CFPB Releases Guidance on “Abusive” Conduct
By Eric Mogilnicki and Lucy Bartholomew, Covington & Burling LLP
On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB”) announced a new policy statement to address abusive conduct in consumer financial markets. The new guidance is the latest swing of the policy pendulum in the CFPB’s interpretation of the “abusive” standard in the Dodd-Frank Act. In 2020, CFPB Director Kathy Kraninger oversaw the development and release of a separate statement on abusiveness, which announced a restrained approach to allegations of “abusive” conduct. The 2020 policy statement was rescinded under the direction of Acting Director Dave Uejio in March 2021, and the policy statement released earlier this week takes a more aggressive view of the statutory language, citing recent CFPB consent orders and complaints. For example, the CFPB has decided that the consumer lack of understanding required for many claims that acts or practices are abusive need not be reasonable, need not have been the result of the defendant’s actions, and need not extend to “some threshold number of people.”
On the same day the Bureau announced the new guidance, the CFPB released prepared remarks from Director Rohit Chopra, including a recorded version. In these remarks, Director Chopra emphasized the importance of policing abusive conduct and described some relevant types of “trickery and manipulation,” including “digital dark patterns.” Director Chopra encouraged the Bureau’s “fellow government enforcers” to use the guidance when bringing their own actions. The CFPB will publish the guidance document in the Federal Register for public comment.
Former CFPB Employee Made Unauthorized Transfer of Confidential Records
By Eric Mogilnicki and Rye Salerno, Covington & Burling LLP
On April 19, 2023, the Wall Street Journal reported that an employee of the CFPB had forwarded confidential information to a personal email account during their employment at the Bureau. The confidential information reportedly included supervisory information on forty-five institutions and personal information of approximately 256,000 consumers. The Bureau has not disclosed the institutions affected or why the confidential information was forwarded by the employee, but a CFPB spokesman told the Journal that there is no evidence the confidential information was shared beyond the individual’s personal email account. Further reporting indicates that the employee was an examiner working in supervision, and that the Bureau became aware of the breach on February 14, at which point the employee was fired. The Bureau notified lawmakers on March 21.
The CFPB has been harshly critical of “shoddy data security practices” by financial institutions, and indicated that such practices may violated the Consumer Financial Protection Act. The Bureau has also stated that responsible business conduct includes complete, effective and prompt disclosure, and requires that “affected consumers receive appropriate information . . . within a reasonable period of time.”
Republican lawmakers were quick to criticize the CFPB for the breach and to demand further information. Representative Bill Huizenga (R-MI), Chairman of the House Financial Services Subcommittee on Oversight and Investigations, released a letter he sent to CFPB Director Rohit Chopra requesting that Director Chopra provide a briefing to Committee staff no later than April 25, 2023. Likewise, Senator Tim Scott (R-SC), Ranking Member of the Senate Committee on Banking, Housing, and Urban Affairs, sent a letter to Director Chopra, in which he requested a briefing by May 8, 2023.
CFPB Advances Theory of “Discriminatory Targeting” under ECOA
By Eric Mogilnicki and Graves Lee, Covington & Burling LLP
On April 14, 2023, the CFPB filed a Statement of Interest in Roberson v. Health Career Institute LLC, a lawsuit brought in the U.S. District Court for the Southern District of Florida. In the lawsuit, the plaintiffs allege that a for-profit nursing school intentionally targeted woman of color for a “predatory” educational program to be financed by student loans. The plaintiffs alleged violations of the Equal Credit Opportunity Act (“ECOA”), which prohibits discrimination “with respect to any aspect of a credit transaction.” In an effort to dismiss the case, the defendants have argued that the plaintiffs have identified no “aspect of any credit transaction that they allege is discriminatory” in violation of ECOA. The Bureau filed its Statement in support of the plaintiffs.
In the Statement, the Bureau states that ECOA prohibits “the act of targeting unfair or predatory lending acts or practices to certain groups on a prohibited basis, which may be proven through either intentional targeting or disparate impact.” The Bureau then argues that ECOA’s prohibition on discrimination with respect to “any aspect of a credit transaction” reaches beyond the loan terms to any aspect of the underlying transaction. In a blog post discussing the Statement, CFPB General Counsel Seth Frotman explains that “discriminatory targeting violates the Equal Credit Opportunity Act where, as alleged here, students are targeted on a prohibited basis with unfair or predatory lending practices, such as misrepresenting the cost of the program when students take out loans to enroll.”
