chevron-down Created with Sketch Beta.

Business Law Today

March 2022

March 2022 in Brief: Business Regulation & Regulated Industries

Lynette I Hotchkiss

March 2022 in Brief: Business Regulation & Regulated Industries

Jump to:

Banking Law

LIBOR Act Provides Answers, Safe Harbor for Lenders

By Arthur J. Rotatori, Jeffrey Barringer, andSanford Shatz, McGlinchey Stafford, PLLC

On March 15, 2022, the Consolidated Appropriations Act of 2022 was signed into law. Division U, the Adjustable Interest Rate (LIBOR) Act, resolves what had otherwise been a pending concern with variable interest rate loan contracts that use LIBOR as their index.

LIBOR, which historically had been used as the variable rate index in many commercial and consumer loan contracts, is scheduled to sunset on June 30, 2023. While commercial and consumer lenders have now largely transitioned away from writing new contracts using LIBOR, there are $200 trillion worth of LIBOR-based legacy contracts. Many of those contracts do not clearly provide for a specific replacement to LIBOR, raising the issue of what would happen to those contracts when LIBOR is discontinued. The LIBOR Act now provides a legislative answer to that question and a safe harbor for lenders who comply with its provisions.

The LIBOR Act provides that the benchmark replacement rate selected by the Federal Reserve Board (FRB) will replace LIBOR as the variable rate index in all affected loan contracts. It is widely anticipated that the FRB will designate the Secured Overnight Financing Rate (SOFR) as the benchmark replacement rate. The LIBOR Act also provides that use of the designated benchmark replacement constitutes the use of a “comparable” or “commercially reasonable replacement rate” using language commonly found in variable interest rate contract provisions. In addition, the LIBOR Act provides that use of the designated benchmark replacement constitutes a safe harbor that protects the creditor from any legal liability.

Specifically addressing consumer variable rate loans, the LIBOR Act authorizes the FRB to adjust the benchmark replacement over a one-year period starting on June 30, 2023. The purpose of these adjustments is to “transition linearly from the difference between” the LIBOR tenor specified in the consumer loan documents to the benchmark replacement over that time period. At the end of that period, the FRB will publish the benchmark replacement incorporating the “tenor spread adjustments” specified in the LIBOR Act. Presumably, this phase-in for consumer loans will lessen the impact of the transition away from LIBOR on consumer borrowers.

Finally, the LIBOR Act directs the FRB to promulgate regulations to implement the LIBOR Act within 180 days of enactment, meaning that such regulations are expected in September 2022. The LIBOR Act and its forthcoming regulations, taken together with the amendments to Regulation Z and its Official Comments that address disclosure issues related to the LIBOR transition and take effect on April 1, 2022, appear to resolve the contractual and consumer protection issues arising from the demise of LIBOR.

President Biden Signs Executive Order on Ensuring Responsible Development of Digital Assets

By Rachael L. Aspery, McGlinchey Stafford, PLLC

On March 9, 2022, President Biden signed an Executive Order that serves as the first “whole-of-government” strategy that addresses both the benefits and risks of digital assets and their underlying technology. The Order outlines six priorities that factor into addressing a national policy for digital assets, which include: consumer and investor protection; financial stability; illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.

The priorities call attention to the heightened risk that digital assets pose to consumers, investors, and businesses if risks are not properly mitigated and protections are not implemented. The priorities highlight that oversight, standards, and other safeguards are essential in digital asset exchanges, trading platforms, and financial services so that appropriate measures are taken to ensure consumer protection and privacy and to prevent unlawful surveillance that ultimately can contribute to human rights abuses.

Additionally, the priorities address the need to mitigate illicit finance and national security risks posed by misuse of digital assets, including money laundering, cybercrime, ransomware, narcotics and human trafficking, and terrorism and proliferation financing. The Order acknowledges that the growth in decentralized financial ecosystems, peer-to-peer payments activity, and obscured blockchain ledgers contributes to the market and national security risks. The U.S. must ensure appropriate controls and accountability for the digital asset ecosystem to promote heightened standards for regulation, oversight, and law enforcement action.

