In This Issue:
- President Biden Replaces FHFA Director Based on Supreme Court Decision – Now What Happens?
- SCOTUS Decision on FHFA’s Constitutionality Could Provide Support for Validity of Pre-Seila Law CFPB Actions
- RD Legal Funding Asks SCOTUS to Decide if CFPB Can Ratify Pre-Seila Law Actions
- President Biden Signs CRA Resolution Overriding OCC True Lender Rule; Ballard Spahr to Hold August 9 Webinar
- SCOTUS Limits Article III Standing in FCRA Damages Class Action to Class Members Who Suffered Concrete Injury
- Florida Governor Signs Bill Limiting Use of Automated Dialing Systems
- State AGs File Opposition to FDIC’s Summary Judgment Motion in Lawsuit Challenging “Madden-Fix” Rule
- CFPB Acting Director Dave Uejio Nominated to Serve as HUD Assistant Secretary
- Ballard Spahr Partner Phil Yannella Authors Book on Data Breach and Privacy Litigation
- Connecticut Department of Banking Issues Order Establishing Remote Office Locations on a Permanent Basis
- Did You Know?
For the latest updates on the Coronavirus COVID-19 pandemic visit the Ballard Spahr COVID-19 Resource Center
President Biden Replaces FHFA Director Based on Supreme Court Decision – Now What Happens?
On June 23, 2021, President Biden replaced the Federal Housing Finance Agency (FHFA) Director Mark Calabria with Acting Director Sandra L. Thompson.
The move was made possible by the decision of the U.S. Supreme Court earlier in the day holding that the FHFA structure is unconstitutional because the Director could be removed by the President only for cause. The decision resulted in the Director becoming removable at the will of the President, and President Biden acted promptly to replace the FHFA Director. The replacement of the FHFA Director raises an important question—now what happens?
As previously reported, the CFPB delayed the mandatory compliance date of the new general qualified mortgage (QM) rule under Regulation Z, which became effective on March 1, 2021, until October 1, 2022. The CFPB did so that technically, in addition to the new general QM, the original general QM based on a strict 43% debt-to-income (DTI) ratio limit, and the temporary QM based on a loan being eligible for sale to Fannie Mae or Freddie Mac (often referred to as the “GSE Patch”), would also be available for applications received on or before September 30, 2022 (although the GSE Patch would expire if Fannie Mae and Freddie Mac exit conservatorship).
However, FHFA actions called into question whether the goal of the CFPB would be fully realized. In January 2021 the Preferred Stock Purchase Agreements (PSPAs) regarding Fannie Mae and Freddie Mac were amended. Pursuant to the amendments, with regard to the original general QM, the new general QM, and the GSE Patch QM, for loans with applications received on or after July 1, 2021, Fannie Mae and Freddie Mac could only purchase new general QM loans. The delay of the mandatory compliance date for the new general QM rule to October 1, 2022, raised the issue of whether the PSPAs would be further amended to continue to provide for the purchase of original general QM loans and GSE Patch QM loans.
As previously reported, on April 8, 2021, Fannie Mae and Freddie Mac announced that for loans with applications received on or after July 1, 2021, they will purchase new general QM loans, and not original general QM loans or GSE Patch QM loans. Fannie Mae and Freddie Mac issued further guidance on May 26, 2021, advising that for loans with applications received before March 1, 2021 (the effective date of the new general QM rule), the loans would be eligible for purchase if they satisfied the requirements of the new general QM rule. This approach effectively provides a path for such loans to be GSE Patch QM loans.
The issue now is whether the FHFA under new leadership will reach a different agreement with the U.S. Treasury Department on the types of loans that Fannie Mae and Freddie Mac will purchase. The industry will be watching intently for developments in this area.
SCOTUS Decision on FHFA’s Constitutionality Could Provide Support for Validity of Pre-Seila Law CFPB Actions
In its decision in Collins v. Yellin (previously captioned Collins v. Mnuchin), the U.S. Supreme Court, relying on its decision in Seila Law, held that the Federal Housing Finance Agency’s structure is unconstitutional because the Housing and Economic Recovery Act of 2008 only allows the President to remove the FHFA’s Director “for cause.” Despite ruling that the FHFA’s structure was unconstitutional, the Supreme Court also held that the proper remedy for the constitutional violation was not to invalidate the FHFA actions challenged by the plaintiffs.