Bureau Seeks Multi-Billion Dollar Judgment against Credit Repair Companies
By Eric Mogilnicki and Graves Lee, Covington & Burling LLP
On April 11, 2023, the CFPB filed a motion requesting that a Utah federal court impose more than $3 billion in penalties and redress in an enforcement action against PGX Holdings Inc., CreditRepair.com Inc., Lexington Law, and related entities. The Bureau initially brought the lawsuit in 2019, alleging violations of the Telemarketing Sales Rule and the Consumer Financial Protection Act based on the imposition of illegal upfront fees for credit repair services. After the court granted partial summary judgment to the Bureau last month, the defendants unsuccessfully sought a stay of the order from the U.S. Court of Appeals for the Tenth Circuit. The Bureau then filed the motion, seeking redress of approximately $3.1 billion and civil money penalties of approximately $52 million. Should the court grant the motion, the judgment would be the largest in a contested action in the Bureau’s history.
CFPB Senior Advisor Testifies Before Pennsylvania Legislature on “Junk Fees”
By Eric Mogilnicki and Graves Lee, Covington & Burling LLP
On April 13, 2023, CFPB Senior Advisor Brian Shearer testified before the Pennsylvania House of Representatives Consumer Protection, Technology, and Utilities Committee on issues surrounding “junk fees,” a term used by the Bureau under Director Rohit Chopra to describe “unnecessary, unavoidable, or surprise charge[s] that inflate[] prices while adding little to no value.” Shearer, who serves as the Bureau’s delegate to the White House’s Competition Council, opened his testimony by describing the role of states in policing consumer protection violations. He then noted that “[t]he CFPB has found that junk fees are prevalent in banking and consumer finance and can take many forms,” such as “high late fees, overdraft fees, returned deposited item fees, and pay-to-pay fees.” He highlighted Bureau efforts to combat such fees, including a rulemaking to substantially limit credit card late fees, guidance on surprise overdraft fees and deposited item fees, and debt collection pay-to-pay fees. Shearer closed his remarks by stating that, under their unfair or deceptive acts or practices (“UDAP”) laws, states have the ability to take action against the imposition of such fees, and suggested that states should include junk fees when enumerating unfair and deceptive practices. In doing so, explained Shearer, states “could make it easier for state attorneys general, state regulators, and consumers to enforce these statutes against junk fees.”
CFPB Office of Fair Lending and Equal Opportunity Expects Searches for Less Discriminatory Alternatives
By Eric Mogilnicki and Lucy Bartholomew, Covington & Burling LLP
On March 29, 2023, Patrice Ficklin, Assistant Director of the CFPB’s Office of Fair Lending and Equal Opportunity, spoke at the Just Economy Conference in Washington, D.C. She expressed the Bureau’s expectation that lenders search for less discriminatory alternatives in their fair lending compliance testing. She made clear that this requirement applies to all model-based lending practices, and not just artificial intelligence tools. “Rigorous searches for less discriminatory alternatives are a critical component of fair lending compliance management,” and “firms may sometimes shortchange this key component of testing.” She also explained that the CFPB expects fair lending testing throughout the model’s lifecycle, and not just at the model’s launch. See the National Community Reinvestment Coalition’s reporting of this panel for additional information.
Colorado Bill Introduced to Opt Out of Federal Interest Rate Preemption
By Susan Seaman and Marci Kawski, Husch Blackwell LLP
On March 27, 2023, Colorado legislators introduced a bill (H.B. 1229) to opt out of federal banking laws that permit federally insured state-chartered banks and credit unions to charge Colorado residents the “interest” permitted under the depository institutions’ home state laws. The current draft of H.B. 1229 also adjusts fee amounts and conditions under an alternative finance charge provision in the Colorado Consumer Credit Code for smaller-dollar consumer loans.
Colorado was one of the original states to opt out of federal interest rate exportation, but later repealed the opt-out. H.B. 1229 is an attempt to restore Colorado’s opt-out of 521 to 523 of the federal Depository Institutions Deregulation and Monetary Control Act (DIDMCA), which gave federally insured state banks, state credit unions, and state savings institutions the ability to export “interest” permitted under their home state laws to borrowers in other states, notwithstanding any “interest” limitations in the borrower’s state. Section 525 of DIDMCA permits a state to opt out of this federal interest rate exportation authority with respect to any loans made in the state.