The priorities also address the United States leadership in the fabric of the global financial system, including its continued contributions in the development of payment innovations and digital assets, and the importance of remaining competitive in the technological and economic development of digital assets, architectures, platforms, and payment systems. However, it must do so responsibly by focusing on privacy, security, and technologies that defend against illicit finance activities, exploitation, and human rights violations, while reducing negative climate impacts and environmental pollution resulting from cryptocurrency mining.

Additionally, the Order calls for interagency coordination to implement the Order, and it articulates the “highest urgency” to research and develop the design and deployment of a United States Central Bank Digital Currency (“CBDC”) that is consistent with the priorities outlined in the Order, to ensure the global financial system has appropriate transparency, connectivity, and privacy protections. The Order explores the idea of a digital version of the U.S. Dollar. President Biden in the Order acknowledges the benefits and opportunities that digital currency can present, particularly with cross-border funds transfers and payments to foster greater access to the financial system, but not without risk mitigation. Relevant departments and agencies have between 90 and 180 days to submit reports to the President pertaining to topics such as the future of money and payment systems, the conditions of adopting broad digital assets and technological innovation that may influence the outcomes presented, the implications for the United States financial system, and means to address illicit finance risks.

Utah Governor Signs Nation’s Fourth Comprehensive Consumer Data Privacy Law

By Dailey Wilson, Hudson Cook, LLP

On March 24, 2022, Utah Governor Spencer Cox signed into law the Utah Consumer Privacy Act (“UCPA”), which takes effect on December 31, 2023. By enacting the UCPA, Utah becomes the fourth state in the nation to implement a generally applicable consumer data privacy law, after California (the California Consumer Privacy Act or CCPA), Virginia (the Virginia Consumer Data Protection Act), and Colorado (the Colorado Privacy Act). While the UCPA is similar to these other state laws, businesses subject to the law may face different obligations than they do under other state laws. Regardless, the continued expansion of the state data privacy regulation patchwork complicates data privacy compliance efforts.

The UCPA applies to any controller or processor that conducts business in Utah or produces a product or service that is targeted to Utah consumers; has an annual revenue of $25 million or more; and either (1) during a calendar year controls or processes personal data of 100,000 or more Utah residents or (2) derives over 50% of its gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more Utah residents. The UCPA applies to information that is linked or reasonably linkable to an identified or readily identifiable individual. The law also provides special protections for sensitive data, which includes personal data revealing racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, medical history, mental or physical health condition, or medical treatment or diagnosis by a health care professional. Sensitive data also includes the processing of genetic personal data or biometric data, if the processing is for the purpose of identifying a specific individual, as well as specific geolocation data.

However, the UCPA does not apply to, among other things:

  • financial institutions or their affiliates governed by, or personal data processed in accordance with, the federal Gramm-Leach-Bliley Act;
  • certain activities regulated by the Fair Credit Reporting Act;
  • information on persons acting in a commercial or employment context;
  • deidentified data, aggregated data, or, in some contexts, pseudonymous data; or
  • certain publicly available information.

The UCPA also does not restrict a controller’s or processor’s ability to comply with other law, engage in certain fraud prevention and detection and security activities, or engage in certain internal processing uses, among other limited activities.

The UCPA provides consumers with a number of rights related to their personal data. Under the UCPA, consumers have the right:

  • to confirm whether or not a controller (the person that determines the purpose and means of processing personal data) is processing personal data;
  • to access their personal data;
  • to delete personal data that the consumer provided to the controller;
  • to obtain a portable copy of personal data that the consumer previously provided to the controller in a format that is readily usable and allows the consumer to transmit the data to another controller without impediment; and
  • to opt out of the processing of personal data for (1) targeted advertising or (2) the sale of personal data.

The UCPA imposes different obligations depending on whether the business is a controller or a processor (the entity processing personal data on behalf of the controller). Therefore, a business will need to analyze whether it is acting as a controller or a processor when engaging in any personal data processing. There also are requirements for contracts between controllers and processors as well as requirements for engaging subcontractors.

The Utah attorney general has the exclusive authority to enforce the UCPA. The attorney general may seek civil penalties of up to $7,500 for each violation of the UCPA, in addition to actual damages for the consumer. The UCPA provides for a thirty-day right to cure. The UCPA does not provide for a private right of action.

