This week, New York State Department of Financial Services (NY DFS) Superintendent Benjamin Lawsky presided over a two-day hearing regarding emerging virtual currencies and the appropriate role of regulation. The hearing was the next step in an inquiry announced last August, and was held as the NY DFS considers developing a state license specific to virtual currency that would subject operators to state oversight. The panels featured the views of private investors, virtual currency firms, regulatory experts, and law enforcement officials. From our view inside the room, the most prominent, theme to emerge is that regulators will need to strike a balance between protecting the public interest—both from a consumer protection standpoint and with regard to the potential for criminal activity—while allowing emerging virtual currency technologies to develop, evolve, and thrive. Read more…
FinCEN Releases Additional Guidance Related To Virtual Currency Mining, Software, And Investment Activity
On January 30, FinCEN issued two rulings related to virtual currency mining and virtual currency software development and investment activity. The guidance clarifies FinCEN’s previous convertible virtual currency guidance. In FIN-2014-R001, FinCEN explains that miners of Bitcoins, whether individuals or corporations, who are engaging in mining solely for the miner’s own personal purpose are “users” of virtual currency and not MSBs under FinCEN’s previous guidance. FinCEN found this to be the case even if the miner from time to time must convert the mined Bitcoins into real currency or another convertible virtual currency so long as the conversion is solely for the miner’s own purposes and not as a business service performed for the benefit of another. In FIN-2014-R002, FinCEN states that a company that develops its own software to purchase virtual currency for its own account and to resell the virtual currency at the company’s own discretion and based on the company’s own investment decisions also is not an MSB under FinCEN’s prior guidance.
On January 30, HUD issued Mortgagee Letter 2014-03, announcing that FHA will now treat electronic signatures as equivalent to handwritten signatures for certain mortgage documents. The announcement sets forth FHA’s first authorization of electronic signatures on mortgage documents (other than certain third party documents – see Mortgagee Letter 2010-14) and applies to FHA Single Family Title I and II forward mortgages and Home Equity Conversion Mortgages. The announcement is consistent with other government agency initiatives to promote a more streamlined and efficient mortgage process for consumers, particularly through the use of technology such as electronic signatures. Earlier this month, for example, the CFPB issued a request for information containing a questionnaire focused on improving the home loan closing process. “By extending our acceptance of electronic signatures on the majority of single family documents, we are bringing our requirements into alignment with common industry practices,” said FHA Commissioner Carol Galante. “This extension will not only make it easier for lenders to work with FHA, it also allows for greater efficiency in the home-buying and loss mitigation process.”
The announcement indicates that, effective immediately, FHA will accept electronic signatures on (i) any documents associated with servicing or loss mitigation; (ii) any documents associated with the filing of a claim for FHA insurance benefits; (iii) the HUD Real Estate Owned Sales Contract and related addenda; and (iv) all documents included in the case binder for mortgage insurance except the Note. FHA will begin accepting electronic signatures on the Note for forward mortgages, but not Home Equity Conversion Mortgages, on December 31, 2014. FHA already allows electronic signatures on documents originated and signed outside of the lender’s control, such as the sales contract.
FHA requires lenders that accept electronic signatures to comply with the ESIGN Act (15 U.S.C. §§ 7001-7006). The ESIGN Act mandates that the signer be presented the document before the electronic signature is obtained, that the document is true and correct at the time it is signed, and that the signature is attached to, or logically associated with, the documents being electronically signed. Lenders must also take steps to confirm the identity of the signer as a party to the transaction and to establish that the signature may be attributed to the purported signer. Lenders must have systems in place to ensure that information generated to confirm the identity of signers is secure and that electronically signed documents cannot be altered without detection.
In addition to citing the requirements of ESIGN, FHA sets some more specific requirements for certain elements of the signing process. These include requirements for establishing attribution of the signature and authentication of the signer. FHA also sets requirements for maintaining audit logs, computer systems, controls and documentation, and making them available for FHA inspection.
* * *
Questions regarding the matters discussed in this alert may be directed to any of the lawyers in our Electronic Signatures and Records practice, or to any other BuckleySandler attorney with whom you have consulted in the past.
On January 17, the Russian Federation became the fourth party to the United Nations Convention on the Use of Electronic Communications in International Contracts, joining The Dominican Republic, Honduras, and Singapore. The Convention will take effect for Russia on August 1, 2014. It is intended to enhance legal certainty and commercial predictability where electronic communications are used in relation to international contracts, including by addressing, among other things, (i) the determination of a party’s location in an electronic environment; (ii) the time and place of dispatch and receipt of electronic communications; and (iii) the use of automated message systems for contract formation. The Convention builds on the fundamental legal principles and provisions contained in the UNCITRAL Model Law on Electronic Commerce by providing criteria for establishing functional equivalence between electronic communications and paper documents, as well as between electronic authentication methods and hand-written signatures. Fifteen other states have signed the Convention but have not yet ratified it.
