargo Bank, N.A., 2011 U.S. Dist. LEXIS 139884 (S.D. Tex. Dec. 5, 2011), however, the court held wrongful foreclosure claims premised on failure to make required disclosures are preempted by substantively identical OTS regulations. And yes, these courts applied different preemption regulations in cases involving the same defendant even though the loans at issue in both cases were originated by federal thrifts. One court decided the charter of the originating entity governed; the other found it did not.
The More Things Change
Fraud and UDAP claims seeking to require a national bank to disclose a way to avoid fees are preempted by the OCC's revised preemption regulations. Robinson v. Bank of America, N.A., 2011 WL 5870541 (C.D. Cal. Oct 19, 2011), Report & Recommendation Adopted By 2011 WL 5870086 (C.D. Cal. Nov 22, 2011). The court's analysis mirrors the analysis that applied before the OCC amended its regulations to comply with the Dodd- Frank preemption provisions. The court rejected plaintiff's argument that claims of general application to all business are not preempted, explaining that the correct inquiry focuses on whether the state law, as applied to specific national bank activity, prevents or significantly interferes with a power granted by the NBA.
Payment Protection Not Preempted
The major credit card issuers tried to flee to higher ground when the West Virginia Attorney General filed suit challenging payment protection products. They removed the case to federal court, alleging federal jurisdiction based on complete preemption under the NBA, the mass action provision in CAFA, and the substantial federal question doctrine. The court rejected all three theories. The court disagreed that challenges to the cost of the plans were state-law usury claims, explaining these costs were charges for a specific service rather than compensation for the extension of credit. The issuers' argument that the case involved a substantial federal question because applicable regulations expressly preempted the AG's claims fared no better. The court found that accepting the issuers' argument would collapse the distinction between complete preemption and preemption as a defense.
Arbitration Report
Since our last update, Concepcion continues to dominate and perplex. This last quarter saw the Supreme Court clarify the proper standard for when statutory claims are inarbitrable under the Federal Arbitration Act ("FAA") (CompuCredit Corp.); the Second Circuit stuck by its prior two holdings and carved a big exception to Concepcion concluding that a class action waiver was unenforceable where it would effectively preclude federal antitrust claims from being brought (Amex III); and the Ninth Circuit got on board the Concepcion bandwagon and concluded that the FAA preempts California's statelaw rule prohibiting arbitration for broad, public injunctive relief — a rule established in Broughton v. Cigna Healthplans of California and Cruz v. Pacificare Health Systems, Inc.
CROA Claims Arbitrable
The Supreme Court held in CompuCredit Corp. v. Greenwood, U.S. No. 10-948, that claims under the Credit Repair Organizations Act (CROA), 15 U.S.C. § 1679 et seq., are arbitrable. The case involves subprime credit cards that were allegedly marketed as a way to improve credit scores. The acceptance certificate included a mandatory arbitration clause with a class action waiver. The trial court found the arbitration clause invalid under the CROA provision giving consumers a "right to sue" and providing that any waivers of such right were unenforceable. The Ninth Circuit affirmed, creating a circuit split. See Gay v. CreditInform, 511 F.3d 369 (3d Cir. 2007); Picard v. Credit Solutions Inc., 564 F.3d 1249 (11th Cir. 2009). The Supreme Court reversed. Reasoning that because the statute was silent on whether disputes can proceed in an arbitrable forum, the FAA requires the arbitration clause be enforced according to its terms. The immediate impact of CompuCredit will be to challenge the continued viability of the Ninth Circuit's decision Kolev v. Porsche Cars North America, 658 F.3d 1024 (9th Cir. 2011) (barring enforceability of class action waivers for Magnuson-Moss Warranty Act claims even though the Act is silent on validity of pre-dispute arbitration provisions.)
Nursing Homes Claims Arbitrable
In Marmet Health Care Center, Inc. v. Brown, the Supreme Court held in a per curiam opinion that West Virginia's prohibition against pre-dispute agreements to arbitrate personal injury or wrongful death claims against nursing homes was preempted by the FAA. The Court reiterated key language from Concepcion: "As this Court reaffirmed last Term, '[w]hen state law prohibits outright the arbitration of a particular type of claim, the analysis is straightforward: The conflicting rule is displaced by the FAA.'" No surprises here.
Ninth Circuit Joins Concepcion Conga Line
In Kilgore v. KeyBank, N.A., No. 09-16703 (9th Cir. 2012), the Ninth Circuit held that the Broughton-Cruz Rule—the California state law rule prohibiting the arbitration of public injunctive relief claims under California's consumer protection laws— did not survive Concepcion because the rule "prohibits outright the arbitration of a particular type of claim." The Ninth Circuit further clarified that the Ninth Circuit's prior decision upholding Cruz-Broughton, Davis v. O'Melveny & Myers, 485 F. 3d 1066 (9th Cir. 2007), was no longer good law. The impact of the decision is to resolve a split in the California district courts. More broadly, it stated the proposition that the only way a particular statutory claim can be held inarbitrable is if Congress intended to keep a federal claim out of arbitration. State law prohibitions to arbitration are dead.
Second Circuit Secedes From Union
In In Re: American Express Merchants' Litigation, 2012 WL 284518 (2d Cir. Feb. 1, 2012) ("AmEx III"), the Second Circuit for the third time held that a class action waiver in an American Express Card Acceptance Agreement cannot be enforced because to do so would grant AmEx de facto immunity from antitrust liability by removing the plaintiffs' only reasonably feasible means of recovery. In the most important post-Concepcion opinion to date, the Second Circuit held that where the plaintiffs can show that the cost of individually arbitrating such a dispute would be "prohibitive," the class action waiver is unenforceable. The Second Circuit reasoned that Green Tree Financial Corp.-Alabama v. Randolph, 531 U.S. 79 (2000) was controlling and that plaintiffs were able to show that the out-of-pocket expert costs to pursue their antitrust claims would be between $300,000 and $2 million, while the median damages for a class member would be $5,252. Under such circumstances, the Second Circuit concluded antitrust claims could not be reasonably pursued as individual actions, whether in federal court or in arbitration.
AmEx III will not have the last word. District courts in California and Minnesota reached the opposite conclusion with respect to claims under the same federal antitrust laws at issue in AmEx III. In re Apple & AT & TM Antitrust Litig., 2011 BL 332368 (N.D. Cal. Dec. 1, 2011); In re Wholesale Grocery Prods. Antitrust Litig., No. 09-md-2090 ADM/AJB (D. Minn. July 5, 201). Expect much more litigation in this area in the coming months.
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved
