False Claims Act Suits Remain a Focus of Whistleblowers in 2019

By Ty E. Howard and Brad Robertson on Posted in False Claims Act

False Claims Act Suits Remain a Focus of Whistleblowers in 2019Both the Justice Department and an array of whistleblowers’ counsel continue to use the False Claims Act (FCA) to bring suits against banks and mortgage companies, even though recoveries in the financial services sector were scant in 2019. To keep you informed on the status of the law, Bradley’s Government Enforcement and Investigations Practice Group is pleased to present the False Claims Act: 2019 Year in Review, our eighth annual review of significant FCA cases, developments and trends.

Tracking Privacy: State Developments to Keep an Eye On

By Erin Jane Illman, Rachel M. LaBruyere and Alicia N. Netterville on Posted in CCPA, Data Privacy, FCRA

Tracking Privacy: State Developments to Keep an Eye OnWe are a little more than two weeks into the new year and we’ve already seen several states introduce comprehensive privacy legislation on the heels of California’s Consumer Privacy Act (CCPA). It is no easy task to stay on top of (potentially) 50 different privacy requirements, each with differing applicability standards, definitions, requirements, obligations, and enforcement mechanisms. Cue this series of articles — meant to address developments at the state and (dare we say with fingers crossed) federal level.

Because these bills are coming fast and furious, we are going to focus on the five states that were first “out of the gate” to file their consumer privacy bills in the first two weeks of the new year: Illinois, Nebraska, New Hampshire, Virginia and Washington. We will continue to monitor additional legislation, so please check back for updates and developments.

Overview and General Terms of State Privacy Legislation

Each of the states to propose comprehensive privacy legislation has taken a page (or two) from CCPA’s approach. At the same time, each one adds its own distinct obligations. For example, Nebraska’s proposed legislation is applicable to companies with an annual revenue as low as $10 million (versus $25 million for CCPA), while Virginia increases its threshold resident data collection count to 100,000 (versus 50,000 under CCPA). The majority of the proposed laws would allow for a private right of action for data breaches, while Virginia provides a private right of action for any violation of the proposed legislation. Washington and Nebraska do not provide a private right of action.

Below is a breakdown of each state’s proposed legislation. 

Illinois Data Transparency and Privacy Act (SB 2330)

  • Introduced: January 8, 2020
  • Applicability: Any for-profit business (legal entity) that collects or discloses personal information of 50,000 or more Illinois persons or households OR derives 50% or more of its annual revenue from selling consumer’s personal information (broadly defined and similar to CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – including specific pieces of personal information, categories of sources, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Opt-Out – of disclosure of personal information to third parties and affiliates (excludes service providers subject to contractual prohibitions), sale (more narrowly defined than CCPA) of personal information, and processing of personal information by the business, third parties and affiliates.
    • Right to Correction – of personal information.
    • Right to Deletion – of personal information.
  • Exemptions: GLBA, HIPAA, FCRA, HR/Employee personal information
  • Requires Updates to Privacy Policy and Disclosures?:
    • Yes, similar to CCPA.
  • Enforcement: The law would be enforced by the Illinois attorney general, with a private right of action for data breaches.
  • Proposed Effective Date: July 1, 2021

Nebraska Consumer Data Privacy Act Legislative Bill 746

  • Introduced: January 8, 2020
  • Applicability: Any for-profit legal entity that does business in Nebraska and satisfies one or more of the following: (a) has annual gross revenue of more than $10 million, (b) buys, receives, sells or shares the personal information of 50,000 or more Nebraska persons or households, OR (c) derives 50% or more of its annual revenue from selling consumers’ personal information (broadly defined and similar to CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – what personal information is collected, including specific pieces of personal information, categories of sources, business and commercial purpose for collection, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Decline or Opt-Out – of disclosure of personal information to third parties and affiliates. (“Do Not Sell” homepage link required like CCPA).
    • Right to Access – personal information that has been collected.
    • Right to Deletion – of personal information (exclusion similar to CCPA).
  • Exemptions: GLBA, HIPAA, FCRA, HITECH, Uniform Motor Vehicle Records Disclosure Act.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Requires disclosures similar to the CCPA but does not explicitly require updates every 12 months.
  • Enforcement: The law would be enforced by the Nebraska attorney general, with potential for civil penalties of up to $7,500 per violation. No private right of action.
  • Proposed Effective Date: Not specified in proposed legislation.

New Hampshire House Bill 1680

  • Introduced: January 8, 2020
  • Applicability: A business that: (a) has gross revenues in excess of $25 million; (b) alone or in combination, annually buys, receives for the business’s commercial purposes sells, or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or (c) derives 50% or more of its annual revenues from selling consumers’ personal information. (Entities with common branding and control like CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – what personal information is collected, including specific pieces of personal information, categories of sources, business and commercial purpose for collection, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Opt-Out – of disclosure of personal information to third parties and affiliates. (“Do Not Sell” homepage link required like CCPA).
    • Right to Access – personal information that has been collected.
    • Right to Deletion – personal information that has been collected.
  • Exemptions: HIPAA, GLBA, FCRA, HITECH, DDPA, New Hampshire Financial Information Privacy Act.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Yes, similar to CCPA.
  • Enforcement: The law would be enforced by the New Hampshire attorney general, with a private right of action for data breaches.
  • Proposed Effective Date: January 1, 2021

The Virginia Privacy Act (H 473)

  • Introduced: January 8, 2020
  • Applicability: Any entity that conducts business in Virginia or targets Virginia intentionally with products and/or services and: (1) controls or processes personal data of 100,000 or more consumers; OR (2) derives over 50 percent of gross revenue from the sale of personal data and processes or controls personal data of not fewer than 25,000 customers.
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Access – a copy of the personal data that the controller maintains in identifiable form.
    • Right to Know – including whether personal data is being processed or sold; where personal data is being processed.
    • Right to Correct – including the completion of incomplete personal data.
    • Right to Delete – personal information.
    • Right to Restrict Processing – to specific purposes pursuant to the consumer’s request.
    • Right to Object to Processing – including the right to object to targeted advertising.
  • Exemptions: HIPAA, FCRA, GLBA, Driver’s Privacy Protection Act (DPPA), HR/Employee personal information
  • Requires Updates to Privacy Policy and Disclosures?: Yes, similar to CCPA.
  • Enforcement: Controllers have a 30-day cure period, after which consumers may bring a claim under the Virginia Consumer Protection Act (§ 59.1-196 et seq.). Consumers may recover actual damages or $500, whichever is greater. If the violation is found to be willful, actual damages may be trebled (maximum) or increased to $1,000, whichever is greater. The bill specifically provides that joint controllers or processors may be held liable under “according to the principles of comparative fault.”
  • Proposed Effective Date: Not specified in proposed legislation.

Washington Privacy Act SB 6281

  • Introduced: January 13, 2020
  • Applicability: Legal entities that conduct business in Washington or produce products or services targeted to residents of Washington; and (1) control or process data of 100,000 or more customers; or (2) derive over 50% of gross revenue from the sale of personal data (broadly defined like CCPA) and process or control personal data of 25,000 or more customers.
  • Exemptions: HIPAA, FERA, GLBA, FERPA, Student Privacy Act, DPPA, HR/Employee Personal Information
  • Privacy Rights Afforded:
    • Right to Access – right to confirm whether controller is processing personal data concerning consumer and right to access the same.
    • Right to Correct – right to correct inaccurate personal information.
    • Right to Deletion – of personal information (exclusions similar to CCPA).
    • Right to Obtain – personal information in a manner similar to CCPA.
    • Right to Opt-Out – of processing of personal information for targeted advertising; the sale of personal information; profiling in furtherance of decisions that produce legal effects concerning a consumer or similar significant effects concerning a consumer.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Requires disclosures similar to CCPA but does not explicitly require 12-month updates.
  • Enforcement: The law would be enforced by the Washington attorney general. There is no private right of action. The attorney general may bring action in the name of the state or as parens patriae on behalf of persons residing in the state. Penalty not more than $7,500 per violation.
  • Proposed Effective Date: July 31, 2021

Bankruptcy Court Rejects Brunner “Myth” and Discharges $220K in Student Loan Debt

By Keith S. Anderson, Alexandra Dugan and Christopher L. Hawkins on Posted in Bankruptcy, Student Loan Servicing

Bankruptcy Court Rejects Brunner “Myth” and Discharges $220K in Student Loan DebtChief Bankruptcy Judge Cecelia Morris in the Bankruptcy Court for the Southern District recently reinterpreted Brunner’s “undue hardship” test and discharged over $220,000 in student loan debt. This opinion reflects a marked departure from a series of cases interpreting Brunner, a case that has guided the analysis of student loan dischargeability for over 30 years.

