On March 19, the U.S. Court of Appeals for the Seventh Circuit held that a retailer’s credit card upgrade program that replaced existing customers’ limited use store charge cards with unsolicited general use credit cards did not violate TILA, and affirmed the district court’s dismissal of a putative class action. Acosta v. Target Corp., No. 13-2706, 2014 WL 1045202 (7th Cir. Mar. 19, 2014). Under the upgrade program, the retailer automatically issued new general purpose cards to existing store card customers and closed the old account upon either the activation of the new account or rejection by the consumer of the new card. The class representatives claimed that the program constituted an offer to change the underlying account relationship and violated TILA’s prohibition on the mailing of unsolicited credit cards. The court held that the program fell within TILA’s exemption for substitute cards based on the common understanding of “substitution” and the Federal Reserve Board staff’s Regulation Z commentary. The court also rejected the cardholders’ argument that they were fraudulently induced to accept the new card. The court determined that the retailer disclosed the reasons for a change in the APR and did not raise the rate unless payments were missed, and sufficiently disclosed the potential for a change in credit limit. The court also held that the retailer’s omission of the fact that cardholders could take steps to retain their store card account was not fraudulent, and added that to hold otherwise would require the retailer “to disclose any condition that could theoretically be negotiated with the card issuer.” The court also affirmed the dismissal of the cardholders’ breach of contract and tortious interference claims.
On April 3, Martin Wheatley, Chief Executive of the UK Financial Conduct Authority (FCA), which took over responsibility for overseeing consumer credit markets in the UK on April 1, 2014, identified the FCA’s most “immediate priority” as ensuring “providers of credit, as well as satellite services like credit broking, debt management and debt advice, have sustainable and well-controlled business models, supported by a culture that is based on ‘doing the right thing’ for customers.” He explained that the FCA wants to expand financial service providers’ focus on compliance with specific rules to include “wider FCA expectations of good conduct.” Referencing a paper the FCA published on April 1, the day it began overseeing consumer credit markets, Mr. Wheatley stated that consumer credit providers need to consider how they engage with consumers in vulnerable circumstances. On this issue, the FCA also announced a “competition review” of the UK credit card market to determine, among other things, “how the industry worked with those people who were in difficult financial situations already.”
On March 7, Visa and Mastercard announced the formation of a cross-industry payment security working group, which the payment system providers state will be focused on “enhancing payment system security to keep pace with the expectations of consumers, retailers and financial institutions.” The group’s initial focus will be on supporting the adoption of EMV chip technology in the United States. In addition, the group will promote tokenization and point-to-point encryption, and will develop “an actionable roadmap for securing the future across all segments of the payments industry.” The group will include representatives from banks of all sizes, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups.
On March 3, South Dakota enacted HB 1131, which amends state banking laws to make clear that banks can offer revolving lines of credit not tied to the issuance of a credit card.
This week, several congressional committees held hearings to review recent data security breaches and related consumer privacy issues, particularly those related to consumer financial data and payment systems. Generally, the hearings covered (i) potential enhancements to federal enforcement capabilities, (ii) card and payment system technologies and potential data security standards, and (iii) consumer protection enhancements. The hearings included two by the Senate Banking Committee—the first by a Subcommittee and a second held by the full Committee—as well as hearings held by the Senate Judiciary Committee and a Subcommittee of the House Energy and Commerce Committee. With regard to federal enforcement capabilities, the FTC reiterated its support for federal legislation that establishes a national breach notification requirement and a federal data security standard the FTC can enforce with civil penalties. The FTC also would like (i) its jurisdiction for data security enforcement to include nonprofit organizations, and (ii) APA rulemaking authority to address evolving risks. In support of the FTC’s request for additional authority, several members highlighted their view of the FTC’s limited ability to enforce data security under section 5 of the FTC Act. In particular, Senator Elizabeth Warren (D-MA) asserted that the FTC Act’s demanding standard and lack of strict liability unnecessarily limits the FTC’s authority to protect the public in data security matters. The FTC believes federal legislation should not preempt stronger state laws, and that state attorneys general should have concurrent enforcement authority. Significant debate centered on the possible benefits of implementing “Chip and PIN” technology in payment cards, with several legislators questioning why such technology is in widespread use in other major economies but has not yet been deployed in the U.S. Witnesses representing retailers repeatedly called on banks and payment network companies to move immediately to that technology, claiming that the outdated cards still being issued in the U.S. create unnecessary security risk. Banks outlined their plans to move to chip-based cards by October 2015 and stressed the role retailers must play in helping secure consumer data. As a corollary to technological solutions, committee members debated the role of government in setting data security standards, including for payments. Several members of Congress were critical of non-governmental standards bodies and called for a technologically neutral federal standard. Finally, Senator Mark Warner (D-VA) expressed an interest in amending federal law to extend zero-liability protections currently applicable to credit card transactions to debit card transactions.
