On December 2, the U.S. Court of Appeals for the Fifth Circuit held that a set of parens patriae suits filed by the Mississippi Attorney General (AG) against credit card issuers is not subject to federal jurisdiction under the Class Action Fairness Act (CAFA) or National Bank Act (NBA) preemption. Hood v. JP Morgan Chase & Co., No. 13-60686, 2013 WL 6230960 (5th Cir. Dec. 2, 2013). The consolidated appeal involves cases originally filed by the AG in state court against six credit card issuers for allegedly violating the Mississippi Consumer Protection Act in connection with the marketing, sale, and administering of certain ancillary products, including payment protection plans. After the card issuers removed the cases, a federal district court denied the state’s motion to remand, holding that it had subject matter jurisdiction because: (i) the cases were CAFA mass actions; (ii) the NBA (and the Depository Institutions Deregulation and Monetary Control Act for one state-chartered bank defendant) preempted some of the state law claims; and (iii) it had supplemental jurisdiction over the remaining state law claims. The Sixth Circuit disagreed and held that the card issuers failed to prove that any card holder met CAFA’s individual amount in controversy requirement, rejecting the issuers’ argument that the state is the real party in interest and its claims for restitution and civil penalties exceed the threshold. The court also rejected the issuers’ argument—and the district court’s holding—that the payment protection plans were part of the loan agreement and the fees associated with the plans constitute “interest,” such that the state’s challenge to the plans was an implicit usury claim preempted by the NBA. Instead, the court held that while the plans could conceivably fit within the definition of “interest,” there is no clear rule on this subject that demands removal. Moreover, the court held that even if the payment protection plan fees are “interest,” the claims still would not be preempted because the state does not allege that the issuers charged too much interest, but rather challenges the alleged practice of improperly enrolling customers in the plans. The court reversed the district court and remanded for further proceedings consistent with its opinion.
On December 10, the CFPB released a consent order with a federal savings association, pursuant to which the bank will refund approximately $34 million to more than one million credit card holders who were enrolled in deferred-interest financing for healthcare services. The order does not include a civil penalty. The deferred-interest action is the first public action taken by the CFPB since it promised to scrutinize such products in its October credit card report.
The product at issue typically is offered by healthcare providers who offer personal lines of credit for healthcare services, including medical, dental, cosmetic, vision, and veterinary care. The CFPB alleges that the bank failed to sufficiently train healthcare providers to deliver material information about deferred-interest promotional periods associated with the credit cards, which led to consumers being misled during the enrollment process. The CFPB further claimed that healthcare providers improperly completed applications and submitted them on behalf of consumers, failed to provide consumers with copies of the credit card agreement, and, where disclosures were provided, those disclosures failed to adequately explain the deferred-interest promotion.
In addition to consumer redress, the order mandates certain terms of the bank’s contracts with medical providers offering the healthcare credit card. For example, the bank must incorporate specific “transparency principles” into its agreements with healthcare providers, and the contracts must prohibit certain charges. The bank also must enhance disclosures provided with the card application and billing statements, and improve training for healthcare providers offering the card. In addition, the order details consumer complaint resolution requirements, and prohibits certain incentive arrangements and paid endorsements. To date, the CFPB has not released the attachments to the consent order, which include, among other things, the transparency principles and disclosures.
The New York Attorney General entered into a similar agreement with the bank earlier this year. Under that agreement, the bank was likewise required to add a set of transparency principles to provider contracts to ensure that card terms were described accurately and to revise promotional interest rate options and other disclosures to better inform consumers’ use of the card.