The plaintiffs in Collins were shareholders of Fannie Mae and Freddie Mac seeking to invalidate an amendment (Third Amendment) to a preferred stock agreement between the Treasury Department and the FHFA as conservator for Fannie Mae and Freddie Mac that required the entities to pay quarterly dividends to the Treasury equal to their excess net worth after accounting for prescribed capital reserves. The Third Amendment was adopted by an Acting FHFA Director and subsequent actions to implement the Third Amendment were taken by Senate-confirmed Directors.
According to the Supreme Court, its conclusion that the Acting Director who adopted the Third Amendment was removable by the President at will defeated the plaintiffs’ argument for setting aside the Third Amendment in its entirety. The Supreme Court also concluded that “there is no reason to regard any of the actions taken by the FHFA [when headed by confirmed Directors] in relation to the third amendment as void.” The Court stated that “all of the officers who headed the FHFA during the time in question were properly appointed. Although the statute unconstitutionally limited the President’s authority to remove the confirmed Directors, there was no constitutional defect in the statutorily prescribed method of appointment to that office.” (emphasis included). The Supreme Court found “no basis for concluding that any head of the FHFA lacked the authority to carry out the functions of the office.” Citing Seila Law, the Court stated that “settled precedent also confirms that the unlawfulness of the removal provision does not strip the Director of the power to undertake the responsibilities of his office, including implementing the third amendment.”
The Supreme Court also commented that, in claiming to find implicit support for their position in Seila Law, the plaintiffs “read far too much” into that decision. It stated that, contrary to the plaintiffs’ argument, its remand of Seila Law so the lower court could decide if the CFPB’s issuance of a CID “had been ratified by an Acting Director who was removable at will by the President” did not implicitly mean that the Director’s action would be void unless lawfully ratified. According to the Court, “we said no such thing” and “the remand did not resolve any issue concerning ratification, including whether ratification was necessary.”
At the same time, the Supreme Court stated that the plaintiffs might nevertheless be entitled to retrospective relief if they could show that the unconstitutional removal provision caused harm. The plaintiffs claimed that were it not for the provision, the President might have replaced one of the confirmed Directors who supervised the implementation of the Third Amendment, or a confirmed Director might have altered his behavior in a way that would have benefitted the shareholders. The Supreme Court remanded the case to the lower courts to resolve in the first instance whether the provision caused such harm.
The validity of actions taken by the CFPB before the Supreme Court’s Seila Law decision is currently being challenged in at least three cases: RD Legal Funding, Seila Law, and All American Check Cashing. (RD Legal has filed a petition for certiorari in the Supreme Court and Seila Law is also expected to file a cert petition.) All of the challenged CFPB actions in these cases were taken under former Director Cordray’s leadership after he was reappointed by President Obama and confirmed by the Senate. The businesses challenging the actions have argued that any purported ratification by former Acting Director Mulvaney or former Director Kraninger was ineffective because, as agents of the CFPB, they could not ratify an act that the CFPB, as principal, could not take at the time such act was done due to its unconstitutional structure. The Supreme Court’s decision in Collins would seem to undercut the argument that the CFPB’s unconstitutional structure made it unable to take such actions. In addition, the ratification of these actions by former Acting Director Mulvaney or former Director Kraninger at a time when they were removable by the President at will might make it difficult for the businesses to show that they were harmed by the removal provision.
RD Legal Funding Asks SCOTUS to Decide if CFPB Can Ratify Pre-Seila Law Actions
RD Legal Funding has filed a petition for a writ of certiorari in the U.S. Supreme Court that asks the Court to decide whether the CFPB can ratify actions taken when it was unconstitutionally structured.
A New York federal district court had dismissed the enforcement action against RD Legal filed jointly by the CFPB and New York Attorney General, ruling that the CFPB’s structure was unconstitutional and that the proper remedy for the constitutional violation was to invalidate Title X in its entirety because the for-cause removal provision was not severable from Title X. Having invalidated Title X, the district court also determined that there was no longer a statutory basis for the NYAG to bring its federal claims and therefore dismissed such claims for lack of federal jurisdiction.
