On May 7, the CFPB issued a proposed rule that would provide financial institutions an alternative method for delivering annual privacy notices. The Gramm-Leach-Bliley Act (GLBA) and Regulation P require financial institutions to, among other things, provide annual privacy notices to customers—either in writing or electronically with consumer consent. Industry generally has criticized the current annual notice requirement as ineffective and burdensome, with most financial institutions providing the notices by U.S. postal mail. The proposed rule would allow financial institutions, under certain circumstances, to comply with the GLBA annual privacy notice delivery requirements by (i) continuously posting the notice in a clear and conspicuous manner on a page of their websites, without requiring a login or similar steps to access the notice; and (ii) mailing the notices promptly to customers who request them by phone. Read more…
On May 22, the Federal Reserve Board repealed its Regulation DD, which implements TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued rules implementing them. The Board also finalized amendments to the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of FCRA. Generally, the Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The revision excludes from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The repeals and Red Flags rule amendments take effect June 30, 2014.
Federal Reserve Board Proposes To Repeal Duplicative Regulations Amend Identity Theft Red Flags Rule
On February 12, the Federal Reserve Board proposed to repeal its Regulation DD, which implements the TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued interim final rules implementing them. The Board also proposed to amend the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of the FCRA. Generally, the Indemnity Theft Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The proposed revision will exclude from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The Board will accept comments on the proposal for 60 days from publication in the Federal Register.
On February 4, the U.S. Court of Appeals for the Ninth Circuit held that a plaintiff’s claim against a data broker alleged to have published inaccurate information about him has standing by virtue of the alleged violation of his statutory rights and need not demonstrate injury. Robins v. Spokeo, Inc., No. 11-56843, 2014 WL 407366, (9th Cir. Feb. 4, 2014). The district court held that the plaintiff failed to allege an injury in fact because his claims that the inaccurate information harmed, among other things, his ability to obtain employment did not sufficiently allege any actual or imminent harm. Applying its own precedent established in a long-running RESPA case that the U.S. Supreme Court declined to review in 2012, the court held that the violation of a statutory right usually is a sufficient injury to confer standing and that statutory causes of action do not require a showing of actual harm. The court determined that violations of statutory rights created by FCRA are concrete injuries that Congress can elevate to the status of legally cognizable injuries and are therefore sufficient to satisfy Article III’s injury-in-fact requirement. Further, the plaintiff adequately pled causation and redressability because (i) an alleged violation of a statutory provision caused the violation of a right created by that provision; and (ii) FCRA provides for monetary damages to redress the violation. The court reversed the trial court and remanded.
On November 22, the CFPB released findings of a study the Bureau conducted on the impact of certain deposit regulations on the day-to-day operations of banking institutions, focusing on compliance costs related to checking accounts, traditional savings accounts, debit cards, and overdraft programs. The study collected information from seven banks about activities related to compliance with regulations implementing the Truth in Savings Act, the Electronic Fund Transfer Act, the financial privacy requirements of the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act (Regulations DD, E, P, and V, respectively), as well as FCRA’s adverse action requirements, which are not implemented by regulation. According to the Bureau, compliance costs were concentrated in the Operations, Information Technology, Human Resources, Compliance, and Retail functions, and banks incurred the most substantial costs complying with rules related to authorization rights, error resolution requirements, disclosure mandates, and advertising standards.
The report identifies the compliance-related activities that entailed the highest costs across business functions and suggests that “authorization rights” (i.e., opt-ins and opt-outs) and error-resolution requirements are the most costly to administer. The report also discusses the potential for the study—which the Bureau characterizes as representing “some of the most rigorous information currently available” on compliance costs—to advance research on the cost of compliance, influence the ultimate understanding of regulatory impacts on consumers and markets, and inform the CFPB’s ongoing efforts to avoid unnecessary compliance costs. The Bureau states that estimating the operational effects of consumer financial services regulation alone has “limited value to policymaking” and is mainly helpful in determining the impact of a specific regulation on product pricing and availability or market structure and competition. The Bureau concluded that research on the effects of regulations will remain an ongoing priority, but it will nevertheless continue to address problems observed in the marketplace — “mindful that, whatever the costs of regulation, the costs of not regulating adequately can be even larger.”
