Guarantors Are Not Protected by the Equal Credit Opportunity Act, Eighth Circuit Holds

The U.S. Court of Appeals for the Eighth Circuit recently upheld summary judgment in favor of a lender, dismissing an action by the borrowers’ spouses alleging that the lender’s requirement that the spouses sign guaranties for the loan violated the Equal Credit Opportunity Act (ECOA). The court concluded that the spouses did not qualify as "applicants" under the ECOA.

Between 2005 and 2008, the lender made four loans to a limited liability company (LLC). In each instance, the two members of the LLC and their spouses executed personal guaranties in favor of the lender to secure the loans. In 2012, the LLC failed to make payments due under the loan agreements. The lender declared the loans to be in default, accelerated the loans, and demanded payment from both the LLC and the spouses as guarantors. The spouses then filed suit, claiming that the lender required them to execute the guaranties solely because they were married to the members of the LLC and that this requirement constituted discrimination against them on the basis of their marital status, in violation of the ECOA.

The ECOA makes it unlawful for a creditor to discriminate against any "applicant" in a credit transaction on the basis of marital status. The ECOA defines "applicant" as "any person who applies to a creditor directly for an extension, renewal, or continuation of credit, or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit." The Federal Reserve Bank enacted regulations expanding the term "applicant" to include guarantors. Relying upon the Federal Reserve Bank’s interpretation, the spouses claimed that they qualified as "applicants."

The Eighth Circuit disagreed, refusing to defer to the Federal Reserve Bank’s interpretation. Under traditional rules of statutory construction, a court will consider an agency’s interpretation only if the court determines the statute is silent or ambiguous concerning the specific issue presented. The Eighth Circuit concluded that the ECOA was neither silent nor ambiguous. Instead, the court held that, based upon the text of the ECOA, it is clear that "a person does not qualify as an applicant under the statute solely by virtue of executing a guaranty to secure the debt of another." The court further found that "the plain language of the ECOA unmistakably provides that a person is an applicant only if she requests credit. But a person does not, by executing a guaranty, request credit." Accordingly, because the court concluded that the spouses were not "applicants" under the ECOA, it held that the lender did not violate the ECOA by requiring the spouses to execute the guaranties.

The court noted, however, that the Sixth Circuit recently reached the opposite conclusion. The Sixth Circuit found it ambiguous whether a guarantor qualifies as an applicant under the ECOA and, therefore, followed the Federal Reserve Bank’s interpretation that an applicant includes a guarantor. This split in the circuits illustrates that whether a guarantor of a loan is protected by the ECOA is an issue that still appears to be developing.

- Anthony C. Kaye and Shane Jasmine Young

New York Proposes Virtual Currency Licensing and Regulatory Framework

The New York Department of Financial Services (DFS) recently proposed a regulatory framework for virtual currency firms. In doing so, New York is the first state to propose a specially tailored regulatory framework for virtual currency. While other states currently regulate virtual currency, such regulation is based on existing statutory framework generally applicable to currency transmitters or similar industries.

As proposed, licensing and substantive regulatory requirements will apply to firms covered by the regulations. The newly dubbed "BitLicenses" will be required for entities engaged in any of the following types of virtual currency activities:

  • Receiving or transmitting virtual currency on behalf of consumers
  • Securing, storing, or maintaining custody or control of virtual currency on the behalf of customers
  • Performing retail conversion services, including the conversion or exchange of fiat currency or other value into virtual currency, the conversion or exchange of virtual currency into fiat currency or other value, or the conversion or exchange of one form of virtual currency into another form of virtual currency
  • Buying and selling virtual currency as a customer business, as opposed to personal use
  • Controlling, administering, or issuing a virtual currency (not including virtual currency miners)

The proposed regulations exempt from the licensing requirement:

  • Entities chartered under the New York Banking Law to conduct exchange services and approved by the DFS to engage in virtual currency business activities
  • Merchants and consumers that utilize virtual currency solely for the purchase or sale of goods or services

For the purpose of the regulation, the term "virtual currency" is defined as:

"[A]ny type of digital unit that is used as a medium of exchange or a form of digitally stored value or that is incorporated into payment system technology. Virtual Currency shall be broadly construed to include digital units of exchange that (i) have a centralized repository or administrator; (ii) are decentralized and have no centralized repository or administrator; or (iii) may be created or obtained by computing or manufacturing effort. Virtual Currency shall not be construed to include digital units that are used solely within online gaming platforms with no market or application outside of those gaming platforms, nor shall Virtual Currency be construed to include digital units that are used exclusively as part of a customer affinity or rewards program, and can be applied solely as payment for purchases with the issuer and/or other designated merchants, but cannot be converted into, or redeemed for, Fiat Currency."