RD Legal appealed to the U.S. Court of Appeals for the Second Circuit. While the appeal was pending, the Supreme Court ruled in Seila Law that the CFPB’s structure was unconstitutional because the Dodd-Frank Act provision allowing the President to only remove the CFPB Director “for cause” violated the separation of powers in the U.S. Constitution. The Supreme Court also ruled that the unconstitutional provision was severable. Thereafter, the CFPB filed a declaration with the Second Circuit in which former Director Kraninger stated that she had ratified the Bureau’s decisions to file the enforcement action against RD Legal and to appeal from the district court’s dismissal of the action.
Based on the Supreme Court’s Seila Law decision, the Second Circuit issued a summary order that affirmed the district court’s holding that the Dodd-Frank Act’s for-cause removal provision was unconstitutional, reversed its holding that the provision was not severable, and remanded the case to the district court to consider the validity of former Director Kraninger’s ratification of the CFPB’s enforcement action. The Second Circuit’s order vacated the district court’s judgment dismissing the underlying enforcement action.
RD Legal’s certiorari petition presents the following two questions:
- Whether ratification is an appropriate remedy for the constitutional violation identified in Seila Law.
- Whether, after Seila Law found the CFPB’s structure unconstitutional, the CFPB could ratify its enforcement action and appeal to the Second Circuit after the time for doing either had run.
In its petition, RD Legal argues that the ratification of the CFPB’s enforcement action by former Director Kraninger was ineffective because, as an agent of the CFPB, she could not ratify an act that the CFPB, as principal, could not take at the time such act was done due to its unconstitutional structure. Alternatively, RD Legal argues that even if ratification of an action taken while unconstitutionally structured was possible, former Director Kraninger could not ratify the enforcement action against RD Legal more than three years after it was brought or ratify the appeal more than two years after the CFPB filed its notice of appeal.
Seila Law is also expected to ask the Supreme Court to decide whether former Director Kraninger could ratify actions taken by the CFPB while it was unconstitutionally structured. After the Supreme Court agreed with Seila Law that the CFPB’s structure was unconstitutional and remanded the case for further consideration, a unanimous Ninth Circuit panel ruled that the civil investigative demand (CID) issued to Seila Law was validly ratified by former Director Kraninger and affirmed the district court’s decision granting the CFPB’s petition to enforce the CID. Following a sua sponte request from a Ninth Circuit judge for a vote on whether to rehear the case en banc, a majority of the non-recused Ninth Circuit active judges voted against en banc reconsideration and rehearing en banc was denied. However, four judges joined in an opinion dissenting from the denial. Seila Law then filed a motion for a stay of the mandate in which it asserted that for the reasons given by the dissenters, “there is a reasonable chance that the Supreme Court will grant certiorari in this case.” The Ninth Circuit has granted Seila Law’s stay motion pending its filing of a certiorari petition in the Supreme Court.
The ratification question is also before the Fifth Circuit in All American Check Cashing. In March 2020, the Fifth Circuit, on its own motion, entered an order vacating the panel’s ruling that the CFPB’s structure was constitutional and granting rehearing en banc. The Fifth Circuit then tentatively calendared the case for en banc oral argument during the week of September 21, 2020 and ordered the parties to file supplemental briefs. However, on September 9, 2020, after the parties filed their supplemental briefs, the Fifth Circuit issued a directive putting the case on hold until the U.S. Supreme Court issued its decision in Collins v Mnuchin. In its decision issued earlier this week, the Supreme Court agreed with the en banc Fifth Circuit’s decision in Collins that held the FHFA’s structure is unconstitutional because the Housing and Economic Recovery Act of 2008 only allows the President to remove the FHFA’s Director “for cause.”
President Biden Signs CRA Resolution Overriding OCC True Lender Rule; Ballard Spahr to Hold August 9 Webinar
The final step in the demise of the OCC’s true lender rule occurred yesterday with President Biden signing the resolution under the Congressional Review Act (CRA) overturning the rule that was passed by the House and Senate.
On August 9, 2021, from 12:00 p.m. to 1:00 p.m. ET, Ballard Spahr will hold a webinar, “Congress Overrides the OCC’s True Lender Rule: What Are the Risks for Banks and Their Loan Program Nonbank Partners?” Click here to register.