On November 27, the Federal Reserve Board requested comments on proposed changes to its procedures for posting debit and credit entries to institutions’ Federal Reserve accounts for ACH debit and commercial check transactions. In a policy statement, the Board seeks comments on a proposal to change the posting time of ACH debit transactions processed by the Federal Reserve Banks’ FedACH service overnight to 8:30 a.m. ET from 11:00 a.m. ET to align with the posting of ACH credit transactions. For commercial check transactions, the Board seeks to move the posting time for receiving most credits for deposits and debits for presentments to 8:30 a.m. ET, and to set two other posting times at 1:00 p.m. ET and 5:30 p.m. ET. The Board is also proposing to establish a set of principles that would be applied to any new posting rules for the Reserve Banks’ same-day ACH service. In a related proposed rule, the Board offered for comment companion amendments to Regulation J to permit Reserve Banks to obtain settlement from paying banks by as early as 8:30 a.m. ET for checks that the Reserve Banks present, and to permit the Reserve Banks to require paying banks that receive presentment of checks from the Reserve Banks to make the proceeds of settlement for those checks available to the Reserve Banks as soon as 30 minutes after receiving the checks. Comments on both the policy statement and the proposed rule are due 60 days after the documents are published in the Federal Register.
On November 21, CFPB Director Richard Cordray delivered remarks at The Clearing House Annual Conference, including a review of the CFPB’s efforts to resolve concerns raised by the mortgage market through adoption of new mortgage rules and the objective of evenhanded oversight that is not dependent on charter choice or regulator. Mr. Cordray placed particular emphasis on the CFPB’s ability and efforts to “level the playing field” through its nonbank supervision program.
Notably, Director Cordray raised questions about recent efforts by other regulators and law enforcement authorities to investigate and take action against nonbank entities, like online payday lenders, by focusing on how these nonbanks get paid through bank payment systems. Cordray cautioned that, “[t]he focus of these . . . actions may create burdens that fall disproportionately on individual banks that are participants in the payment systems” and that the referenced approach “may not be the most efficient or effective approach.” Rather, Director Cordray suggested that further attention should be given to “how [payment] systems are designed and how they function for all of the institutions that participate in them.” The Director also expressed interest in working with the Clearing House to improve the CFPB’s understanding of using enhanced computer analytics and communications to identify patterns in payment systems, which he stated would better enable the CFPB to “identify and enforce the law against illegitimate firms that are otherwise able to reduce their own costs by hitching a free ride on the payments system,” as well as to consider necessary changes in law or practice.
This week, two Senate Committees—Homeland Security and Governmental Affairs and Banking, Housing and Urban Affairs—held hearings to hear from regulators and other stakeholders about how virtual currencies fit within the existing regulatory framework, and to assess whether there is a need to alter that framework in response to potential risks presented by emerging virtual currency technologies. The hearings followed an inquiry initiated by Senate Homeland Security leaders over the summer. Senators who participated in the hearings did not indicate any desire to move quickly to establish new federal regulations to address potential risks presented by innovation in virtual currencies. Rather, the lawmakers generally expressed a desire not to inhibit continued innovation, while supporting market participants who want to play by the rules and protecting the market from those who do not. In both hearings, FinCEN Director Jennifer Shasky Calvery described her agency’s ability to address the BSA/AML and terrorism financing risks presented by virtual currencies by employing FinCEN’s existing statutory authority and regulatory tools. Similarly, during the Senate Banking hearing, the Conference of State Bank Supervisors expressed confidence in the ability of state regulators to address consumer protection and other risks posed by virtual currencies through the existing state regulatory framework and processes. Still, committee members raised broader questions about the how to define or categorize virtual currencies (e.g. as a currency versus as a security) and the impact of such a classification on a range of other issues including monetary policy and tax administration. The breadth of the issues, which may need to be addressed by a range of government actors, formed the basis of Senate Homeland Security Committee Chairman Tom Carper’s (D-DE) call for a “whole government” approach to virtual currency.
On November 15, Bloomberg reported that the CFPB is examining credit card issuers’ rewards programs. The article quotes CFPB Director Cordray stating that rewards programs can involve “detailed and confusing rules” and that the CFPB “will be reviewing whether rewards disclosures are being made in a clear and transparent manner.” The CFPB’s recent Credit CARD Act report identified rewards product disclosures as one of many card practices that “pose risks to consumers and may warrant further scrutiny by the Bureau.”