Utah Enacts Commercial Financing Disclosure Law

By Katherine C. Fisher, Hudson Cook, LLP

On March 24, 2022, Utah Governor Spencer Cox signed S.B. 183, the Commercial Financing Registration and Disclosure Act (“CFRDA”). This makes Utah the third state to adopt a commercial financing disclosure law, following California and New York. However, the Utah disclosure law does not include an “APR” disclosure requirement. APR disclosure requirements have proven difficult to implement and have delayed the effective dates of the disclosure laws in California and New York.

Beginning on January 1, 2023, the CFRDA requires a provider of commercial financing in Utah to register with the Nationwide Multistate Licensing System and Registry and with the Utah Department of Financial Institutions (“DFI”). Additionally, in a commercial financing transaction consummated on or after January 1, 2023, the provider must disclose certain information to a business that will receive funding before consummation of the transaction. This information includes:

  • The total amount of funding provided to the business.
  • The total amount of funding disbursed to the business, if different from the amount provided.
  • The total amount that the business must pay to the provider.
  • The total dollar cost of the commercial financing transaction, which is the difference between the amount that the business must pay to the provider and the total amount of funding provided to the business.
  • The manner, frequency, and amount of each payment, or if payment amounts may vary, the manner and frequency of payments and an estimate of the amount of the first payment.
  • A statement of whether prepayment may increase or decrease the cost of the commercial financing transaction, including references to any relevant provisions in the commercial financing transaction agreement.
  • Any part of the funding that the provider pays to a broker.

Additionally, if payment amounts may vary, then the financing agreement must describe the methodology for calculating a variable payment amount and the circumstances that may cause a payment to vary. The DFI may prescribe the form of the required disclosures.

The CFRDA applies to open- and closed-end loans and accounts receivable purchase transactions (i.e., merchant cash advance transactions) for business purposes. It does not apply to a transaction of more than $1,000,000 or a transaction of at least $50,000 where the recipient of the funding is a motor vehicle dealer. Depository institutions, licensed money transmitters, and occasional providers are exempt. Each violation of the CFRDA’s disclosure requirements is subject to a civil penalty of $500 ($1,000 for a violation after notice of a previous violation), up to $20,000 for all violations resulting from the use of the same transaction documents or materials (up to $50,000 after notice of a previous violation). Each violation of the CFRDA’s registration requirement is subject to an administrative fine of $500 per Utah office of the violator, or $500 if the violator does not offer commercial financing from an office in Utah.

California passed its commercial finance disclosure law in 2018. However, that law is still not effective and awaits final regulations. New York passed its commercial finance disclosure law in 2020. However, the New York Department of Financial Services has not yet adopted regulations, citing the complexity of the disclosure requirements. Because Utah’s CFRDA does not include an APR disclosure, it is unlikely that the Utah law will face similar delays in implementation.

Consumer Finance

Director Chopra’s Statement on PAVE Task Force Report

By Eric Mogilnicki & Lucy Bartholomew, Covington & Burling LLP

On March 23, 2022, the Consumer Financial Protection Bureau (CFPB) released a statement from Director Rohit Chopra regarding the final report from the Interagency Task Force on Property Appraisal and Valuation Equity (PAVE), which provides an action plan to address misevaluations in minority communities. Director Chopra stated that the report “underscores the critical importance of fair and accurate appraisals in residential real estate,” and that “[d]iscriminatory home valuations, whether computed by an algorithm or conducted in-person, undermine longstanding goals for fair housing and fair lending across our country.” Director Chopra also indicated that the CFPB would:

  • take an active leadership role in the Appraisal Subcommittee of the Federal Financial Institutions Examination Council;
  • work to implement a “dormant authority in federal law to ensure that algorithmic valuations are fair and accurate;” and
  • take additional steps through “research, through our supervisory examinations of financial institutions and their service providers, and through law enforcement actions.”