Pursuant to the CRA, the enactment of a disapproval measure precludes the OCC from subsequently reissuing the rule or adopting a new rule that is substantially the same as the disapproved rule unless “the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule.” The Congressional override of the rule also renders moot the lawsuit filed by a group of state attorneys general in January 2021 seeking to set aside the rule.
SCOTUS Limits Article III Standing in FCRA Damages Class Action to Class Members Who Suffered Concrete Injury
In a 5-4 decision, the U.S. Supreme Court ruled in TransUnion, LLC. v. Ramirez that only class members who were concretely harmed by TransUnion’s FCRA violation had Article III standing to seek damages.
In the case, Sergio Ramirez, the named plaintiff, alleged that he suffered difficulty in obtaining credit and other harm after an automobile dealer received a credit report from TransUnion indicating that his name matched a name found on the list of terrorists and narcotics traffickers with whom U.S. companies may not transact business that is maintained by the Office of Foreign Assets Control (OFAC). He filed a class action complaint alleging that TransUnion violated the FCRA, including by failing to follow reasonable procedures to ensure the accuracy of information in his credit file.
Before trial, the parties stipulated that the class consisted of 8,185 members whose credit files contained misleading OFAC alerts and that only 1,853 members (including Mr. Ramirez) had their credit reports disseminated by TransUnion to potential creditors during the class period. The district court ruled that all 8,185 class members had Article III standing and following a trial, the jury awarded each class member $984.22 in statutory damages and an additional $6,353.08 in punitive damages for a total award of more than $60 million. On appeal, the Ninth Circuit affirmed the district court’s ruling that all class members had Article III standing to recover damages for their FCRA claims but reduced the punitive damages to $3,936.88 per class member (thereby reducing the total award to approximately $40 million).
In the opinion of the Court written by Justice Kavanaugh, the Court first considered the Article III standing of the 1,853 class members whose reports were disseminated to third parties. The plaintiffs argued that their asserted intangible injury from being labeled a potential terrorist qualified as concrete harm under Spokeo because it bore a close relationship to harms traditionally recognized as providing a basis for lawsuits in American courts—namely, the reputational harm associated with the tort of defamation. The Court agreed with the plaintiffs, stating that “[w]e have no trouble concluding that the 1,853 class members suffered a concrete harm that qualifies as an injury in fact.”
In turning to the remaining 6,332 class members whose credit information was not provided by TransUnion to any potential creditors, the Court called them “a different story.” It found that “the mere presence of an inaccuracy in an internal credit file, if it is not disclosed to a third party, causes no concrete harm.” In the Court’s view, “the plaintiffs’ harm is roughly the same, legally speaking, as if someone wrote a defamatory letter and then stored it in her desk drawer. A letter that is not sent does not harm anyone, no matter how insulting the letter is. So too here.”
The Court also rejected the plaintiffs’ attempt to satisfy Spokeo’s concrete harm requirement through the assertion that they suffered a material risk of future harm. While acknowledging that a plaintiff exposed to a risk of future harm can pursue forward-looking injunctive relief, the Court distinguished a plaintiff’s standing to seek injunctive relief from the plaintiff’s standing to seek retrospective damages. It found the plaintiffs’ argument for standing for their damages claim based on an asserted risk of future harm to be unavailing because they had not demonstrated that the risk of future harm materialized or presented evidence that the class members were independently harmed by their exposure to the risk itself (e.g. that they suffered an emotional injury from the mere risk their credit reports would be provided to third parties.)
The Court also found that “even apart from this fundamental problem with their argument based on the risk of future harm,” the plaintiffs had not factually established a sufficient risk of future harm to support standing. More specifically, they had not demonstrated a sufficient likelihood that their individual credit information would be requested by third parties and provided by TransUnion during the relevant period or that TransUnion would intentionally or accidentally release their information to third parties. In addition, the Court noted that the plaintiffs had not presented evidence that the 6,332 class members even knew the OFAC alerts were in their credit files and observed that “[i]t is difficult to see how a risk of future harm could supply the basis for a plaintiff’s standing when the plaintiff did not even know that there was a risk of future harm.”