The proposed regulations include several interesting requirements for BitLicense holders:

  • Custody and Protection of Consumer Assets – To the extent a licensee secures, holds, stores, or maintains custody or control of virtual currency on behalf of another person, the proposed regulations require that the licensee hold virtual currency of the same type and amount as that which is owed or obligated to the other person. However, the regulations do not specify to what extent, or under what circumstances, the licensee would be obligated to guarantee or compensate a consumer for losses incurred. In the same general aim, the proposed regulations further require that licensees maintain a surety bond or trust account (in an unspecified amount), and prohibit encumbering assets held on behalf of another person in any way.
  • Capital Requirements – The proposed regulations set forth an indefinite capital requirement for license holders. It appears from the regulation that each licensee's minimum capital requirement will be determined independently, based on a number of factors, including:
    1. The composition of the licensee’s total assets, including the position, size, liquidity, risk exposure, and price volatility of each type of assets
    2. The composition of the licensee’s total liabilities, including the size and repayment timing of each type of liability
    3. The actual and expected volume of the licensee’s virtual currency business activity
    4. Whether the licensee is already licensed or regulated by the superintendent under the Financial Services Law, Banking Law, or Insurance Law, or otherwise subject to such laws as a provider of a financial product or service, and whether the licensee is in good standing in such capacity
    5. The amount of leverage employed by the licensee
    6. The liquidity position of the licensee
    7. The financial protection that the licensee provides for its customers through its trust account or bond
  • Investment Restrictions – The proposed regulations only permit a licensee to invest its retained earnings and profits in the following types of high-quality, investment-grade permissible investments, with maturities of up to one year, denominated in U.S. dollars: certificates of deposit issued by federal or state-regulated financial institutions; money market funds; state or municipal bonds; U.S. government securities; or U.S. government agency securities.

The regulatory framework also includes provisions covering recordkeeping, examination and supervision by the DFS, financial reporting, anti-money laundering compliance, cybersecurity programs, consumer protection disclosure requirements, and handling of consumer complaints.

The proposed regulations were published in the New York State Register on July 23, 2014, and have a 45-day comment period.

- Reid F. Herlihy 


FTC Settles with Two Debt Collectors over Alleged FDCPA and FTC Act Violations

The debt collection industry continues to be a major focus of the Federal Trade Commission’s enforcement efforts, as shown by the agency’s decision to simultaneously announce two settlements last week with Tennessee and New York debt collectors involving different alleged violations of the Fair Debt Collection Practices Act (FDCPA) and the FTC Act. The settlements require the Tennessee and New York companies to pay civil penalties of respectively $1.5 million and $1.2 million (with all but $490,000 of the latter amount suspended due to the defendants’ inability to pay).

According to the FTC’s complaint filed in a Tennessee federal court, the Tennessee debt collection company, which was alleged to have made between 10,000 and 15,000 calls daily in an attempt to collect on approximately one million consumer accounts annually, violated the FDCPA and Section 5 of the FTC Act by conduct that included:

  • Repeatedly calling consumers and accusing them of owing debts that they did not owe, including after they had told the company they were not the individuals who owed the debts or asked the company in writing to cease communications
  • Contacting consumers at work while knowing that their employers did not allow the calls
  • Making unauthorized withdrawals from consumers’ bank accounts
  • Improperly communicating with third parties, including disclosing consumers’ alleged debts to third parties through communications that included voicemail messages left on general business lines or shared home lines and asking third parties to pass messages to the consumer on the company’s behalf

In addition to the $1.5 million civil penalty, the stipulated order contains a permanent injunction prohibiting the company from continuing to engage in the conduct alleged in the FTC’s complaint as well as any other conduct that violates the FDCPA or FTC Act. The order also requires the company to take specific steps to address the FTC’s allegations. For example, when a consumer disputes a debt’s validity or amount, the company must either cease collection (in which case it may not sell or transfer the debt) or suspend collection until it has conducted a reasonable investigation and determined whether the consumer owes the debt.