Bloomberg reported that the examinations cover the marketing of rewards programs, “particularly the marquee promise of a given card, such as cash back, or redeemable airline miles, and what a customer needs to do to get it.” The article notes that there is no apparent sudden rise in consumer complaints about rewards, but the CFPB has targeted the programs because they are, according to the source, the primary reason consumers choose a particular card.
While the CFPB reportedly is not examining the disclosures on the basis that they could present UDAAP risk, the article states that the scope of the targeted examinations includes (i) the time it takes for card holders to redeem their rewards, (ii) the potentially obscure nature of the conditions on redeeming rewards, (iii) programs that require increasing amounts of spending over time to redeem an award, and (iv) forfeiture and reinstatement of rewards.
On November 14, New York State Department of Financial Services (DFS) Superintendent Benjamin Lawsky issued a notice that the DFS intends to hold a public hearing on virtual currency regulation in New York City “in the coming months.” The hearing will focus on the interconnection between money transmission regulations and virtual currencies. Additionally, the hearing is expected to consider the need for and feasibility of a licensing regime specific to virtual currency transactions and activities (i.e. a “BitLicense”), which would include anti-money laundering and consumer protection requirements for licensed entities. The notice makes clear that no decisions on licensing or other regulation of virtual currencies has been made. Rather the hearing and license notice is part of the agency’s broader inquiry launched in August into the need for a regulatory framework specific to virtual currencies. With regard to potential licensing, the DFS would like stakeholders to consider: (i) what, if any, specific types of virtual currency transactions and activities should require a BitLicense; (ii) whether entities that are issued a BitLicense should be required to follow specifically tailored anti-money laundering or consumer protection guidelines; and (iii) whether entities that are issued a BitLicense should be required to follow specifically tailored regulatory examination requirements.
On November 13, New York Governor Andrew Cuomo signed AB 3601, a bill intended to protect payment card holders from liability for unauthorized use of unsolicited convenience checks. Effective immediately, cardholders are held harmless for unauthorized use of unsolicited convenience checks associated with their account. The New York Bankers Association opposed the bill because its title and the accompanying sponsor’s memo misstate the purpose of the bill as being an outright ban on the unsolicited mailing of convenience checks to consumers when, in fact, the bill does not ban the practice.
On November 12, NACHA, which manages the development, administration, and governance of the ACH network, released two proposed rules that it describes as complementary approaches to improving ACH Network quality by reducing the incidence of exceptions. The first proposal would improve NACHA’s ability to identify and enforce rules against “outlier” originators by: (i) reducing the existing return rate threshold for unauthorized debits from 1% to 0.5%; (ii) establishing a 3% return rate threshold for account data quality returns, and an overall debit return rate threshold of 15%; (iii) clarifying permissible and impermissible practices for the collection of ACH debits returned for insufficient funds and other reasons; and (iv) explicitly applying certain risk management rules to third-party senders. In addition, the proposed rule would expand NACHA’s authority to initiate enforcement proceedings for a potential violation of the NACHA Rules related to unauthorized transactions. The second proposal would establish economic incentives for originating institutions and their originators to improve origination quality, and provide partial cost-recovery to receiving institutions for handling exceptions. Specifically, the rule would apply fees when: (i) the proposed economic incentives are fees that would be applied to instances when a receiving institution; (ii) returns an ACH transaction due to incorrect account data within the transaction; (iii) corrects information within an ACH transaction and sends the correction back; or (iv) returns an ACH transaction due to a problem with the receiver’s authorization. NACHA is accepting comments on the proposals until Monday, January 13, 2014.