On January 21, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s dismissal of a constitutional challenge to certain credit card fees. In re Late Fee and Over-Limit Fee Litig., No. 08-15218, 2014 WL 211729 (9th Cir. Jan. 21, 2014). A group of credit card holders filed a class action suit claiming that credit card overlimit fees and late fees are analogous to punitive damages imposed in the tort context, and therefore such fees are subject to substantive due process limits. The card holders asserted that because banks are compensated through high penalty interest rates for the lost time value and collection costs associated with any breach of the credit contract, the other charges are duplicative and therefore punitive. The court explained that its decision hinged on the similarities and differences between liquidated damages and punitive damages, and determined that the penalty clauses at issue originate from the parties’ private credit card contracts, and are distinct from the jury-determined punitive damages awards. The court held, therefore, that the “jurisprudence developed to limit punitive damages in the tort context does not apply to contractual penalties, such as the credit card fees at issue in this case.”
On December 23, the CFPB announced a coordinated enforcement action taken by federal regulators against a major credit card company and certain subsidiaries alleged to have violated multiple consumer protection laws with respect to credit card add-on products. The action, which is the fourth action taken by the CFPB relating to credit card add-on products, and the fifth add-on product action overall, extends the CFPB’s intense supervisory and enforcement focus on ancillary products and oversight of third-party service providers.
In coordination with the FDIC and the OCC, the CFPB ordered the companies to refund an estimated $59.5 million to more than 335,000 customers for certain credit card practices, including allegedly unfair billing tactics and deceptive marketing. The company must also pay an additional $9.6 million in civil penalties, submit to an independent review of other credit card add-on products, and continue to implement enhanced third-party oversight.
The consent orders allege that the company misled consumers about the benefits, fees, length of coverage, and terms and conditions of certain payment protection products, and that the company billed consumers for services they did not receive, unfairly charged consumers for interest and fees, and failed to comply with federal requirements to inform consumers about their right to a free credit report.
The coordinated action follows another taken by federal regulators last year, in which the same companies were ordered to refund approximately $85 million in connection with alleged UDAAP violations related to the offering of a rewards card and certain debt collection practices.
On December 16, the CFPB published a final rule to review and adjust provisions of Regulation Z that implement amendments to TILA under the CARD Act and HOEPA. Specifically, the CFPB is required to adjust, as appropriate based on the annual percentage change reflected in the Consumer Price Index in effect on June 1, 2013, (i) the threshold amount that triggers requirements for the disclosure of minimum interest charges and (ii) the maximum penalty fee card issuers can impose for violating account terms without violating the restrictions on penalty fees established by the CARD Act. For 2014, the minimum interest charge disclosure threshold will remain unchanged, while the permissible penalty fees will increase to $26 for a first late payment and $37 for each subsequent violation within the following six months. Similarly, the CFPB is required to adjust the combined points and fees threshold that triggers compliance with HOEPA. Effective January 1, 2014, that threshold will be $632.
On December 17, the CFPB released its annual report to Congress on college credit card agreements, prepared pursuant to the CARD Act. The report follows an inquiry launched earlier this year into financial products marketed to students. The study revealed that since 2009, the number of college card agreements in effect has decreased by 41 percent, the compensation paid to colleges and universities has decreased by 40 percent, and the number of new accounts opened by students has decreased by 18 percent.
The Bureau’s press release urges financial institutions to voluntarily disclose to the public any agreements with colleges and universities to market debt, prepaid, and other products to students and warns that “[t]he CFPB prioritizes its supervisory examinations based on the risks posed to consumers” and “[failing to make] college financial product arrangements transparent to students and their families . . . increase[s] such risks.”