The full report, Understanding the Effects of Certain Deposit Regulations on Financial Institutions’ Operations: Findings on Relative Costs for Systems, Personnel, and Processes at Seven Institutions, is available here.
On October 4, the CFPB and the FTC filed an amicus brief in a Fair Credit Reporting Act (FCRA) case pending in the Ninth Circuit. The brief argues that the seven-year period during which a criminal arrest can be reported starts on the date of the arrest and, contrary to the district court’s decision, is not extended by a subsequent dismissal of the charges. The brief notes that FCRA previously provided that the seven-year reporting period ran “from the date of disposition [i.e., dismissal], release, or parole,” but that Congress repealed that specific provision in 1998, replacing it with the general FCRA rule that the reporting period begins when the adverse event occurs. The brief notes that Congress prescribed a different rule from some categories of information—for example, the seven-year period for reporting that a delinquent account was placed with a collection agency begins 180 days after the commencement of the delinquency that immediately preceded the collection activity.
The brief relies heavily on the FTC’s summary of staff interpretations that it issued as part of its staff report, 40 Years of Experience with the Fair Credit Reporting Act (2011), just before the Dodd-Frank Act transferred primary enforcement authority for FCRA from the FTC and gave the CFPB general rulemaking powers under FCRA. The FTC and CFPB argue that the district court erroneously relied on the FTC’s 1990 Commentary on FCRA, which did not reflect the 1998 amendments. The extensive reliance on the 40 Years Report in the brief is significant because it reflects an endorsement of the authoritativeness of that report by the CFPB, at least as to the particular issue raised in this case.
On September 30, California enacted AB 1220, which extends protections under the state’s consumer reporting law. Under the federal Fair Credit Reporting Act, a consumer reporting agency may not prohibit a user of a consumer credit report furnished by the agency from providing a copy of the report to a consumer, upon the consumer’s request, if the user has taken adverse action against the consumer based upon the report. AB 1220 adopts the same prohibition, and also makes it unlawful for a consumer reporting agency to dissuade, or attempt to dissuade a user from providing the report. Further, the bill allows state and local law enforcement authorities to bring a civil action for a civil penalty up to $5,000 against a violating consumer reporting agency.
On September 4, the CFPB issued Bulletin 2013-09, which addresses a furnisher’s obligations in connection with a dispute forwarded to it by a consumer reporting agency (CRA). The Fair Credit Reporting Act (FCRA) generally requires a CRA to notify and provide information to a furnisher when a consumer disputes information provided by the furnisher to the CRA. In turn, the furnisher must conduct an investigation, review all relevant information, and respond appropriately. The CFPB’s guidance provides that compliance with the FCRA requires the furnisher to: (i) maintain a system reasonably capable of receiving from CRAs information regarding disputes, including supporting documentation; (ii) conduct an investigation of the disputed information, including information forwarded by the CRA and the furnisher’s own information with respect to the dispute; (iii) report the results of the investigation to the CRA that sent the dispute; (iv) provide corrected information to every nationwide CRA that received the information if the information is inaccurate or incomplete; and (v) modify or delete the disputed information, or permanently block the reporting of the information if the information is incomplete or inaccurate, or cannot be verified. Furnishers should consider whether these processes need to be integrated into their Compliance Management Systems.
