Category Archives: Consumer Financial Protection

CFPB Proposes COVID-19 Rule to Amend Its Mortgage Servicing Rule and Provide Additional Guidance Related to the Pandemic

Posted on by

Jonathan K. Moore, Scott D. Samlin, Chenxi Jiao, and Louise Bowes Marencik

On April 5, 2021, the Consumer Financial Protection Bureau (“CFPB”) issued a notice of proposed rulemaking that proposes amendments to its Mortgage Servicing Rule (the “Proposed Rule”) to provide additional assistance for borrowers impacted by the COVID-19 emergency. The pandemic has resulted in nearly three million borrowers with delinquent mortgages, which is more homeowners in default than any time since the peak of the Great Recession in 2010. Nearly 1.7 million borrowers will exit forbearance programs in September and the following months upon expiration of the maximum term of 18 months in forbearance for federally backed mortgage loans. The Proposed Rule is intended to ensure that these homeowners have the opportunity to be evaluated for loss mitigation options prior to their loans being referred to foreclosure.

If finalized, the Proposed Rule would apply to all mortgages on a principal residence and amend Regulation X (12 CFR 1024).

To read the full client alert, please click here.

CFPB Proposes Delay of Effective Date for Debt Collection Rules

Posted on by

Jonathan K. Moore and Louise Bowes Marencik

On April 7, 2021, the Consumer Financial Protection Bureau (“CFPB”) issued a Notice of Proposed Rulemaking delaying the effective date of its recent debt collection final rules. The final rules, which were issued on October 30, 2020 and December 18, 2020, were scheduled to become effective on November 30, 2021. However, in light of the ongoing COVID-19 pandemic, the CFPB has proposed delaying the effective date until January 29, 2022, in order to give the affected parties additional time to review and comply with the new rules.

To read the full client alert, please click here.

NY Department of Financial Services Enforces First-in-the-Nation Cybersecurity Rules and Fines Mortgage Lender $1.5 Million for Failure to Comply

Posted on by

Andrea M. Roberts and Diana M. Eng

In March 2017, New York State’s Department of Financial Services (“DFS”) implemented the nation’s first cybersecurity rules requiring all regulated entities, such as banks, insurers, financial businesses, and regulated virtual currency operators, to fortify their cybersecurity protocols by implementing and maintaining cybersecurity policies (the “Cybersecurity Regulation”). These protocols and policies include, among other things, establishing a detailed security plan, increasing the monitoring of third-party vendors, appointing chief information security officers, and reporting breaches to the Superintendent of the Department of Finance within 72 hours of identifying a Cybersecurity Event.[1] The Cybersecurity Regulation is codified at 23 NYCRR 500.

For the second time, DFS has fined a regulated entity for failure to comply with the Cybersecurity Regulation. In March 2020, DFS commenced an examination of Residential Mortgage Services, Inc. (“Residential”), a Mortgage Banker (as defined in the Banking Law) based in Maine and licensed in New York. The examination encompassed a general compliance, safety, and soundness review, as well as compliance with the Cybersecurity Regulation. During the review, Residential disclosed for the first time a Cybersecurity Event, which had occurred nearly 18 months earlier. Specifically, an employee, who handles sensitive personal data, received a phishing e-mail and clicked on a hyperlink to a malicious website. DFS determined that although Residential’s technical support staff was alerted to the suspicious activity, Residential’s internal investigation was inadequate since it did not conduct any further inquiry after concluding the unauthorized access was limited to the employee’s e-mail account. Further, DFS determined Residential failed to satisfy the notification requirements of the Cybersecurity Regulation, as Residential failed to (i) identify whether the employee’s mailbox contained private consumer data during the breach and which consumers were impacted; and (ii) notify the Department of Finance within 72 hours of identifying a Cybersecurity Event. Finally, DFS determined that Residential was missing a comprehensive cybersecurity risk assessment, which should have led to the periodic evaluation of controls designed to protect nonpublic information and information systems.

Continue reading

U.S. Supreme Court Holds “Autodialer” Definition under the TCPA Is Limited to Equipment Using a Random or Sequential Number Generator

Posted on by

Wayne StreibichDiana M. Eng, and Andrea M. Roberts

Financial institutions, debt collectors, and consumer-facing businesses should take note that the United States Supreme Court has ruled that the definition of an “autodialer” under the Telephone Consumer Protection Act, as written, requires that the device must use a random or sequential number generator. This narrow interpretation should shield companies from liability in current or future actions, where the consumers’ telephone numbers are known and not random or sequentially generated.