On November 7, the PCI Security Standards Council (PCI SSC), an organization that develops standard for payment card security, released updated data security standards. One standard applies to entities involved in payment card processing—merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. The other standard applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. PCI SSC updates the standards every three years. This most recent update includes, among other things, requirements that payment card processors: (i) evaluate evolving malware threats for any systems not considered to be commonly affected; (ii) control physical access to sensitive areas for onsite personnel, including a process to authorize access, and revoke access immediately upon termination; (iii) protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution; (iv) implement a methodology for penetration testing; (v) implement a process to respond to any alerts generated by the change-detection mechanism; and (vi) maintain information about which security requirements are managed by each service provider, and which are managed by the entity.
On November 4, the U.S. District Court for the Southern District of New York held that credit card holders may pursue statutory damages for alleged violations of Regulation Z’s short-form credit card notice requirement, even though the short-form notice requirement is contained in a section of Regulation Z that is not enumerated under TILA’s statutory damages section. Zevon v. Dept. Stores Nat’l Bank, No. 12-7799, 2013 WL 5903024, (S.D.N.Y. Nov. 4, 2013). A credit card holder filed a putative class action alleging that the monthly short-form notice provided by the issuer was incomplete and omitted provisions required by Regulation Z’s model form provision. The court rejected the card issuer’s argument that because TILA only provides card holders with a cause of action for statutory damages for specifically enumerated statutory provisions, and because the short-form notice provision is not enumerated in the statute but is set only by Regulation Z, the card holder is not entitled to statutory damages. The court explained that following the card holder’s reasoning would immunize card issuers from statutory damages for even the most egregious short-from notice violations. Instead, the court held that because the allegedly violated Regulation Z provision was promulgated pursuant to an enumerated statutory provision—TILA’s long-form notice requirement—card holders are permitted to bring claims for statutory damages for short-form violations. The court rejected the card issuer’s motion to dismiss for these reasons, but granted its motion to limit statutory damages to $500,000, holding that the Dodd-Frank Act’s increase to a $1 million cap cannot be applied retroactively to violations that allegedly occurred prior to the Act’s passage.
On October 18, the United States District Court for the Southern District of New York dismissed a putative TILA class action alleging that a bank made improper interest rate disclosures on credit card bills and assessed incorrect late fees and interest. Schwartz v. HSBC Bank USA, N.A., No. 13-cv-00769, 2013 WL 5677059 (S.D.N.Y. Oct. 18, 2013). The card holder asserted that despite his timely payments the bank assessed him late fees and incorrectly disclosed the annual interest rate and balances on his monthly statements. The court first rejected the card holder’s disclosure claim, characterizing the alleged violations as “hypertechnical” disclosure defects that did not provide a basis for plaintiff to recover. The court held that, while the applicable TILA rule mandates the disclosure of the applicable rate, the balance to which the rate applied, and the nominal APR, the card holder did not properly allege how his statements lacked or misstated any of these required disclosures. The court also held that dismissal was warranted because the bank had refunded the alleged improper late fees before plaintiff commenced the lawsuit, and therefore plaintiff sustained no actual damages.
On October 1, three payment network providers proposed that industry stakeholders collaborate on a token-based global security standard for online and mobile commerce. To meet growing consumer demand for secure digital transactions, the providers propose replacing traditional account numbers with a digital payment “token” for online and mobile transactions. They argue that tokens provide an additional layer of security and eliminate the need for merchants, digital wallet operators or others to store account numbers. The proposed standard used to generate tokens would be based on existing industry standards and would be available to all payment networks and other payment participants. The providers identify the following as key elements of the proposed standard: (i) new data fields to provide richer information about the transaction, which can help improve fraud detection and expedite the approval process, (ii) consistent methods to identify and verify a consumer before replacing the traditional card account number with a token, and (iii) a common standard designed to simplify the process for merchants for contactless, online or other transactions. The proposed standard incorporates comments from card issuers and merchants, and the participants intend to seek further collaboration from standard-setting bodies and other stakeholders.