On August 15, the FTC announced that it obtained a settlement from a Certegy Check Services, Inc., a check authorization service company and consumer reporting agency (CRA) that compiles and uses consumers’ personal information to offer retailers assistance in determining whether to accept a consumer’s check. The FTC alleged that the CRA violated the FCRA and the FTC’s Furnisher Rule by failing to (i) follow required dispute resolution procedures, (ii) implement reasonable procedures to ensure the accuracy of information the firm provided to retailers, (iii) create a streamlined process for consumers to obtain free annual reports, and (iv) implement reasonable written policies and procedures regarding the accuracy and integrity of information it furnishes to other CRAs. This is the first FTC action alleging violations of the Furnisher Rule, which took effect on July 1, 2010. To resolve the FTC’s allegations, the CRA, without admitting any violations of the law, will pay $3.5 million and is required to comply with the Furnisher Rule and maintain a streamlined process so that consumers can request their free annual reports.
This week, Maine enacted a bill to simplify the state’s credit reporting law. The bill, SP 504, was drafted by the Bureau of Consumer Protection to ease compliance burden primarily by eliminating provisions mirroring the federal Fair Credit Reporting Act (FCRA), and instead incorporating the federal FCRA and its implementing regulations. The bill retains and reorganizes existing additional state credit reporting consumer protections.
On May 7, the FTC released letters it sent to 10 data brokers warning that certain of the brokers’ practices could violate FCRA privacy protections. The announcement states that data broker companies that collect, distribute or sell information about consumers’ creditworthiness, eligibility for insurance, or suitability for employment are subject to FCRA, and as such, have an obligation to reasonably verify the identities of their customers and make sure that customers have a legitimate purpose for receiving consumer information. The letters were issued pursuant to an FTC “test-shopping” operation as part of an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network. The operation and subsequent warnings letters are the latest move by the FTC to address data broker compliance with FCRA. Last year, the FTC ordered certain data brokers to produce information about their collection and use of consumer data and announced at least one settlement with a data broker regarding FCRA compliance. However, the letters do not constitute an official notice that the companies are subject to FCRA or act as formal complaints, but rather “remind” the companies to review their practices to determine whether they are consumer reporting agencies subject to FCRA.
Recently, the U.S. Court of Appeals for the Tenth Circuit affirmed in part and reversed in part a district court’s award of summary judgment to a mortgage servicer who provided a negative credit report after the borrower refinanced his home without notifying the closing agent that his servicing rights had been transferred. Llewellyn v. Allstate Home Loans, Inc., 711 F.3d 1173 (10th Cir. 2013). The district court granted summary judgment to the servicer and its foreclosure law firm after concluding that the borrower had failed to provide sufficient evidence of actual economic or emotional damages, or willfulness to support his FCRA claim. The Tenth Circuit affirmed the district court’s determination that the borrower had not provided evidence of economic damages or willfulness, but concluded that the evidence presented was sufficient to create a genuine issue of material fact about whether the borrower suffered emotional damages and reversed and remanded for further proceedings on that claim. In so doing, the court explained that borrowers can rely solely on their own testimony to establish emotional harm if they explain their injury in reasonable detail and do not rely on conclusory statements. The appellate court also affirmed the district court’s award of summary judgment in favor of the servicer on the borrower’s FDCPA claim, concluding that the servicer acquired the debt before it was in default, and thus did not qualify as a “debt collector” under the statute.