The order also includes content requirements for recorded messages left by the company, documentation requirements for telephone calls to obtain location information, and a required disclosure to be included on all written communications sent to debtors for the purpose of collecting past-due debts (which includes advice on how consumers can complain to the FTC about the company’s conduct). The requirements for recorded messages track the standards for such messages set out by the FTC in its July 2013 settlement with Expert Global Solutions.

The FTC’s complaint filed in a New York federal court against several affiliated New York debt collection companies and their individual principals included alleged violations of the FDCPA and FTC Act similar to those alleged in its Tennessee complaint. These alleged violations included improperly disclosing consumers’ alleged debts to third parties and continuing to call consumers who had told the companies they did not owe the debts. The complaint also alleged the defendants:

  • Engaged in a ruse to get consumers to call the defendants by leaving pre-recorded messages that encouraged consumers to call a specified number to take advantage of pretend financial relief such as a "tax season relief program," "stimulus package," "hardship settlement," or "balance transfer option"
  • Threatened to collect debts that were beyond the statute of limitations
  • Attempted to collect interest without a statutory or contractual basis or where the previous owner of the debt had waived the collection of interest for certain time periods

In addition to requiring the defendants to pay $490,000 of a partially suspended $1.2 million civil penalty, the stipulated order permanently enjoins the defendants from violating the FDCPA, including by engaging in conduct alleged in the complaint, and misrepresenting consumers’ liability for interest. The order also imposes requirements for investigating disputed debts and requires the defendants to make a specified disclosure in all written collection communications advising consumers how they can complain to the FTC about the defendants’ conduct, as well as additional specified disclosures in communications concerning debts that are or may be time-barred. The required time-barred debt disclosures track those required by the FTC in its January 2012 settlement with Asset Acceptance.

The debt collection industry continues to be a major Consumer Financial Protection Bureau focus, with the CFPB nearing the issuance of proposed debt collection regulations.

- Barbara S. Mishkin

Sixth Circuit Establishes ‘Baseline’ Information To Verify a Debt

The U.S. Court of Appeals for the Sixth Circuit recently articulated a standard for verifying a debt under the Fair Debt Collection Practices Act (FDCPA) in Haddad v. Alexander, Zelmanski, Danner & Fioritto, PLLC. The FDCPA requires that if a consumer notifies the debt collector of a disputed debt, or some portion of that debt, then the debt collector must cease all collection activity until it obtains verification of the debt. The FDCPA does not specify what constitutes “verification”; however, the court determined that it is generally helpful for creditors to compile a detailed list of transactions constituting the debt.

In this case, a condominium owner disputed certain amounts assessed against him by the condominium’s property manager. The property manager responded by providing the owner with a copy of an account ledger listing the original amount owed as $75 plus late charges and legal fees. The owner agreed to pay the $25 fine for a hot water heater, but withheld payment on the remaining $50 until the property manager could provide a detailed description of every charge that amount contained.

Despite letters from the property manager with details about late charges and legal fees, the owner never received any information verifying the $50 balance, which was apparently carried over from the records of the prior property management company. Instead, the property manager filed a lien against the condominium. Although the lien was later released, the Sixth Circuit observed that the owner was faced with a catch-22 choice between paying an unknown debt or dealing with an encumbrance of the owner’s property rights.

The Sixth Circuit observed that the FDCPA is intended to protect consumers, so the verification requirement “must be interpreted” to provide consumers with sufficient notice so that they can dispute a payment obligation. The court acknowledged that what constitutes baseline information for adequate verification will vary depending on the facts of a particular situation, but the court noted that an itemized accounting detailing the transactions in an account that have led to the debt would often be the best means of providing verification. At a minimum, the court stated that debt collectors should provide information about the date and nature of the transaction that led to the debt. The court provided the following examples of information that would constitute verification under the FDCPA:

  • A purchase on a particular date
  • A missed rental payment for a specific month
  • A fee for a particular service provided at a specified time
  • A fine for a particular offense assessed on a certain date

The Sixth Circuit commented on its own holding, stating that this interpretation of the FDCPA verification requirement establishes a “clear standard” that other courts can apply easily. The court also asserted that the information that would be considered sufficient to put consumers on notice about the origins of a debt does not have to be extensive, so “in today’s world of computerized records management, it would not be a significant burden to debt collectors or creditors to provide such a record.”

While the court may be taking too simplistic a view of the complexities of the relevant information systems, its message is clear—the burden to explain the existence and the amount of a debt lies with creditors and debt collectors, not consumers. In that regard, banks and other creditors refinancing loans or transferring account balances may want to confirm that their records will allow them to identify the opening balance on an account.