In Facebook, Inc. v. Duguid, 592 U.S. ___ (2021), the United States Supreme Court (“SCOTUS”) narrowly interpreted the definition of “autodialer” under the Telephone Consumer Protection Act (“TCPA”), holding the definition excludes equipment that does not use a random or sequential number generator. SCOTUS specifically held that an “automatic telephone dialing system” is limited to equipment that either stores a telephone number using a random or sequential number generator, or produces a telephone number using a random or sequential number generator.

Summary of Facts and Background

Plaintiff Noah Duguid (“Plaintiff”) began receiving several login-notification text messages from defendant Facebook, Inc. (“Facebook”), alerting him that someone had attempted access to the Facebook account associated with his phone number from an unknown browser. Plaintiff never had a Facebook account and had not given Facebook his phone number. As such, Plaintiff commenced a putative class action in the District Court for the Northern District of California (“District Court”) against Facebook, alleging it violated the TCPA by maintaining a database that stored phone numbers and programmed its equipment to send automated text messages to the stored phone numbers each time the person’s account was accessed by an unrecognized device or browser.

Facebook moved to dismiss, arguing that it did not violate the TCPA because Facebook did not use an automatic dialer, as its text messages were not sent to phone numbers that were randomly or sequentially generated. Rather, Facebook sent targeted, individualized texts to phone numbers linked to specific accounts. The District Court agreed with Facebook and dismissed Plaintiff’s complaint with prejudice.

Plaintiff appealed, and the United States Court of Appeals for the Ninth Circuit (“Ninth Circuit”) reversed the District Court’s order. The Ninth Circuit held that an autodialer “need not be able to use a random or sequential generator to store numbers; it need only have the capacity to ‘store numbers to be called’ and ‘to dial such numbers automatically.’” SCOTUS granted certiorari to resolve a circuit split among the Courts of Appeals regarding whether the definition of an “automatic telephone dialing system” includes equipment that can “store” and dial phone numbers, even if such equipment does not “us[e] a random or sequential number generator.”

To read the full client alert, please click here.

CFPB Issues Second Final Rule Clarifying Regulation of Fair Debt Collection Practices

Posted on by
Reply

Wayne Streibich, Jonathan K. Moore, and Louise Bowes Marencik

On December 18, 2020, the Consumer Financial Protection Bureau (“CFPB”) issued a final rule concerning debt collection disclosures, which follows its October 30, 2020 final rule regarding debt collection communications. The two final rules implement and interpret the consumer protections set forth in the Fair Debt Collection Practices Act (“FDCPA”) of 1977. The final rules will both become effective on November 30, 2021.

The latest final rule outlines various requirements regarding debt collection disclosures. Specifically, a debt collector must send a written disclosure to a consumer containing information concerning the debt and actions the consumer may take in response, within five days of its initial communication with the consumer. This disclosure must be sent unless such validation information was provided in the initial communication or the consumer has paid the debt. The final rule includes a model validation notice, which, if used, provides a safe harbor for compliance with the disclosure requirements. The final rule also requires debt collectors to disclose the existence of a debt to the customer, orally, in writing, or electronically, before it can report information concerning the debt to a consumer reporting agency.

Please click here to read the full client alert.

New York’s Department of Financial Services Issues Regulation for Financial Institutions to Provide Relief to Consumers Suffering Financial Hardship Resulting from COVID-19 Pandemic

Posted on by
Reply

Wayne StreibichDiana M. Eng, Andrea M. Roberts, Scott D. Samlin

On March 21, 2020, in response to the COVID-19 pandemic, Governor Cuomo issued Executive Order 202.9, directing institutions regulated by New York’s Department of Financial Services (“NY DFS”) to provide financial relief to New York consumers experiencing financial hardship as a result of the pandemic. As a result, on March 24, 2020, NY DFS enacted Part 119 of Title 3 of the Official Compilation of Codes, Rules and Regulations of the State of New York (“NYCRR”) establishing standards and procedures that a “Regulated Institution” must follow in its review of requests for relief pursuant to Executive Order 202.9. Importantly, Section 119.2 defines a “Regulated Institution” as “any New York regulated banking organization as defined under New York Banking Law and any New York regulated mortgage servicer entity subject to the authority of the Department.” (Emphasis added).