On December 12, the CFPB published the preliminary results of its ongoing study of arbitration agreements in consumer finance contracts. Section 1028(a) of the Dodd-Frank Act directs the CFPB to study the use of pre-dispute arbitration contract provisions, and preconditions the CFPB’s exercise of rulemaking authority regarding arbitration agreements on a finding that the regulation is “in the public interest and for the protection of consumers.” The CFPB commenced its arbitration study in early 2012, and expanded its review this year with a proposal to survey credit card holders, and by exercising its authority under Dodd-Frank Act Section 1022 to order some companies to provide template consumer credit agreements, as Director Cordray indicated during a September House Financial Services hearing.
The CFPB reports the following preliminary results, among others:
- Larger banks are more likely to include arbitration clauses in their credit card contracts and checking account contracts than smaller banks and credit unions.
- Just over 50% of credit card loans outstanding are subject to arbitration clauses, while 8% of banks, covering 44% of insured deposits, include arbitration clauses in their checking account contracts.
- Arbitration clauses are prevalent across the general purpose reloadable (GPR) prepaid card market, with arbitration clauses appearing in the cardholder contracts for 81% of GPR prepaid cards studied by the CFPB.
- Class action waivers are ubiquitous, appearing in approximately 90% of arbitration provisions.
- A minuscule number of consumers exercise contract carve-outs permitting disputes to be pursued in small claims courts, while credit card issuers are “significantly more likely” to sue consumers in small claims court.
The CFPB did not consider specific policy options at this stage. However, the report outlines numerous additional steps the CFPB plans to take as part of its arbitration study, which may expand to include other financial product markets. For example, in response to stakeholder comments, the CFPB is revising a prior proposal to conduct a survey of consumers that addresses consumer awareness of arbitration clauses and consumer perceptions of and expectations about formal dispute resolution. The CFPB also intends to assess the possible impact of arbitration clauses on the price of consumer financial products. Finally, the CFPB is examining the interrelationship between public enforcement and private aggregate enforcement (i.e., class actions) by conducting an empirical analysis of the types of cases brought by public and private actors, and the relationship between any actions against the same defendants or challenging similar conduct. The report does not provide anticipated timelines for these or any of the other future steps the Bureau describes.
On December 10, the CFPB released a consent order with a federal savings association, pursuant to which the bank will refund approximately $34 million to more than one million credit card holders who were enrolled in deferred-interest financing for healthcare services. The order does not include a civil penalty. The deferred-interest action is the first public action taken by the CFPB since it promised to scrutinize such products in its October credit card report.
The product at issue typically is offered by healthcare providers who offer personal lines of credit for healthcare services, including medical, dental, cosmetic, vision, and veterinary care. The CFPB alleges that the bank failed to sufficiently train healthcare providers to deliver material information about deferred-interest promotional periods associated with the credit cards, which led to consumers being misled during the enrollment process. The CFPB further claimed that healthcare providers improperly completed applications and submitted them on behalf of consumers, failed to provide consumers with copies of the credit card agreement, and, where disclosures were provided, those disclosures failed to adequately explain the deferred-interest promotion.
In addition to consumer redress, the order mandates certain terms of the bank’s contracts with medical providers offering the healthcare credit card. For example, the bank must incorporate specific “transparency principles” into its agreements with healthcare providers, and the contracts must prohibit certain charges. The bank also must enhance disclosures provided with the card application and billing statements, and improve training for healthcare providers offering the card. In addition, the order details consumer complaint resolution requirements, and prohibits certain incentive arrangements and paid endorsements. To date, the CFPB has not released the attachments to the consent order, which include, among other things, the transparency principles and disclosures.
The New York Attorney General entered into a similar agreement with the bank earlier this year. Under that agreement, the bank was likewise required to add a set of transparency principles to provider contracts to ensure that card terms were described accurately and to revise promotional interest rate options and other disclosures to better inform consumers’ use of the card.