- Alan S. Kaplinsky, John L. Culhane, Jr., and Kim Phan

Massive Hacking Operation Further Reveals Weakness of Passwords

A small private cybersecurity firm recently revealed that a Russian computer hacking organization amassed more than 1.2 billion username and password combinations. The data was collected across a wide swath of websites, from both large companies and small independent websites across the globe. This finding highlights a well-known vulnerability in password security—namely, people tend to employ the same usernames and passwords across websites, which can put their personal and financial information at risk, should the username and password combination be obtained by hacking from an unrelated website. The revelation of yet another large cybersecurity breach may place additional pressure on both lawmakers and regulators to take action to ensure consumers' electronic information is safeguarded.

On August 5, 2014, Hold Security announced that it had uncovered the hacking operation after months of research. When the firm combined the affected username and password combinations with repetitive pieces of data, it determined that the criminals held more than 4.5 billion records. While some of the data was purchased from black market databases, the criminals also collected information by exploiting security vulnerabilities in hundreds of thousands of websites. The criminals used the information to distribute spam messages to spread malware to additional potential victims. 

The breach reveals the weakness of passwords in cybersecurity efforts. When users use the same credentials across websites and systems, a breach of any one of those websites or systems can pose a threat to the others. Companies should ensure they have strong information security policies in place so that passwords are sufficiently complicated, are updated regularly, and are not recycled.

A security breach of this magnitude also has the potential to draw both lawmakers' and regulators' attention. Following the breach, the Federal Trade Commission, the lead privacy and data security regulator, issued guidance to consumers and businesses on how to create and protect strong passwords. The incident also could provide momentum for stalled breach notification legislation, cybersecurity information-sharing legislation, and funding for federal research efforts to develop password alternatives. Editorial boards are calling on Congress to act, claiming that such a massive breach should be a "wake-up call." The FTC has actively promoted a federal data breach notification law and may use news of this breach to bolster its stance.

Likewise, FTC and state regulators could investigate companies that were targeted by these cybercriminals. While no security program is foolproof, companies are obligated to take reasonable measures to protect consumers' personal information. Failure to take reasonable security precautions can be an unfair or deceptive practice under Section 5 of the FTC Act. The companies targeted in this breach could find themselves subject to FTC scrutiny regarding whether they were taking adequate steps to secure consumer information and to identify when breaches occur.

Similarly, state regulators may question whether these companies had an obligation under state data breach notification laws to notify consumers that their personal information had been compromised. To avoid a finding of unfairness by a regulator, companies should have sufficient security in place to identify when consumer information has been hacked and also have data breach response policies in place that define how the companies should assess the severity of the breach, stop the breach (if ongoing), and begin working with regulators, law enforcement, and consumers, when appropriate.

- Philip N. Yannella, Daniel JT McKenna, and James N. Duchesne

Comptroller of the Currency Publishes Guidance on Debt Sales Arrangements and Agreements

The Office of the Comptroller of the Currency’s (OCC’s) new Bulletin 2014-37 on Consumer Debt Sales represents the agency’s latest guidance on this topic since providing a written statement a year ago to the Senate Subcommittee on Financial Institutions and Consumer Protection describing “best practices” gleaned from supervision of the largest national banks. Unlike the OCC’s statement, the Bulletin addresses the application of consumer protection requirements and safe and sound banking practices to debt sales by all OCC-supervised institutions (national banks and federal thrifts), including community banks.

After summarizing the operational, reputation, compliance, and strategic risks associated with consumer debt sales by financial institutions, the Bulletin discusses the OCC’s supervisory concerns from both a safety and soundness and a consumer protection point of view. These include:

  • Selling debt without knowing enough about the debt buyer’s collection practices
  • Providing customer information without appropriate customer disclosure or in violation of applicable internal privacy policies or applicable laws and regulations
  • Transferring inadequate customer account information to the buyer
  • Failing to institute appropriate internal oversight of debt sale arrangements to ensure that they are governed consistently across the organizations

The Bulletin is careful to note that it does not create any new legal rights against a bank that sells debt, either for a consumer whose debt is sold or for any other third party.