Notably, H.B. 1229 seeks to limit federal interest rate preemption only for consumer credit transactions made in Colorado. This means that the preemption opt-out would apply to consumer loans and consumer credit sales with an amount financed of $75,000 or less. As currently written, the opt-out would not reach credit extended primarily for business purposes.
If the bill is passed, out-of-state state banks and credit unions could be required to follow Colorado’s interest rate and fee restrictions on consumer loans to Colorado residents if the loans are deemed to be made in Colorado.
One Unwanted Voicemail Is Enough to Establish Standing under the FDCPA
By Stefanie L. Deka, McGlinchey Stafford, PLLC
In Ward v. NPAS, Inc., 63 F.4th 576 (6th Cir. 2023), Plaintiff Ward did not pay as agreed for medical services, and the medical center sent his unpaid bills to a third-party collector, NPAS, Inc. (“NPAS”). In trying to collect the amount due, NPAS left Ward three voicemails. Ward sent a cease and desist letter after he received the second voicemail, but he sent it to the wrong company and therefore, NPAS did not receive it. The District Court determined that NPAS was not a debt collector under the Fair Debt Collection Practices Act (“FDCPA”) because the debt was not in default at the time NPAS attempted to collect. Ward appealed.
On appeal, the NPAS questioned whether Ward had suffered an injury in fact. Ward argued that he had been injured by the first two voicemails in three ways: (1) he was confused when NPAS identified itself in voicemails as NPAS instead of NPAS, Inc.; (2) he had expenses associated with hiring counsel; and (3) NPAS violated the FDCPA. The 6th Circuit rejected these arguments and held that a bare procedural violation of the FDCPA is not enough to establish standing. Instead, Ward must show either that the procedural harm itself is a concrete injury of the sort traditionally recognized or that the procedural violations caused an independent concrete injury. The 6th Circuit specifically reserved the question of whether the third voicemail allowed for an injury in fact as Ward’s complaint did not allege such a harm. The 6th Circuit affirmed the District Court’s holding that NPAS was not a debt collector.
On remand to the District Court, Ward amended his complaint to include a claim for intrusion into seclusion as to the third voicemail. The District Court granted NPAS’s motion for summary judgment as to liability, again finding that NPAS was not a debt collector, but denied summary judgment as to standing. Ward appealed.
On appeal, the 6th Circuit analyzed whether the unwanted calls bear a close relationship to the kind of harm sought to be protected at common law for the intrusion into seclusion claim. The Court held that even if the number of calls received is small and may not be actionable at common law, Spokeo, Inc. v. Robins requires the Court to “look for a harm with a close relationship ‘in kind, not degree’ to common law harms.” The Court further held that “Congress may choose to ‘elevat[e] to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law.’” Thus, one phone call was enough for Ward to establish standing and a concrete injury. Notably, the 6th Circuit analogized its decision to case law in sister circuits assessing injury in fact under the Telephone Consumer Protection Act (“TCPA”), holding that both the TCPA and FDCPA seek to prevent intrusions on a consumer’s privacy and courts have determined that one phone call under the TCPA is enough to establish standing.
New York District Court Denies Request to Lift Stay Following Second Circuit Decision
By Eric Mogilnicki and Lucy Bartholomew, Covington & Burling LLP
On April 7, 2023, the U.S. District Court for the Southern District of New York denied the request of the CFPB and the New York State Attorney General to lift the stay in the ongoing CFPB et al. v. MoneyGram litigation. The stay had been granted in light of the then-pending petition for Supreme Court review of CFPB v. Community Financial Services of America Ltd., which involved (like MoneyGram) a claim that the CFPB’s funding structure is unconstitutional.
After the stay in MoneyGram was granted, the Supreme Court granted the petition in CFSA, but declined to expedite its consideration of the case. Shortly thereafter, the Second Circuit ruled that the CFPB’s funding structure is constitutional in CFPB v. Law Offices of Crystal Maroney. In light of those two developments, the CFPB sought to have the stay lifted.