In Rosenberg v. N.Y. State Higher Education Services Corp. the court found that “[t]he harsh results that are often associated with Brunner are actually the result of cases interpreting Brunner. Over the past 32 years, many cases have pinned on Brunner punitive standards that are not contained therein.” In contrast, Judge Morris held that for debtors “who have been out of school and struggling with student loan debt for many years, the test is fairly straight-forward and simple.”

The opinion chronicles how cases that followed Brunner resulted in “retributive dicta [that] were then applied and reapplied so frequently in the context of Brunner that they have subsumed the actual language of the Brunner test. They have become a quasi-standard of mythic proportions so much so that most people (bankruptcy professionals as well as lay individuals) believe it impossible to discharge student loans.” The court made clear, however, that it was not going to follow suit: “[t]his Court will not participate in perpetuating these myths.”

After extensive commentary on the overly harsh Brunner interpretation, the court analyzed the three-part Brunner test and found the debtor qualified to have his student loan debt discharged. The debtor’s undergraduate and law school loan debt became a federal consolidation loan totaling $221,385. The debtor filed an adversary proceeding pro se to have the student loan discharged. The issue was before the court on cross-motions for summary judgment.

First, the court found that the debtor could not maintain a minimal standard of living based on his current income and expenses. Under the codified “means test,” the debtor declared under penalty of perjury that he had negative monthly income. The student loan at issue was over $221,000, and the debtor was incapable of paying the loan and maintaining a minimal standard of living.

Second, the court determined that the debtor’s financial state of affairs was likely to persist. The court was quick to note that “the Brunner test does not require the Court to make a determination that the Petitioner’s state of affairs are going to persist forever” nor does it require whether the situation was created by the debtor’s choice. Rather, the question is whether the state of financial affairs is likely to persist for a significant portion of the repayment period of the student loan, which the court found did exist.

Third, the court found the debtor had made good faith efforts to repay the loans. The only question here was past behavior, not the reasons for bankruptcy, amount of debt, or whether repayment options were rejected. Over the 13-year life of the loan, it had been in forbearance, income-based repayment, and the debtor had made payments of varying amounts during IDR period and in the forbearance period when none were due. This led the court to conclude “the Petitioner did not sit back for 20 years but made a good faith effort to repay his Student Loan.”

This opinion attacks conventional analysis of the Brunner test and adds to the number of courts that are slowly addressing and finding scenarios where student loan debt may be dischargeable. In addition to these noteworthy opinions, Sen. Elizabeth Warren recently proposed a bankruptcy reform plan that would repeal the changes enacted in 2005 to the bankruptcy code as part of her presidential platform and has also promised to take executive action to cancel many student loans. Student loans in bankruptcy continue to be a developing area and certainly a topic to keep an eye on in the days ahead.

Ready or Not, Section 1071 is Coming: The Upcoming Implementation of Dodd-Frank’s Women and Minority-Owned and Small Business Reporting Requirements

By Christopher K. Friedman and Brian R. Epling on Posted in CFPB, Commercial Lending, Compliance, Consumer Protection Act, Dodd-Frank Compliance, Fair Lending, Federal Agencies, Small-Dollar Lending

Ready or Not, Section 1071 is Coming: The Upcoming Implementation of Dodd-Frank’s Women and Minority-Owned and Small Business Reporting Requirements

As part of the 2010 Dodd-Frank Act, Congress enacted Section 1071, which amended the Equal Credit Opportunity Act to mandate certain reporting requirements for lenders making business loans. The act aims to “facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.” Specifically, Section 1071 requires that lenders identify women-owned, minority-owned, and small businesses and collect data related to — among other things — the race, sex, and ethnicity of the business owners, the purpose of the loan, the action taken with regards to the loan, the business’s gross annual revenue, and “any additional data that the [CFPB] determines would aid in fulfilling the purposes of this section.” This catch-all language suggests that the CFPB has substantial leeway in determining the volume and breadth of data points required under Section 1071, and if implementation is anything like the CFPB’s implementation of HMDA — a similar reporting statute related to secured residential loans — collection and reporting could prove to be onerous indeed.

Moreover, based on certain comments by stakeholders at a November 2019 CFPB Symposium on implementation of Section 1071, the universe of lenders and loans subject to 1071 reporting requirements may be quite broad. As such, all types of institutions — including banks, credit unions, and merchant cash advance companies — should pay close attention to how the CFPB goes about implementing this section of Dodd-Frank.