Safety and Soundness Viewpoint

The Bulletin sets forth specific expectations regarding what internal policies and procedures should contain and guidance on what constitutes appropriate due diligence in selecting debt buyers. While the OCC’s statement suggested that a file should be maintained on approved debt buyers to meet the expectations of the then-current OCC Bulletin on third-party relationships, the Bulletin advises institutions to follow the risk-assessment and risk-management guidance in OCC Bulletin 2013-29. This focus emphasizes the importance of assuring that agreements with debt buyers cover all important considerations, including confidentiality and IT concerns, risks inherent in resales of debt (if permitted) by the debt buyer, and adequate handling of customer information once debt collection activities have ceased.

Consumer Protection Viewpoint

The Bulletin also addresses OCC’s newer, more specific expectations regarding debt sale agreements. Whereas the OCC’s statement generally evidenced a requirement that sufficient account information be provided to a buyer to allow ordinary course collection and that the contract deal with requests for additional information, the Bulletin requires an institution to provide (apparently at the time of sale) the buyer with copies of the underlying account documents and related information. These documents and information include, for each debt, key identifying information about the debtor (including all identifying account numbers used by the institution and, as appropriate, its predecessors), copies of all pertinent agreements, recent (within the prior 12 months) account statements, certain last payment information, and information about all collection efforts and any unresolved disputes or fraud claims by the debtor.

Under the Bulletin, certain kinds of debt are deemed “clearly not appropriate for sale” for their failure to meet the basic requirements to constitute an ongoing legal debt. These include debts that have been settled or are in the process of settlement, debts of decedents, and accounts “lacking clear evidence of ownership.” In addition, the Bulletin instructs that banks should “refrain” from selling accounts in disaster areas, accounts “close to the statute of limitations,” Servicemembers Civil Relief Act accounts, and accounts of minors. No further guidance is provided as to how “close” an account must be to its statute of limitations for its sale to be frowned upon by the OCC.

Ballard Spahr will host a webinar, "Recent Developments in Regulatory Guidance for Debt Sellers and Buyers," at 12:00 p.m. ET on September 24, 2014, to discuss the Bulletin and related guidance. Registration information is available here.

- Glen P. Trudel and Keith R. Fisher

California Amends Education Requirements for Mortgage Loan Originators

California recently amended its pre-licensing and continuing education requirements for mortgage loan originators (MLOs) licensed under the California Finance Lenders Law and the California Residential Lending Act. The education requirements passed in Senate Bill No. 1459 become effective on January 1, 2015.

The new law requires an MLO to complete at least 20 hours of NMLS-approved pre-licensing education. An applicant may take pre-licensing education courses either in a classroom, online, or by any other means approved by the NMLS. Further, education requirements approved by the NMLS for any other state are accepted as credit toward the completion of pre-licensing education requirements in California.

The law requires that the pre-licensing education include at least:

  • Three hours of instruction on federal law and regulations
  • Three hours of ethics, including instruction on fraud, consumer protection, and fair lending issues
  • Two hours of training related to lending standards for the nontraditional mortgage product marketplace
  • Two hours of training related to relevant California law and regulations

Regarding continuing education requirements, the law requires a licensed MLO to complete at least eight hours of continuing education a year for license renewal. Under the law, an MLO may only receive credit for a continuing education course in the year in which the course is taken. An MLO may also not take the same course in the same year or successive years to meet the annual requirements for continuing education. The continuing education must include at least:

  • Three hours of instruction on federal law and regulations
  • Two hours of ethics, which shall include lending standards for the nontraditional mortgage product market place
  • One hour of training related to relevant California law and regulations

- Marc D. Patterson

D.C. Passes NMLS Conformity Temporary Act of 2014

Recently, Washington, D.C., Mayor Vincent Gray signed the NMLS Conformity Temporary Act of 2014. The Act authorizes the Department of Insurance, Securities and Banking (DISB) the necessary statutory authority to use the NMLS for all non-depository financial service providers. Currently, the DISB has authority to use the NMLS only for mortgage-related financial service providers. The Act will take effect after a 30-day period of congressional review beginning on August 28, 2014, and will expire 225 days after it takes effect on April 10, 2015.

The D.C. Council is also debating the NMLS Conformity Act of 2014, which is a permanent version of the temporary act. A hearing on the permanent act was held on July 9, but no further action has been taken.

- Marc D. Patterson

Copyright © 2014 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

Related Practices

Consumer Financial Services
Mortgage Banking
Virtual Currency


Visit CFPB Monitor, our blog on the Consumer Financial Protection Bureau >

Subscribe to the blog >

Subscribe to the Mortgage Banking Update and legal alerts >