On January 15, the FTC announced that a major mobile technology company agreed to resolve allegations that it violated Section 5 of the FTC Act by failing to inform account holders that entering their password on their mobile device would open a 15-minute window in which children could incur unlimited charges within certain mobile applications with no further action from the account holder (in-app purchases). The settlement is open to public comment through February 14, 2014. Once finalized, the proposed settlement will require the company to refund at least $32.5 million to consumers who allegedly were billed for accidental or unauthorized in-app purchases by minors. The company will manage the remuneration process, including by providing notice to consumers and providing refunds promptly upon consumer request. Any funds remaining after 12 months of the final agreement must be remitted to the FTC. The company also must alter its billing practices to ensure it obtains express, informed consent before charging accountholders for in-app purchases.
Recently, the California Court of Appeals, Second District, held that a plaintiff must have suffered a statutory injury to have standing to pursue a cause of action under the state’s “Shine the Light Act” (SLA). Boorstein v. CBS Interactive, Inc., No. B247472, 2013 WL 6680796 (Cal. Ct. App. Dec. 19, 2013). The SLA requires businesses that collect California residents’ personal data and then share that data for marketing purposes to disclose or allow consumers to opt out of that sharing. Specifically, all businesses must make consumers aware of their SLA rights by (i) maintaining a disclosure on their website and providing contact information for consumers to make a request about information shared with direct marketers; (ii) requiring customer service agents to provide the contact information upon request; or (iii) making the contact information available at every place of business in the state. In recent years, consumers filed a series of class actions, including the instant case, alleging that companies failed to properly disclose their contact information on their websites. The class plaintiffs did not, however, allege that they had sought SLA disclosures or would have done so had contact information been available. Consistent with federal district courts that have considered these claims, the state appeals court here determined that a failure to timely, accurately, or completely respond to a disclosure request is a discrete event upon which a court could calculate a civil penalty for each violation, whereas a failure to post information on a website is a continuing event that cannot readily be quantified. The court held that such a continuing violation, without more, is not an actionable violation. The court rejected the plaintiff’s claim that he suffered an “informational injury” because he did not receive information to which he was statutorily entitled, and upheld the trial court’s holding that the alleged failure was merely a procedural injury insufficient to establish standing.
On December 16, the U.S. Court of Appeals for the Ninth Circuit held that an online marketing company cannot compel arbitration in a suit brought by a putative class of consumers who claim they were improperly charged for a subscription service they never intended to purchase. Lee v. Intelius, Inc. No. 11-35810, 2013 WL 6570899 (9th Cir. Dec. 16, 2013). The named plaintiffs sued a company that performs background checks after noticing regularly monthly charges for a report they allegedly did not intend to purchase. The background check company added an online marketing firm as a third-party defendant, arguing it was that firm whose subscription service the consumers were allegedly misled into purchasing. The district court explained that the background check company provided the marketing company space on its website and used the now illegal “data pass” method of sharing credit card information to assist the marketing company in enrolling consumers in free trial subscription offers, which converted to a monthly billed subscription without cancellation. The district court held that the consumers entered into a contract for the subscription service, but denied the marketing company’s motion to compel arbitration. On appeal the Ninth Circuit disagreed, determining that the subscription service website to which consumers were directed after purchasing background reports was designed to deceive consumers. The appellate court reasoned that under Washington law, a contract requires mutual assent to its essential terms—including the names of the parties—in order to be binding, and in this case the web page through which the consumers allegedly purchased the subscription service did not sufficiently identify the marketing company as the contracting entity. The court expressed skepticism that the consumers assented to the contract by providing their email addresses and clicking a “yes” button, but given that Washington law is not settled on whether a website “click” can constitute an electronic signature, the court did not rest its conclusion on whether the consumers objectively manifested consent to the contract. Further, the court held that even on the assumption that consumers did enter a contract to purchase the subscription service by clicking on the “yes” button, they did not agree to arbitration because the arbitration terms were included in a separate hyperlink that consumers did not click.