The Implementation History of Section 1071

In April 2011, the CFPB promised to act “expeditiously” in issuing rules implementing Section 1071. Despite this pledge, the CFPB has been deliberate in its efforts to implement the rule. In May 2017, the CFPB issued a Request for Information (RFI) regarding the small business lending landscape in order to “augment the Bureau’s expertise in this space.” Although the RFI suggested that the CFPB would move quickly to implement Section 1071, its Fall 2018 agenda reclassified Section 1071 implementation as a long-term action item, citing the CFPB’s apparent need to focus on HMDA implementation instead. However, in mid-2019, the CFPB issued its spring regulatory agenda in which it endeavored to “recommence work . . . to implement [S]ection 1071 . . . .” This delay resulted in a May 2019 lawsuit, filed in the United States District Court for the Northern District of California against CFPB Director Kathleen Kraninger, in which a public interest group argues that the CFPB has violated the Administrative Procedures Act and Dodd-Frank by failing to implement Section 1071.

November 2019 Symposium

In November 2019, the CFPB held a symposium on the implementation of Section 1071. Reassuringly, Director Kraninger promised that the CFPB would engage in Section 1071 rulemaking with “care and consideration in order that the rule not impede the ability of small businesses — including minority and women owned small businesses — to access the credit they need.” The director’s comments suggest that the agency will approach implementation of Section 1071 with a light touch.

However, several panelists issued words of caution regarding the possible challenges and burdens associated with implementation. For instance, Brad Blower, vice president of Consumer Practices at American Express, urged the CFPB to clarify that Section 1071 applied only to small business lending, in part, by applying the relatively clear and consistent definition of “small business” contained in the Small Business Act. Diego Zuluaga, a policy analyst at the Cato Institute’s Center for Monetary and Financial Alternatives, warned that “data collection requirements can pose a substantial compliance burden on lenders, causing underwriting costs to rise and discouraging some lenders from serving certain markets.” Other stakeholders asked the CFPB to expand the reach of Section 1071. For instance, Richard Nieman, head of Public Policy at LendingClub, opined that merchant cash advance and factoring companies should also be subject to 1071’s requirements. Other panelists expressed concern about the potential for increased cost, decreased efficiency, possible duplicative collection and reporting requirements, as well as the privacy risk of additional data collection. In a nutshell, representatives for lenders and other potentially affected industries expressed concern about the typical dangers of over-regulation: increased cost, decreased efficiency, the potential to reduce the availability of credit, and regulatory uncertainty.

Section 1071 is Coming

 At the November symposium, the CFPB noted that it may take several years to fully implement Section 1071. However, the CFPB’s Fall 2019 regulatory agenda lists its pre-rule activity date as beginning in November 2019, suggesting that rulemaking may begin sooner rather than later. Of course, it is impossible to predict when the CFPB will initiate a formal rulemaking process related to Section 1071. However, given the potentially broad scope of the rule, as well as the risk of increased compliance burdens, it is critical that all stakeholders monitor the CFPB and understand the potential issues surrounding Section 1071. There will — as part of the rulemaking process — be a public comment period. Banks, credit unions, and all other lenders, as well as merchant cash advance and factoring companies, should be prepared to protect their interests by either submitting a comment or urging their respective trade organizations to submit a comment on their behalf. We will also continue to monitor the CFPB for any new developments.

The Top 5 Reasons Your CCPA Work Is Far from Over

By Steve Snyder and Erin Jane Illman on Posted in CCPA, Compliance, Consumer Protection Act, Cybersecurity

The Top 5 Reasons Your CCPA Work Is Far from OverSo, you managed to get your California Consumer Privacy Act disclosures and privacy policy up on your website and you can finally take some much-needed rest, right? Think again. And no, it’s not because of the “CCPA-like” statutes coming to a state near you that you’re undoubtedly reading about (and yes, they are coming). It’s because CCPA requires a large amount of implementation beyond the disclosures and notices. And importantly, much of that implementation will be scrutinized by those making requests (and who could pass it along to the plaintiff’s bar or California attorney general). Here is a list of a few important considerations that you may have tabled while trying to get disclosures up on your site, which now deserve your full attention.