Highlights of the NY DFS Regulation1

Section 119.3 directs the Regulated Institution to do the following for any individual who can demonstrate financial hardship as a result of the COVID-19 pandemic:

  • In connection with a residential mortgage of a property located in NY: (i) make applications for forbearance of any payment due widely available to any individual who resides in NY and (ii) grant such forbearance for a period of 90 days (subject to the safety and soundness requirements of the Regulated Institution). This provision does not apply to, and does not affect mortgage loans “made, insured, or securitized by any agency or instrumentality of the United States, any Government Sponsored Enterprise, or a Federal Home Loan Bank, or the rights and obligations of any lender, issuer, servicer or trustee of such obligations, including servicers for the Government National Mortgage Association.”
  • With respect to banking organizations: (1) eliminate fees charged for the use of ATMs that are owned or operated by the regulated banking organization; (2) eliminate any overdraft fees; and (3) eliminate any credit card late payment fees. (Regulated Institutions are not limited to these three requirements and may take additional actions if they so desire.)

Within ten (10) business days of the implementation of this regulation, i.e., by April 7, 2020, the Regulated Institution shall e-mail, publish on their website, mass mail, or otherwise broadly communicate to its customers how to apply for relief. The criteria, developed by the Regulated Institution, “shall be clear, easy to understand, and reasonably tailored to the requirements of the [R]egulated [I]nstitution to assess whether it will provide, consistent with the goals of Executive Order 202.9 and this regulation, applicable state and federal law, and the principles of safe and sound business practices, COVID-19 relief.” 3 NYCRR § 119.3(d)(1).

In addition, Section 119.3(e) outlines the requirements for processing applications for relief, as follows:

  • The Regulated Institution must process and respond to the request for relief no later than ten (10) business days after receiving all the information it needs to process the application;
  • The Regulated Institution must process the application for relief expeditiously; the Regulated Institution is responsible for developing and implementing the procedures to do so; and
  • Decisions on the application for relief shall be made in writing and provide the consumers the next steps if they are approved or denied the request.

Finally, Section 119.39(4) modifies Section 39 of the New York Banking Law concerning unsafe and unsound business practices. Under the modified section, it is an “unsafe and unsound business practice” if any Regulated Institution does not “grant a forbearance of any payment due on a residential mortgage for a period of ninety (90) days to any individual who has applied for such forbearance and demonstrated a financial hardship as a result of the COVID-19 pandemic as described herein.” NY DFS will consider, among other things, the adequacy of the process established by the Regulated Institution, the thoroughness of the review of the application, and the payment history, creditworthiness and financial resources of the borrower, in assessing whether a regulated institution has engaged in an unsafe or unsound practice. Regulated Institutions must also maintain copies of all files related to implementation of Part 119 for seven (7) years from March 24, 2020 (date of implementation of the regulation) and must make such files available for inspection at the NY DFS’ next examination of the Regulated Institution.

The standards and procedures set forth in Part 119 shall be in effect for ninety (90) days. After the expiration of the 90-day period, NY DFS will renew this emergency regulation, if necessary.

Conclusion

Regulated Institutions must implement processes and procedures to comply with Part 119 by April 7, 2020, including immediately setting up procedures to review applications for relief and taking the necessary steps to notify its customers of how to apply for such relief. Thus, Regulated Institutions should determine which of its loans, if any, are subject to this regulation and accept and review its customers for forbearance relief as described in the regulation.

Mr. Streibich would like to thank Diana M. Eng, Andrea M. Roberts, and Scott D. Samlin for their assistance in developing this alert.

1 This Alert provides the highlights of the regulation, which does not apply to any commercial mortgage or any other loans not described in the regulation. Please visit the NY DFS website for the complete regulation: dfs.ny.gov/system/files/documents/2020/03/re_new_pt119_nycrr3_text.pdf.

CFPB Proposes Regulations to Clarify, Modernize, and Implement the Fair Debt Collection Practices Act

Posted on by
Reply

Wayne Streibich, Diana M. Eng, Jonathan M. Robbin, Nicole R. Topper, Scott E. Wortman, and Paul Messina Jr.

Financial institutions and debt collectors should take note of, and provide comments on, the CFPB’s recent Notice of Proposed Rulemaking, which attempts to provide consumers with “clear protections against harassment by debt collectors and straightforward options to address or dispute debts.”      

On May 7, 2019, the Consumer Financial Protection Bureau (“CFPB”) released its long-awaited Notice of Proposed Rulemaking (“NPRM”), aiming to clarify and modernize the Fair Debt Collections Practices Act (“FDCPA”). The over 500-page NPRM marks the CFPB’s latest half-decade long effort to issue the first set of substantive rules interpreting the FDCPA since its passage in 1977.