In addition to the “failure to follow reasonable procedures” FCRA claim, the complaint alleged that TransUnion violated the FCRA by failing to provide the plaintiffs with all of the information in their credit files upon request and by failing to provide them with a summary of rights. In their disclosure claim, the plaintiffs alleged that TransUnion sent them copies of their credit files that omitted the OFAC information and then sent the OFAC information in a second mailing. In their summary of rights claim, the plaintiffs alleged that TransUnion should have included another summary of rights in the second mailing with the OFAC information. The Court found that only Mr. Ramirez had suffered a concrete harm sufficient to provide Article III standing to assert these claims. According to the Court, the plaintiffs had not demonstrated they suffered any harm at all from these violations, having presented no evidence that a single class member other than Mr. Ramirez had “so much as opened the dual mailings” or that they would have tried to correct their credit files if they had been sent the information in the proper format. (emphasis included).
The Court reversed the Ninth Circuit’s judgment and remanded the case for further proceedings, noting that in light of its conclusion about Article III standing, “we need not decide whether Mr. Ramirez’s claims were typical of the claims of the class under Rue 23.” It stated that on remand, “the Ninth Circuit may consider in the first instance whether class certification is appropriate in light of our conclusion about standing.”
In a surprising twist, Justice Thomas issued a dissenting opinion which was joined by the Court’s three liberal justices. Justice Thomas wrote that the majority’s decision “might actually be a pyrrhic victory for TransUnion” because “[t]he Court does not prohibit Congress from creating statutory rights for consumers; it simply holds that federal courts lack jurisdiction to hear some of these cases.” He made the observation that “[this] combination may leave state courts — which ‘are not bound by the limitations of a case or controversy or other federal rules of justiciability even when they address issues of federal law,’ — as the sole forum for such cases, with defendants unable to seek removal to federal court.” (citations omitted). According to Justice Thomas, “[b]y declaring that federal courts lack jurisdiction, the Court has thus ensured that state courts will exercise exclusive jurisdiction over these sorts of class actions.”
- Daniel JT McKenna & Christopher J. Willis
Florida Governor Signs Bill Limiting Use of Automated Dialing Systems
On June 29, Florida Governor DeSantis signed into law CS/SB 1120 which amends Florida law to impose new limits on the use of “automatic dialers.” The law went into effect on July 1.
The new law prohibits the use of an “automated system” to make “telephonic sales call” without the prior express written consent of the “called party.” A “telephonic sales call” is defined as “a telephone call, text message, or voicemail transmission to a consumer for the purpose of soliciting a sale of any consumer goods or services, soliciting an extension of credit for consumer goods or services, or obtaining information that will or may be used for the direct solicitation of a sale of consumer goods or services or an extension of credit for such purposes.” “Consumer goods or services” is defined as “real property or tangible or intangible personal property that is normally used for personal, family, or household purposes, including, but not limited to, any such property intended to be attached to or installed in any real property without regard to whether it is so attached or installed, as well as cemetery lots and timeshare estates, and any services related to such property.” The “called party” is defined as “a person who is the regular user of the telephone number that receives a telephonic sales call.”
Surprisingly, “automated system” is not a defined term in the new law. However, the law’s prohibitory language refers to telephonic sales calls that involve “an automated system for the selection or dialing of telephone numbers or the playing of a recorded message when a connection is completed to a number called.” Thus, the systems that can qualify as an “automated system” for purposes of the new Florida law are not limited to equipment that would qualify as an automatic telephone dialing system (ATDS) under the federal Telephone Consumer Protection Act (TCPA). The TCPA defines an ATDS as “equipment which has the capacity (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” In Facebook v. Duguid, the U.S. Supreme Court held that automatic dialing technology only qualifies as an ATDS if it has the capacity to store numbers “using a random or sequential number generator” or produce numbers “using a random or sequential number generator.”
In addition to covering a broader range of equipment than the TCPA, the new Florida law’s prohibition on using automated systems is not limited to calls to cellular phones. Also, under the new law, to obtain a consumer’s “prior express written consent” to receive calls made using an automated system, a company must provide a specified disclosure and satisfy other requirements.
The new law does not expressly limit its coverage to calls made to consumers located in Florida and instead broadly prohibits “a person” from making calls using automated systems without the consumer’s consent. However, the law contains a rebuttable presumption that any call to a number with a Florida area code is to a Florida residence or to a person in Florida at the time of the call. This would suggest that the law is only intended to cover calls to Florida consumers.