On December 2, the U.S. Court of Appeals for the Fifth Circuit held that a set of parens patriae suits filed by the Mississippi Attorney General (AG) against credit card issuers is not subject to federal jurisdiction under the Class Action Fairness Act (CAFA) or National Bank Act (NBA) preemption. Hood v. JP Morgan Chase & Co., No. 13-60686, 2013 WL 6230960 (5th Cir. Dec. 2, 2013). The consolidated appeal involves cases originally filed by the AG in state court against six credit card issuers for allegedly violating the Mississippi Consumer Protection Act in connection with the marketing, sale, and administering of certain ancillary products, including payment protection plans. After the card issuers removed the cases, a federal district court denied the state’s motion to remand, holding that it had subject matter jurisdiction because: (i) the cases were CAFA mass actions; (ii) the NBA (and the Depository Institutions Deregulation and Monetary Control Act for one state-chartered bank defendant) preempted some of the state law claims; and (iii) it had supplemental jurisdiction over the remaining state law claims. The Sixth Circuit disagreed and held that the card issuers failed to prove that any card holder met CAFA’s individual amount in controversy requirement, rejecting the issuers’ argument that the state is the real party in interest and its claims for restitution and civil penalties exceed the threshold. The court also rejected the issuers’ argument—and the district court’s holding—that the payment protection plans were part of the loan agreement and the fees associated with the plans constitute “interest,” such that the state’s challenge to the plans was an implicit usury claim preempted by the NBA. Instead, the court held that while the plans could conceivably fit within the definition of “interest,” there is no clear rule on this subject that demands removal. Moreover, the court held that even if the payment protection plan fees are “interest,” the claims still would not be preempted because the state does not allege that the issuers charged too much interest, but rather challenges the alleged practice of improperly enrolling customers in the plans. The court reversed the district court and remanded for further proceedings consistent with its opinion.
On November 15, Bloomberg reported that the CFPB is examining credit card issuers’ rewards programs. The article quotes CFPB Director Cordray stating that rewards programs can involve “detailed and confusing rules” and that the CFPB “will be reviewing whether rewards disclosures are being made in a clear and transparent manner.” The CFPB’s recent Credit CARD Act report identified rewards product disclosures as one of many card practices that “pose risks to consumers and may warrant further scrutiny by the Bureau.”
Bloomberg reported that the examinations cover the marketing of rewards programs, “particularly the marquee promise of a given card, such as cash back, or redeemable airline miles, and what a customer needs to do to get it.” The article notes that there is no apparent sudden rise in consumer complaints about rewards, but the CFPB has targeted the programs because they are, according to the source, the primary reason consumers choose a particular card.
While the CFPB reportedly is not examining the disclosures on the basis that they could present UDAAP risk, the article states that the scope of the targeted examinations includes (i) the time it takes for card holders to redeem their rewards, (ii) the potentially obscure nature of the conditions on redeeming rewards, (iii) programs that require increasing amounts of spending over time to redeem an award, and (iv) forfeiture and reinstatement of rewards.
On November 13, New York Governor Andrew Cuomo signed AB 3601, a bill intended to protect payment card holders from liability for unauthorized use of unsolicited convenience checks. Effective immediately, cardholders are held harmless for unauthorized use of unsolicited convenience checks associated with their account. The New York Bankers Association opposed the bill because its title and the accompanying sponsor’s memo misstate the purpose of the bill as being an outright ban on the unsolicited mailing of convenience checks to consumers when, in fact, the bill does not ban the practice.
On November 4, the U.S. District Court for the Southern District of New York held that credit card holders may pursue statutory damages for alleged violations of Regulation Z’s short-form credit card notice requirement, even though the short-form notice requirement is contained in a section of Regulation Z that is not enumerated under TILA’s statutory damages section. Zevon v. Dept. Stores Nat’l Bank, No. 12-7799, 2013 WL 5903024, (S.D.N.Y. Nov. 4, 2013). A credit card holder filed a putative class action alleging that the monthly short-form notice provided by the issuer was incomplete and omitted provisions required by Regulation Z’s model form provision. The court rejected the card issuer’s argument that because TILA only provides card holders with a cause of action for statutory damages for specifically enumerated statutory provisions, and because the short-form notice provision is not enumerated in the statute but is set only by Regulation Z, the card holder is not entitled to statutory damages. The court explained that following the card holder’s reasoning would immunize card issuers from statutory damages for even the most egregious short-from notice violations. Instead, the court held that because the allegedly violated Regulation Z provision was promulgated pursuant to an enumerated statutory provision—TILA’s long-form notice requirement—card holders are permitted to bring claims for statutory damages for short-form violations. The court rejected the card issuer’s motion to dismiss for these reasons, but granted its motion to limit statutory damages to $500,000, holding that the Dodd-Frank Act’s increase to a $1 million cap cannot be applied retroactively to violations that allegedly occurred prior to the Act’s passage.