Federal District Court Holds Evidence Of Online Notice Regarding Arbitration Policy Change Alone Insufficient To Support Arbitration Demand
On December 2, the U.S. District Court for the Northern District of California denied a bank’s motion to compel arbitration, in part because the bank failed to provide evidence that its customer received an online notice of a contract change that added the arbitration clause. Martin v. Wells Fargo Bank, N.A., No. 12-6030, slip op. (N.D. Cal. Dec. 2, 2013). In this case, a bank customer filed suit alleging the bank violated the Telephone Consumer Protection Act and the state’s Unfair Competition Law. The bank moved to compel arbitration, claiming that it properly amended the controlling customer agreement to include the arbitration clause at issue by providing written notice in a billing insert, and by providing the same notice online to customers who logged into their account. The court held that the bank failed to demonstrate the customer logged on to her online account and received the notice at issue. Similarly, the court explained that the bank’s supporting declaration only stated that the customer’s account was “targeted to receive” the written notice, but the bank did not state the customer actually was provided with the notice. The court also questioned whether the amendment adding the arbitration clause was fair, explaining that the original customer agreement allowed the bank to amend “charges, fees, or other information contained in the disclosure” and suggested that the original agreement’s terms did not indicate the addition of an arbitration agreement was an anticipated modification.
This week, two Senate Committees—Homeland Security and Governmental Affairs and Banking, Housing and Urban Affairs—held hearings to hear from regulators and other stakeholders about how virtual currencies fit within the existing regulatory framework, and to assess whether there is a need to alter that framework in response to potential risks presented by emerging virtual currency technologies. The hearings followed an inquiry initiated by Senate Homeland Security leaders over the summer. Senators who participated in the hearings did not indicate any desire to move quickly to establish new federal regulations to address potential risks presented by innovation in virtual currencies. Rather, the lawmakers generally expressed a desire not to inhibit continued innovation, while supporting market participants who want to play by the rules and protecting the market from those who do not. In both hearings, FinCEN Director Jennifer Shasky Calvery described her agency’s ability to address the BSA/AML and terrorism financing risks presented by virtual currencies by employing FinCEN’s existing statutory authority and regulatory tools. Similarly, during the Senate Banking hearing, the Conference of State Bank Supervisors expressed confidence in the ability of state regulators to address consumer protection and other risks posed by virtual currencies through the existing state regulatory framework and processes. Still, committee members raised broader questions about the how to define or categorize virtual currencies (e.g. as a currency versus as a security) and the impact of such a classification on a range of other issues including monetary policy and tax administration. The breadth of the issues, which may need to be addressed by a range of government actors, formed the basis of Senate Homeland Security Committee Chairman Tom Carper’s (D-DE) call for a “whole government” approach to virtual currency.
On November 5, the Court of Appeal of Louisiana, Fourth Circuit, affirmed a trial court’s holding that it lacked personal jurisdiction over a dispute that involved only one sale of goods over the Internet to a Louisiana-based customer. BioClin BV v. MultiGyn USA, LLC, No. 2012-CA-0962, 2013 WL 5935233 (La. Ct. App. Nov. 5, 2013). A Dutch company appealed a trial court’s decision to dismiss for lack of personal jurisdiction the company’s suit against a Florida based web-retailer for infringement. On appeal, the court affirmed, holding that the company failed to establish that the defendant’s one-time sale of goods into Louisiana over the Internet subjected the defendant to that state’s courts, and that “extenuating personal jurisdiction would not comport with the notions of fair play and substantial justice.” Relying on the sliding scale established in Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119, to assess whether a website has minimum contacts with a forum state sufficient to invoke personal jurisdiction, the appeals court explained that the “mere creation of a website, does not constitute purposeful availment of the forum benefits,” nor does a one-time sale of goods through that website into the state.
Look Before You Invest: Bitcoins, Virtual Currencies, Emerging Payment Products, and Regulatory Compliance
Margo H.K. Tank, Michael Zeldin, and Ian C.B. Spear, attorneys with BuckleySandler LLP in Washington DC, advise financial institutions on electronic financial services, mobile payments, prepaid access and virtual payment methods, in the areas of anti-money laundering, privacy, trade sanctions, and regulatory compliance.
Emerging payment products, such as Bitcoin, present tantalizing investment opportunities. The claim that these products are “unregulatable,” or “free of the power of the state” increases the temptation to participate, because if true, regulatory uncertainty associated with traditional financial industries would be eliminated. Notwithstanding these claims, virtual currency laws and regulations seem primed to explode. Acknowledging that “virtual currency systems offer ‘legitimate’ financial services,” the Department of Justice, for example, has investigated and prosecuted illegal activities involving virtual currencies. As a result, risk-related issues like money laundering, terrorist financing, and economic and trade sanctions remain critical to evaluating investments in emerging payment products. To understand why, consider how the emerging payments industry is regulated now and what additional regulation might emerge.