The statute contains a number of exemptions, including an exemption for a “supervised financial institution or parent, subsidiary, or affiliate thereof operating within the scope of supervised activity.”
The statute also includes other limitations on telemarketing calls, including prohibitions on making commercial telephone solicitations before 8 a.m. or after 8 p.m. (in the called person’s time zone), making more than three commercial telephone solicitations from any number to a person over a 24-hour period on the same subject matter or issue, and using technology to conceal the caller’s true identity.
The new law includes a private right of action for violations and provides for the greater of actual damages or $500, which can be trebled for willful or knowing violations.
State AGs File Opposition to FDIC’s Summary Judgment Motion in Lawsuit Challenging “Madden-Fix” Rule
The state attorneys general have filed their opposition to the FDIC’s motion for summary judgment in their lawsuit to set aside the FDIC’s “Madden-fix” rule. The filing also includes the AGs’ reply to the FDIC’s opposition to their summary judgment motion.
The lawsuit is pending before the same California federal district court judge (Judge Jeffrey S. White) who is hearing the lawsuit filed by three state AGs to set aside the OCC’s similar Madden-fix rule. Cross-motions for summary judgment have been filed in that case. Oral argument on the motions was scheduled for May 7, 2021 but on May 6, the Clerk issued a notice vacating the hearing without setting a new date.
In opposing the FDIC’s summary judgment motion, the AGs’ primary arguments are:
- The FDIC rule is not entitled to deference because Section 27 of the Federal Deposit Insurance Act (12 U.S.C. 1831d) is unambiguous. By its plain language, Section 27 applies only to interest that a bank can charge. Even if Section 27 is found to be ambiguous, the FDIC rule impermissibly expands the scope of preemption to nonbank loan buyers and is not a reasonable interpretation of the statute.
- The FDIC rule is arbitrary and capricious because the FDIC failed to give sufficient consideration to evidence that the rule will likely facilitate rent-a-bank schemes and failed to meaningfully address the true lender doctrine’s applicability to loan sales potentially covered by the rule.
The court’s scheduling order requires the FDIC to file its reply to the AGs’ opposition by July 15, 2021. Oral argument on the summary judgment motions is scheduled for August 6, 2021.
CFPB Acting Director Dave Uejio Nominated to Serve as HUD Assistant Secretary
Last week, the White House announced that President Biden intends to nominate Dave Uejio, who currently serves as CFPB Acting Director, to serve as Assistant Secretary for Fair Housing and Equal Opportunity at the Department of Housing and Urban Development.
In January 2021, President Biden named Rohit Chopra to serve as CFPB Director. Mr. Chopra currently serves as an FTC Commissioner and it was widely believed that to avoid the possibility of a Republican majority, the White House sought to delay Mr. Chopra’s confirmation as CFPB Director until President Biden filled the FTC seat of former Chairman Simons. On June 15, Lina Khan was confirmed as FTC Commissioner and sworn in as FTC Chair.
Ms. Kahn’s confirmation has presumably cleared the way for Mr. Chopra’s confirmation as CFPB Director and observers believe Mr. Uejio’s nomination to serve as HUD Assistant Secretary could lead to a Senate vote on Mr. Chopra very soon.
Ballard Spahr Partner Phil Yannella Authors Book on Data Breach and Privacy Litigation
Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation. The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase. The publication of CyberLitigation comes at an important moment as the U.S. is in the midst of a huge surge in data breaches, particularly ransomware attacks. In 2020, U.S. companies publicly reported 3,950 data breaches, according to the Verizon Data Breach Investigations Report − a number that likely understates the total number of breaches, as many breaches are not reported. Despite renewed focus by the U.S. government on stopping hackers, and widespread efforts by U.S. companies to harden their security through encryption, multi-factor authentication, and shifting to cloud-based applications, the pace of data breaches has not slowed down in 2021.
As breaches have increased, so too has litigation. At the current pace, over 1200 data breach or privacy lawsuits, most of them class actions, will be filed this year. Much of the new litigation is driven by statutes, such as the California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act (BIPA), and state wiretap laws that provide for statutory damages.
Ballard Privacy & Data Security Partners Kim Phan and Greg Szewczyk are contributing authors.