CFPB Releases Bulletin on “Gag” Clauses and Fake Review Fraud

By Eric Mogilnicki & Lucy Bartholomew, Covington & Burling LLP

On March 22, 2022, the CFPB released a bulletin on contractual “gag” clauses and fake review fraud, warning that “[f]inancial companies will face consequences for illegally manipulating or suppressing consumer reviews.” The bulletin indicates that consumers should be able to write reviews that accurately reflect their opinions and experiences, and describes the following practices as deceptive or unfair under the Consumer Financial Protection Act:

  • “Gag” Clauses: Requiring customers to agree to contractual “gag” clauses that prevent them from posting honest online reviews.
  • Fake Reviews: “Laundering fake reviews in ways that appear completely independent from the company to improve their ratings.”
  • Suppressing or Manipulating Reviews: Limiting the posting of negative reviews or manipulating reviews to trick or confuse consumers.

In the press release accompanying the bulletin, Director Chopra stated, “In America, no corporation should be able to silence a customer from posting an honest review online.” The CFPB bulletin follows the Federal Trade Commission’s efforts to deter fake reviews across the digital economy.

Updated UDAAP Guidance Warns Discrimination Can Be “Unfair”

By Eric Mogilnicki & Lucy Bartholomew, Covington & Burling LLP

On March 16, 2022, the CFPB revised its supervisory examination manual on Unfair, Deceptive, or Abusive Acts or Practices (“UDAAPs”), which provides that discrimination may constitute an unfair practice in violation of the Consumer Financial Protection Act’s prohibition on UDAAPs. The Bureau’s announcement of the revised guidance added that discrimination can be unfair “regardless of whether it is intentional.”

The CFPB explained that future examinations will scrutinize, as part of their UDAAP review, how companies assess and monitor whether their decision-making results in disparities in the populations to whom products are advertised, offered, and sold. The guidance instructs CFPB examiners to review:

  • documentation regarding models and algorithms used in connection with consumer financial products and services;
  • information collected, retained, or used regarding customer demographics; and
  • demographic research or analysis relating to the marketing or advertising of consumer financial products or services.

While the Bureau is authorized to enforce the antidiscrimination provisions of the Equal Credit Opportunity Act (ECOA) in lending transactions, the CFPB’s UDAAP enforcement power extends well beyond credit transactions. Accordingly, discrimination in the guise of unfairness may occur “in instances where ECOA does not apply,” including in “all consumer finance markets, including credit, servicing, collections, consumer reporting, payments, remittances, and deposits.” Recognizing the broad scope of the Bureau’s new guidance, Director Chopra said: “We will be expanding our anti-discrimination efforts to combat discriminatory practices across the board in consumer finance.”

CFPB Launches New Initiative on Financial Issues Facing Rural America

By Eric Mogilnicki & Neal Modi, Covington & Burling LLP

A March 10, 2022, blog post announced a CFPB initiative on financial issues facing rural America, including rural banking deserts, discriminatory and predatory agricultural credit practices, and manufactured housing:

  • Rural Banking Deserts: According to the Bureau, the stark decline in the number of banks in rural areas has prompted rural communities to utilize non-local, non-bank alternatives, which typically charge higher fees and interest rates and do not reinvest credit in the local communities. The Bureau adds that rural banking deserts tend to disproportionately impact African American communities.
  • Discriminatory and Predatory Agricultural Credit: The Bureau will also focus on the role agricultural credit plays in farms’ overall financial stability, particularly for minority farmers, who continue to face issues with access to credit. Moreover, the Bureau notes that farmers’ credit obligations to banks have trapped some into exploitative arrangements with dominant agriculture firms.
  • Manufactured Housing: The Bureau also notes a lack of affordable housing and rental properties in rural communities, leading many rural residents to depend on manufactured housing (or mobile homes). The Bureau expresses concern that private equity funds are purchasing a growing number of manufacturing housing parks and dramatically increasing rents and fees at these locations.

The blog post is authored by Shawn Sebastian, formerly a Senior Strategist for Rural Policy and Engagement at People’s Action in Iowa. The post does not describe the actions to be taken by the Bureau beyond explaining that the CFPB “is committed to using our tools and authorities to ensure that rural communities, and the people who live in them, have opportunities to build wealth and thrive.”