On October 2, the CFPB released its first review of the consumer credit card market. The Credit Card Accountability Responsibility and Disclosure Act of 2009 (the CARD Act) requires the CFPB to prepare a report every two years to examine developments in the consumer credit card marketplace, including (i) the terms of credit card agreements and the practices of issuers, (ii) the effectiveness of disclosures, and (iii) the adequacy of UDAP protections. The CFPB also must review the impact of the CARD Act on (i) the cost and availability of credit, (ii) the safety and soundness of issuers, (iii) the use of risk-based pricing, and (iv) product innovation. In connection with this initial report, the CFPB hosted a credit card field hearing in Chicago, IL, at which Director Cordray reviewed the report’s findings and industry representatives and consumer advocates discussed the current state of the credit card market.
In its review of the post-CARD Act market, the CFPB found that the CARD Act largely accomplished its intended goals. The CFPB reports that: (i) the total cost of credit declined by two percentage points between 2008 and 2012; (ii) overlimit fees and repricing actions have been effectively eliminated; (iii) the size of late fees has decreased; (iv) there is sufficient available credit, notwithstanding the impacts of the financial crisis, but less than in 2007; and (iv) the CARD Act’s ability-to-repay provisions have protected young consumers.
However, the CFPB identifies numerous concerns it has about the credit card market, including “practices that may pose risks to consumers and may warrant further scrutiny by the Bureau.” Those concerns include:
- Add-on products: The CFPB remains concerned about the ways these products are marketed and will continue to pursue allegedly deceptive practices. All of the CFPB’s major enforcement actions to date have involved add-on products, most of which related to credit cards.
- “Fee harvester” cards: The CFPB recognizes that some upfront fees that exceed 25% of the initial credit limit have been held not to be covered by the CARD Act because a portion of the fees are paid prior to account opening. Still, the CFPB plans to monitor the use of application fees in connection with account openings to determine if it should take action under its available authorities.
- Deferred interest products: The CFPB intends to study the risks and benefits of private label cards that finance purchases without interest for a period of time but then assess interest retroactively if the balance is not paid in full by a given date.
- Online disclosures: The CFPB intends to assess the methods by which card issuers provide consumers with disclosures when they access their accounts online.
- Rewards products disclosures: The CFPB will review whether disclosures for “highly complex” rewards products are being made in a clear and transparent manner and whether “additional action” is warranted.
- Grace period disclosures: The CFPB believes it may need to take action to ensure that disclosures sufficiently inform consumers that once they carry a credit card balance into a new billing cycle, they no longer enjoy the grace period on new purchases.
Congressional Democrats Seek Information on Student Debit Cards; CFPB Plans “Banking on Campus” Event
On September 26, several Democratic Members of Congress, including Assistant Senate Majority Leader Dick Durbin (D-IL), House Financial Services Ranking Member Maxine Waters (D-CA), House Education Committee Ranking Member George Miller (D-CA), and Senate Banking Committee members Sherrod Brown (D-OH) and Elizabeth Warren (D-MA), sent letters to the CEOs of numerous financial institutions asking that the institutions explain their student debit card deals with colleges and universities. The letters ask each financial institution for: (i) a list of colleges/universities where the institution has an agreement to enroll students in any deposit account or prepaid debit account and where the marketing, materials or financial instruments used to access such accounts are co-branded with a college or university logo, symbol, mascot or name; (ii) the number of accounts opened through agreements at each institution of higher education listed from the previous question, and the total fees collected from such accounts over the last three academic years; (iii) the total value of monetary and non-monetary remuneration provided to such institutions of higher education for the marketing of these products over each of the last three academic years; and (iv) whether any of the institution’s employees or agents have ever provided any monetary or non-monetary gift to an employee or agent of an institution of higher education, including meals, entertainment, gift cards, or compensation for an advisory committee above a $10 value as part of the institution’s marketing strategy over the past three academic years.
Earlier this year the CFPB initiated a review of campus affinity relationships, and on Monday, September 30, the CFPB is hosting an event regarding financial products offered at colleges.