In addition to data privacy and data breach litigation, this book addresses other kinds of emerging cyber claims such as website accessibility claims, webscraping claims, disputes under the Payment Card Industry (PCI) data security standards, and cyber-coverage disputes. The common link among these kinds of cyber-litigation is that they all involve the collection, access, sharing, protection, or use of online information. The book is available for purchase here.
Connecticut Department of Banking Issues Order Establishing Remote Office Locations on a Permanent Basis
Connecticut’s Banking Commissioner signed an order that permits individuals engaged in certain licensable activity on behalf of certain consumer credit licensees to work from remote office locations not licensed as branch office locations. The order, pursuant to the authority set forth in Section 205 of Senate Bill 1202 and available here, extends the previous no-action position of the Commissioner and was effective July 1, 2021.
The order applies to individuals working on behalf of persons licensed in Connecticut as:
- Consumer collection agencies;
- Debt adjusters;
- Debt negotiators;
- Mortgage brokers, mortgage correspondent lenders or mortgage lenders;
- Mortgage servicers;
- Sales finance companies;
- Small loan companies; and
- Student loan servicers.
Any residential or non-commercial location in the United States where an individual engages in authorized activity on behalf of a licensee, other than a location licensed as a main office or branch office as defined in Section 36a-485, may be considered a remote office location.
Any licensee that conducts business from a remote office location must conform to specified standards, including:
- Maintaining accurate records that identify the dates of authorized remote office activity, the location of each remote office, and the individuals authorized to conduct business at each such office;
- Implementing policies and procedures to ensure reasonable supervision over its remote office activities;
- Ensuring that no records of licensable activity are maintained at the remote office location;
- Ensuring that any individual working from the remote office location is licensed under Title 36a to conduct such remote office activity, as applicable;
- Not meeting with members of the public at such remote office location or holding such location out as an office to members of the public;
- For any licensed individual conducting business from a remote office location, designating a licensed branch office or main office location as the location of business on the system;
- Ensuring that consumer and licensee information and records remain accessible for regulatory oversight and examination; and
- Establishing safeguards concerning personal information and data security at the remote office location, consistent with existing requirements and applicable state and federal law, including but not limited to, utilizing a VPN or comparable system, and ensuring appropriate updates, patches, or other alternations to maintain the security of all devices used at remote locations.
Remote office activities must comply with all applicable requirements under state and federal law and remain subject to the Commissioner’s investigation and examination authority. The order states that, “[i]f at any time the Commissioner finds that any individual or licensee is violating the requirements of this order or other applicable laws or regulations, the Commissioner may restrict the ability of an individual or licensee to conduct activities from a remote office location pursuant to the provisions of Title 36a.” Presumably, this authority is in addition to any existing authorities already available to the Commissioner in connection with a violation of an order of the Commissioner or a violation of applicable law or regulation already set forth in Title 36a.
Jaeyoung Choi, a student at American University Law School and Ballard Spahr summer associate, contributed to this alert.
- Stacey L. Valerio & Jaeyoung Choi
Vermont Rescinds Combination License Type on NMLS
Due to recent amendments to certain licensing statutes by the Vermont legislature, the Combination License type has been rescinded from the Nationwide Multistate Licensing System (NMLS). Companies and branches that hold a Combination License are now required to file an application through NMLS to transition back to the separate licenses required to conduct business, which are the Lender, Mortgage Broker, Loan Solicitation, and/or Loan Servicer Licenses.
The transition period began on July 6 and will end on September 30, 2021. The transition is mandatory and is not optional.
Licensees are encouraged to review the Transition Checklists for instructions, and may direct questions about the transition to Phyllis.firstname.lastname@example.org.
Aftermath of PPP Lending: Lender Compliance, Risk and Enforcement
A Ballard Spahr Webinar | July 12, 2021, 12:00 PM – 1:00 PM ET
Speakers: Thomas Burke, Terence M. Grugan, Lori Sommerfield & Mary K. Treanor
e-OSCAR 101: The Nuts and Bolts of Consumer Credit Disputes through e-OSCAR
A Ballard Spahr Webinar | July 15, 2021, 12:00 PM – 1:00 PM ET
Speakers: Stefanie H. Jackman & Kim Phan