On April 22, the U.S. Court of Appeals for the Ninth Circuit reversed a district court’s order approving a $45M class action settlement under FCRA on the grounds that the conditional nature of the incentive award rendered the class representatives and class counsel inadequate representatives of the absent class members. Radcliffe v. Experian Info. Solutions Inc., 11-56376, 2013 WL 1715422 (9th Cir. Apr. 22, 2013). The plaintiffs alleged that the three major credit reporting agencies issued consumer credit reports containing negative entries for debts that were already discharged through bankruptcy. The parties reached a settlement in February 2009, whereby a $45M common fund would provide an award not to exceed $5,000 to each named plaintiff, while plaintiffs suffering actual damages would receive awards ranging from $150.00 to $750.00 and the remaining class members would each recover roughly $26.00. The Ninth Circuit held that the “incentive awards” provided to the named plaintiffs “corrupt the settlement by undermining the adequacy of the class representatives and class counsel,” while the conditional nature of the awards “removed a critical check on the fairness of the class-action settlement, which rests on the unbiased judgment of class representatives similarly situated to absent class members.” The court further held that class counsel would have been disqualified under this agreement because they have a fiduciary responsibility to represent the interests of the class as a whole, and conditional incentive rewards would require class counsel to represent class members with conflicting interests. The court explained that the disparity between the awards given to the named plaintiffs and the rest of the class “further exacerbated the conflict of interest caused by the conditional incentive awards.” The court concluded that the representative plaintiffs ultimately were unable to fairly and adequately protect the interests of the class, reversed the district court’s approval of the settlement, and remanded the case for further proceedings.
Federal Court Holds Credit Furnisher Must Show Proof of Investigation of Consumer Dispute under FCRA
On February 22, the U.S. District Court for the District of Arizona held that a furnisher of credit information must present evidence regarding its investigation of a consumer’s credit reporting dispute in order to satisfy the FCRA dispute resolution requirements. Modica v. Am. Suzuki Fin. Servs., No. CV11-02183-PHX, 2013 WL 656495 (D. Ariz. Feb. 22, 2013). The plaintiff leased a vehicle from the defendant and did not return it at the end of the lease term. The defendant reported the account as “current/paying as agreed” after the plaintiff returned the vehicle. The plaintiff disputed this charge to the credit bureaus which contacted the defendant to notify them of the dispute and confirm the charge. The defendant eventually changed the report to show an unpaid balance with a charge-off, prompting the plaintiff to bring suit alleging breach of contract, violation of a state law regarding credit reporting, and violation of FCRA. In denying the defendant’s motion for summary judgment as to the FCRA claim, the court noted that FCRA requires a furnisher of credit information to conduct a “reasonable investigation” upon receipt of a consumer dispute. The court found that the creditor did not engage in a reasonable investigation—the defendant was unable to explain discrepancies between what it submitted to the credit reporting agencies and a letter it submitted to the plaintiff which showed she had no past due payments. In fact, the defendant was unable to say what the credit investigation entailed, a fact that precluded its claim for summary judgment.
California Appeals Court Permits Borrowers’ Claims against Lender Based on Auto Dealer’s Alleged Breach of Installment Contract
On February 4, the California Court of Appeal, Third District, held the FTC’s Holder Rule allows borrowers to assert claims against a lender assignee that they might otherwise have against the auto dealer with whom the borrowers entered the installment contract. Lafferty v. Wells Fargo Bank, No. C0678812, 2013 WL 412900 (Cal. App. Ct. Feb. 4, 2013). The borrowers stopped making payments on their motor home, disclaimed their ownership interest, and filed suit against the dealer with whom they financed the purchase of the vehicle after the dealer refused to make repairs to the vehicle. Relying upon the FTC’s Holder Rule, which requires language in every consumer installment contract to state that any holder of the consumer credit contract is subject to all claims and defenses which the debtor could assert against the seller of the goods, the borrowers sued the bank to whom their loan had been assigned. After a trial court dismissed the case, the borrowers appealed. The appeals court reversed the judgment, holding that the “plain meaning of the Holder Rule allows the [borrowers] to assert claims against [the bank] they might otherwise have against [the dealer],” but limited the borrowers’ recovery to the actual amounts paid under the installment contract. The appeals court declined to follow courts in other jurisdictions that looked beyond the plain meaning of the rule to assess the FTC’s original intent in adopting the rule, and rejected the bank’s argument that the Reese-Levering Act limits the borrowers’ right to rescission of the contract. The appeals court also held that the borrowers stated causes of action against the bank under the CLRA and for negligence, but that their claim for negligent defamation of credit was preempted by the Fair Credit Reporting Act. The appeals court reversed the trial court order.