In denying the CFPB and New York Attorney General’s motion, the District Court endorsed the memo from defendant’s counsel and added that “[b]ecause the Supreme Court is now guaranteed to hear CFSA and may resolve the case early in its term, the Court still believes that the interests of the parties, the public, and the courts favor maintaining the stay in this case.”
Pennsylvania Appellate Court Rejects Argument that Late Collections Letter Violated FDCPA
By Margaret Hayes, Pilgrim Christakis LLP
In Matteo v. EOS, Inc., the Pennsylvania Superior Court reaffirmed that a violation of the FDCPA also is a violation of the Pennsylvania Fair Credit Extension Uniformity Act (“FCEUA”). Nevertheless, the court affirmed the dismissal of the plaintiff’s claim that a debt collector violated those statutes by sending a collection letter after the statute of limitations for the debt expired because the letter’s offer to “work with” the debtor and “discuss other options” did not threaten litigation.
EOS USA, Inc. (“EOS”) sent Matteo a letter seeking repayment on a past due account, which offered to help Matteo “gain financial freedom,” and requested that Matteo call EOS to “discuss other options” if she was unable to pay her balance in full. Instead, Matteo filed a putative class action alleging that the letter was “false, deceptive, or misleading” in violation of the FDCPA and FCEUA because the letter did not indicate that the statute of limitations had expired. The trial court disagreed with Matteo, and the appellate court affirmed, finding that even the “least sophisticated consumer” would interpret EOS’s letter as seeking voluntary repayment of the debt without threatening litigation. Additionally, nothing in the FDCPA or FCEUA required EOS to inform Matteo that the statute of limitations had expired.
In affirming the trial court’s ruling, the Pennsylvania Superior Court acknowledged that “even absent a threat of litigation on a time-barred debt, a collection letter can violate the FDCPA.” In particular, the court highlighted cases where collection letters offered a “settlement of the debt” or requested payment by a certain date because a reference to a “settlement” can “carry the resulting inference of litigation.” However, the court rejected Matteo’s argument that EOS’s letter was “tantamount to a settlement offer.” The letter did not “expressly” offer to “settle” the debt and did not request a specific amount or set a deadline by which Matteo must act. Therefore, even under the FDCPA’s “least sophisticated debtor” standard, EOS’s letter did not violate the FDCPA (and consequently, did not violate the FCEUA). The appellate court also affirmed that Matteo could not sustain a claim under the FCEUA because she did not demonstrate any ascertainable damages by merely receiving the collections letter.
Environmental Law
EPA’s New PFAS Drinking Water Regs: Are You Prepared?
By Michael R. Blumenthal, McGlinchey Stafford, PLLC
On March 14, 2023, the U.S. Environmental Protection Agency (EPA) proposed the first national drinking water standard for so-called “forever chemicals” including PFAS. The unprecedented move by the EPA is likely to create an exponential increase in litigation.
PFAS, which stands for per- and polyfluoroalkyl substances, are a class of thousands of manmade chemicals. PFAS were created to repel water, oil, and grease, and are used in thousands of everyday products from dental floss, clothing, and foods to cookware and firefighting foams. Data collected by federal and state governments estimates that more than 200 million Americans drink water contaminated with PFAS chemicals. The EPA set a threshold of 4 nanograms per liter for the chemicals PFOA and PFOS (types of PFAS) in drinking water. The agency also made a surprise announcement of regulations for four more PFAS together as a mixture: PFNA, GenX chemicals, PFHxS, and PFBS.
The proposed standards are much stricter than what EPA suggested in 2016, when its health advisories recommended PFAS concentrations in drinking water of no more than 7 nanograms per liter. While the price tag for these proposed federal regulations on the individual states is still unclear, implementing these regulations represents a monumental undertaking that would likely cost billions of dollars nationwide. Individual states will now have to reevaluate their own drinking water standards or begin implementing the process for adopting new standards.
The regulations set accepted PFAS levels so low that many of the nation’s public water systems are not equipped to detect them. The net effect is likely to require the water industry to invest untold millions of dollars into updating their existing systems, leaving public utilities to pass the high cost of detection along to their customers. This, of course, would have to follow the remediation of the public water systems of PFAS contamination. The price tag for remediation could prompt public water systems to seek those costs from manufacturers.