Recently, the Court of Civil Appeals of Alabama upheld an agreement executed electronically, overturning a trial court’s order invalidating a divorce agreement on the grounds that the agreement filed with the court was executed electronically. Ex parte Mealing, No. 2120973, 2013 WL 5776053 (Ala. Civ. App. Oct. 25, 2013). In this case, a husband asked the trial court to vacate a divorce agreement he had willingly entered without legal representation, claiming that his wife’s attorney orchestrated an agreement more favorable to the wife. The trial court decided that the divorce agreement was invalid because it was signed electronically. The appellate court disagreed and held that the trial court erred in relying on an alternative basis—one not even presented by the husband—in an attempt to create for itself an opportunity to render equitable judgment of the matter. The court explained that relevant court rules allow for electronic signatures, and that there was no contention from the husband that the electronic signatures were shams or false. The appellate court directed the trial court to set aside its order and reinstate the electronically signed divorce agreement.
On October 21, the U.S. District Court for the Eastern District of California held that email addresses are personal identification information (PII) under California’s Song-Beverly Credit Card Act. Capp v. Nordstrom, Inc., No. 13-660-MCE-AC, 2013 WL 5739102 (E.D. Cal. Oct. 21, 2013). In this case, a customer sued a retailer on behalf of a putative class after the retailer sought the customer’s email address in connection with a credit card transaction to provide the customer with an electronic receipt. The customer alleged that the retailer subsequently used the email address to send unsolicited marketing materials. Following the California Supreme Court’s ruling in Pineda v. Williams Sonoma, in which the court held that a ZIP code is part of a person’s address and constitutes PII, the court here predicted that the state supreme court also would hold that an email address constitutes PII. Citing the statute’s broad terms and its overarching objective to protect the personal privacy of consumers who make purchases with credit cards, the district court held that the alleged conduct directly implicated the purposes of the statute. The district court also rejected the retailer’s argument that, if email addresses constitute PII, then the customer’s claim would be preempted by the CAN-SPAM Act, which regulates unsolicited commercial electronic mail, i.e. “spam.” The court held that the Song-Beverly Act claims were not subject to the CAN-SPAM Act’s express preemption clause because the Song-Beverly Act applies only to email addresses and does not regulate the content or transmission of email messages.
Recently, the New York Appellate Division, Second Department, held that out-of-state defendants in a medical malpractice case were not subject to the New York court’s personal jurisdiction based on an Internet advertisement viewed in New York and a subsequent series of email and phone contacts between the New York resident patient and the out of state defendants. Paterno v. Laser Spine Inst., No 2011-4654, 2013 WL 5629871 (N.Y. App. Div. Oct. 16, 2013). In this case, the New York trial court had dismissed a medical malpractice suit filed in New York against a Florida-based medical provider over services rendered in Florida, holding that the medical service provider did not transact business in New York. On appeal the Appellate Division agreed, holding that although a defendant need not be physically present in the state to “transact any business” there in satisfaction of New York’s statutory requirements for personal jurisdiction, the totality of the circumstances presented did not provide a basis for exercising long-arm jurisdiction over the medical service provider. The appellate court rejected the patient’s argument that the provider had actively solicited business in New York through an online advertisement, holding that the provider’s website was passive in nature and that there was no indication it facilitated the purchase of any goods or services. The appellate court also concluded that a series of email and phone contacts between the patient and the provider did not constitute “business activity” and were not sufficiently “purposeful” for jurisdictional purposes.
On October 16, new rules took effect that require businesses to obtain express written consent before making certain telemarketing calls to customers. The rules arise from a February 2012 Report and Order issued pursuant to the Telephone Consumer Protection Act (TCPA), in which the Federal Communications Commission (FCC): (i) required that businesses obtain prior express written consent for all autodialed or prerecorded telemarketing calls to wireless numbers and residential lines, (ii) allowed consumers to opt out of future robocalls during a robocall, and (ii) limited permissible abandoned calls on a per-calling campaign basis. While the consumer opt-out and abandoned calls limitations are already in effect, compliance with the express written consent requirement was not mandated until now. The rules require that the written consent be signed and be sufficient to show that the customer: (i) receives “clear and conspicuous disclosure” of the consequences of providing the requested consent and (ii) having received this information, agrees unambiguously to receive such calls at a telephone number the consumer designates. In addition, the rules require the written agreement to be obtained “without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service.” The FCC rule allows electronic or digital forms of signatures obtained in compliance with the E-SIGN Act—e.g. agreements obtained via a compliant email, website form, text message, telephone keypress or voice recording—to satisfy the written requirement. The FCC also removed an exemption that allowed businesses to demonstrate consent based on an “established business relationship” between the caller and customer.