Background

Seeking to curb abuses in the debt collection industry, Congress enacted the FDCPA in 1977. However, with the passage of time and the creation of new technologies, ambiguities and uncertainties in the industry developed. Without any federal agency delegated authority to write substantive rules interpreting the FDCPA, the courts were left with the sole burden of doing so. That changed in 2010, when Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) delegating authority to the CFPB.

Citing the ongoing and abundance of consumer complaints, as well as the need to adapt the FDCPA for modern technologies, the CFPB called for public input on potential new regulations in 2013, and again in 2016, releasing an outline of proposals under consideration. This week’s NPRM incorporates many of those ideas with some adjustments. The NPRM will be open for 90 days for public comment following its publication in the Federal Register.

Please click here for the full client alert. 

U.S. Supreme Court Holds Foreclosure Firms Conducting Nonjudicial Foreclosures Are Not Debt Collectors Under the FDCPA

Posted on by
Reply

By: Wayne Streibich, Diana M. Eng, Cheryl S. Chang, Jonathan M. Robbin, and Namrata Loomba

The United States Supreme Court holds businesses conducting nonjudicial foreclosures are not “debt collectors” under the FDCPA, but lenders and foreclosure firms should take note that the Court specifically chose to leave open the question of whether businesses that conduct judicial foreclosures are “debt collectors” under the statute. 

On March 20, 2019, in Obduskey v. McCarthy, the Supreme Court of the United States issued an opinion holding businesses conducting nonjudicial foreclosures are not “debt collectors” under the Fair Debt Collection Practices Act (“FDCPA”). The Supreme Court limited its decision to nonjudicial foreclosures.1 The Justices ruled 9-0 in the case, with Justice Breyer writing the opinion and Justice Sotomayor concurring.

Please click here for the full client alert. 

Third Circuit Broadens Definition of “Debt Collector” under FDCPA to Include Entities That Acquire Debt but Outsource Collection of That Debt

Posted on by
Reply

By: Jonathan M. Robbin, Diana M. Eng, and Maria K. Vigilante

In Barbato v. Greystone Alliance, LLC et al., a recent precedential decision, the Third Circuit Court of Appeals held an entity whose business is the purchasing of defaulted debts for the purpose of collecting on them falls squarely within the “principal purpose” definition of the Fair Debt Collection Practices Act (“FDCPA”), 15 U.S.C. § 1692(a), even where the entity does not collect the debt and a third party is retained to do so. No. 18-1042, __ F.3d __ (3d Cir. 2019).

Specifically, Barbato expanded the Supreme Court’s holding in Henson v. Santander Consumer USA, 137 S. Ct. 1718 (2017) and rejected the defendant’s argument that Henson renders it a creditor rather than a debt collector because “its principal purpose is the acquisition—not the collection” of debt. Thus, the Barbato court held that where an entity meets the “principal purpose” definition, it cannot avoid the FDCPA’s requirements by retaining a third party to collect the debt.

Please click here for the full client alert. 

Ninth Circuit Holds That Fannie Mae Is Not a Consumer Reporting Agency under FCRA

Posted on by
Reply

By: Wayne StreibichCheryl S. Chang, Diana M. Eng, and Christine Lee

On January 9, 2019, a divided Ninth Circuit panel ruled that the Federal National Mortgage Association, or Fannie Mae, was not a “consumer reporting agency” within the meaning of the Fair Credit Reporting Act (“FCRA”). In Zabriskie v. Federal National Mortgage Association, the Ninth Circuit reversed the Arizona District Court’s holding that Fannie Mae acts as a consumer reporting agency when it licenses its proprietary software, Desktop Underwriter (“DU”), to lenders and that it is therefore subject to the FCRA. Zabriskie v. Fed. Nat’l Mortgage Ass’n, Nos. 17-15807, 17-16000, 2019 WL 137931 (9th Cir. Jan. 9, 2019).

The FCRA defines a “consumer reporting agency” as “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of preparing or furnishing consumer reports.” 15 U.S.C. § 1681a(f). In reaching its conclusion, the Ninth Circuit specifically examined whether Fannie Mae’s licensing of its DU software constituted: (1) regularly engaging in the practice of assembling or evaluating consumer credit information and (2) for the purpose of preparing or furnishing consumer reports.

Please click here for the full client alert.