For now, the proposed regulations will undergo a ninety-day public comment period. Immediately following the public comment period, we can expect lawsuits to fall under the Administrative Procedures Act. The threshold question will be to determine whether the EPA acted reasonably in its assessment of the science and the review of the public comments in setting the levels, or whether the EPA’s actions were arbitrary and capricious. Another important consideration is the cost-benefit analysis employed by the EPA in imposing such strict regulations.
Forward-looking manufacturers would be well-advised to begin preparing for the inevitable increase in litigation. Manufacturers should be auditing current and historical waste streams, implementing containment and management practices for PFAS, and evaluating reporting obligations for the release of PFAS.
EPA Recommends Cybersecurity Improvements for Water Systems
By Michael R. Blumenthal, McGlinchey Stafford, PLLC
On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued a memorandum to help improve the cybersecurity posture guarding the nation’s water filtration systems. The guidelines, developed with input from industry experts and various government agencies, provide recommendations for utilities to improve their security and reduce the risk of cyber-attacks. These guidelines indicate that the EPA will aggressively enforce stringent cybersecurity standards in the future.
The EPA will require states to survey the digital networks governing drinking water filtration operations. This follows a slew of cyber-attacks targeting critical infrastructure in the U.S.
Cyber-attacks on critical infrastructure, particularly water systems, have become more and more frequent in recent years, and the pandemic has only increased the risk. Last year, a cyber-attack on a Florida water treatment plant raised national concerns about the vulnerability of the nation’s infrastructure.
The new guidelines recommend that water systems create a cybersecurity plan that includes a risk assessment, contingency plans, incident response procedures, and employee training. The guidelines also encourage water systems to work with government agencies, such as the Department of Homeland Security and the Federal Bureau of Investigation, to stay up to date on the latest threats and best practices.
“As cyber threats to critical infrastructure continue to increase, it is critical that we take action to protect our drinking water and wastewater systems,” said EPA Administrator Michael S. Regan. “These new guidelines will help ensure that our public water systems are more resilient and better equipped to defend against cyber-attacks.”
The EPA is encouraging all public water systems to review and implement the new guidelines as soon as possible. By taking proactive steps to improve cybersecurity resilience, public water systems can help protect the health and safety of their communities.
Labor and Employment Law
Delaware Court of Chancery Denies Walmart’s Motion to Dismiss in Pension Funds Cases
By Jane Michetti, JD Candidate 2023, Widener Commonwealth Law School
On April 12, 2023, the Delaware Court of Chancery issued an opinion denying a motion filed by Walmart Inc. (the “Defendant”) and ten of its former and current officers and directors to dismiss a lawsuit filed by public pension funds (the “Plaintiff”). The pension funds, who are also Walmart’s stockholders, stated in their complaint that directors and officers breached their fiduciary duties, causing a decline in value of their shares of Walmart stock. The pension funds alleged that directors and officers knowingly caused Walmart to fail to comply with its obligations under the federal Controlled Substances Act as a distributor (the “Distributor Issues”) and as a dispenser (the “Pharmacy Issues”) of opioids and under the settlement with the U.S. Drug Enforcement Agency (the “DEA Issues”). Three claims were raised by the plaintiff: an Information-Systems Claim (failure to make good faith efforts to establish information system for compliance monitoring), a Red-Flags Claim (conscious ignorance of non-compliance) and a Massey Claim (putting financial gains over legal compliance). Walmart argued in its motion that the claims need to be dismissed because they are untimely.
The Court applied the separate accrual approach consisting of three steps to see if the claims were timely accrued and therefore were timely. The first step is to identify a lookback date, which usually is the date the suit was filed, but can also be when plaintiffs made efforts to obtain the records. That date was determined to be May 4, 2020. The second step is to identify the actionable period by subtracting an analogous statute of limitation period. The analogous statute of limitation is three years; therefore the actionable period started on May 4, 2017. The third step is to identify whether the alleged conduct took place during the actionable period. The Court concluded that the Distributor Issues and the Pharmacy Issues were in fact timely, but the DEA Issues were not timely since the settlement agreement with the DEA expired March 11, 2015, before the start of the actionable period. However, the Court also concluded that the DEA Issues could be timely by applying equitable tolling doctrine, which can help push back the starting date of the actionable period.
The Court opined that Walmart’s defense of laches could be applied at this pleading stage of the proceedings only “if it is clear from the face of the complaint that the claims are time-barred.” Therefore, the motion was denied, subject to further proceedings.