California Supreme Court Holds No Common Law Duty to Process, Review, and Respond to Loan Modification Applications

By Sanford Shatz, McGlinchey Stafford, PLLC

On March 7, 2022, the California Supreme Court held in Sheen v. Wells Fargo Bank, N.A. that a lender owes no tort duty sounding in general negligence principles to “process, review and respond carefully and completely to” the borrower’s loan modification application. This question has divided the state since the Great Recession, with Lueras v. BAC Home Loans Servicing, LP (2013) 221 Cal.App.4th 49, and its progeny holding that lenders did not owe a common law duty of care, and Alvarez v. BAC Home Loans Servicing, L.P. (2014) 228 Cal.App.4th 944, and its progeny holding a duty existed.

In Sheen, decided on demurrer, the borrower claimed that the lender never provided information on the status of his modification application, charged off the loan, and confirmed that it would not foreclose but would continue to collect the debt. The debtor believed that the loan was unsecured and would not be subject to foreclosure. After the loan was sold, the new owner foreclosed, and the borrowers sued.

The Court affirmed the dismissal of the negligence claim on three grounds. First, the economic loss rule bars a tort recovery for negligently inflicted purely economic losses. The Court stated that the economic loss rule harmonizes with the well-established California principle that “a financial institution owes no duty of care to a borrower when the institution’s involvement in the loan transaction does not exceed the scope of its conventional role as a mere lender of money,” and loan modifications fit within the conventional money lending role. Second, the Court found that the Biakanja v. Irving (1958) 49 Cal.2d 647, multifactor approach to determine whether a duty of care exists ([1] the extent to which the transaction was intended to affect the plaintiff, [2] the foreseeability of harm, [3] the degree of certainty that the plaintiff suffered injury, [4] the closeness of the connection between the defendant’s conduct and the injury suffered, [5] the moral blame attached to the defendant’s conduct, and [6] the policy of preventing future harm), does not arise when the parties are in privity of contract, because the contract defines the parties’ responsibilities. Third, the Court rejected various policy arguments, finding that the legislature was better able to strike the correct policy balance, especially where “[t]here has been an extraordinary profusion of new, robust and still-expanding consumer laws, regulations and enforcement authority” in the mortgage service industry, especially with regard to the regulation of “the conduct of mortgage servicers in distressed loan situations.”

The Court left certain issues open to future litigation. The holding did not apply to claims for negligent misrepresentation, or promissory estoppel, and noted that borrowers may assert intentional claims, such as fraud or intentional misrepresentation, if supported by facts. Borrowers and lenders should continue to process loan modification applications while complying with federal and state laws, including the California Homeowner Bill of Rights.

Fifth Circuit Upholds Dismissal of Texas Drivers’ DPPA Data Breach Suit

By Frank Conlon, Hudson Cook, LLP

On March 11, 2022, the Fifth Circuit unanimously affirmed a federal district court’s dismissal of a proposed class-action suit alleging that insurance software provider Vertafore, Inc., violated the Driver’s Privacy Protection Act (“DPPA”). The plaintiffs, Texas driver’s license holders, filed suit in December 2020 after Vertafore announced that personal information of about 27 million drivers, stored on an unsecured, external server, had been accessed without authorization. The plaintiffs alleged that Vertafore “knowingly disclosed” the information in violation of the DPPA and sought roughly $70 billion in liquidated statutory damages. The federal district court dismissed the case in July 2021, adopting a magistrate judge’s finding that the plaintiffs failed to allege facts describing how the purported mismanagement of information constitutes a knowing disclosure for unauthorized purposes.

In upholding the federal district court’s decision, the Fifth Circuit found that the plaintiffs failed to allege a “disclosure” within the meaning of the DPPA. The Fifth Circuit observed that the plaintiffs’ “complaint does not allege, for example, that Vertafore published plaintiffs’ personal information on a public website or otherwise placed the information in plain view of any digital ‘passer-by.’” Rather, the plaintiffs alleged only that the information was “stored on unsecured external servers” and unauthorized users accessed that information. That alone, the Fifth Circuit concluded, does not imply that Vertafore granted or facilitated that access and, therefore, does not amount to a disclosure under the DPPA.