  1. Training, Training, Training:

    Not only does Section 999.317 of the California AG’s draft regulations mandate training for “[a]ll individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CCPA,” but training is also operationally crucial for those handling the verified consumer requests. One of the more difficult aspects of putting together CCPA disclosures was determining how a business would verify requests. For a typical business with a variety of contexts in which it interacts with consumers, a one-size-fits-all approach may not work in practice. This means that those handling requests need to be prepared to receive requests from consumers that may not fit neatly into the defined structure, which will require them to have a working understanding of the CCPA. Even those that have helped design the processes may discover new groups that need to be handled differently, so everyone will need enough knowledge to be agile while the processes are ironed out.

Additionally, training will be necessary for all employees on how to recognize a CCPA request. Section 999.312(f) mandates that all employees recognize a potential CCPA request by requiring that a company respond to any individual who makes a request — even if that request is deficient or not made through the proper channels. In other words, any employee in the company could potentially receive a CCPA request via email, phone or even in person that would require that employee to know how to direct the consumer to the proper request mechanism.

  1. Response Permutations:

    While assisting our clients we tried to run through every permutation of possible outcomes for responses, and there are an enormous number of possibilities. The draft regulations are chock full of details that create unique circumstances. There are requirements for different types of requests (requests for specific pieces of information, for different categories of information, and for deletion). Some requests require declarations, authorized agents require additional documentation, and some requests have heightened verification in some circumstances and not others. Together all of these possible combinations make mapping out all of the possible outcomes very challenging. For most large businesses, however, this mapping is necessary because the business requires a standardized set of processes and procedures that can be picked up and operationalized. Hopefully your business has already mapped out the possibilities, but if you have deferred this process (possibly thinking it was not as important as getting disclosures up) now is the time to work through this daunting task.

  1. Taking Positions:

    The CCPA disclosures and privacy policy deserved a large amount of attention because they are online for all to see and compare. They create a record of compliance, or lack thereof, and reflect legal analysis, business decisions and risk assessment. This makes them somewhat unique in that there are not many public statements that companies must make where there is so much ambiguity and uncertainty in the face of potentially large consequences for non-compliance. A casual perusal and comparison of CCPA disclosures and policies online demonstrates that even very large companies are far from settled on a uniform approach. But a business’ obligation to take legally informed positions and set them out in writing does not end with its disclosures and privacy policies. Instead, businesses will have to continue to take and document such positions in responding to requests due to requirements set out in the draft regulations. For example, Section 999.313(c)(5) requires that if a business denies a consumer’s verified request to know specific pieces of information due to a conflict with state or federal law, that the business “inform[s] the requestor and explain the basis for the denial.” Similarly, Section 999.313(d)(6)(a) requires a business that denies a deletion request to “describe the basis for the denial, including any statutory and regulatory exception therefor. . .” In both circumstances the business has to set forth its basis by reference to a law, which implies a legal analysis and conclusion. Therefore, these affirmative analyses are open to scrutiny by the recipients and others that may review them. Further, the business must maintain a record of all requests for at least 24 months, which includes “the basis for the denial of the request if the request is denied in whole or in part” (see Section 999.317 of the draft regulations).

  1. Tracking the Previously Untracked:

    One potentially overlooked aspect of CCPA is that it will require businesses to track information in ways that it previously has not. One example is the simple requirement in Section 1798.100(b) that a business shall not “use personal information collected for additional purposes without providing the consumer with notice consistent with this section.” While simple on its face, in practice most businesses have never had to track what uses it disclosed when it collected information and have no mechanism for someone in the future to go back and determine what uses are permissible. A similar requirement contained in Section 999.313(d)(6)(c) says that when a business denies a consumer’s request to delete information it shall “[n]ot use the consumer’s personal information retained for any other purpose than provided for by that exception [relied on to not delete].” Consider the implications of that requirement. Not only does a business have to track its reason for not deleting information and limit its use of that information to what it stated as the exception, it must do so on a per consumer basis for only those consumers who made deletion requests. This presents several challenges given that the information subject to such a request may be dispersed across many data stores with no way of tagging that data for a particular use restriction. It also highlights the importance of taking positions as outlined above because if the initial response to the disclosure does not fully set forth all exceptions, the business may later be confronted with a need to use the information for a purpose that was not identified as an exception.

  1. The Only Constant Is Change:

    As noted above, many parts of the CCPA are far from settled. As the requirements and interpretations of CCPA are further developed through regulation and litigation, companies need to be prepared to make changes to their practices, policies, and processes to comply. Similarly, internal changes within the company that affect data collection, use, disclosure, sharing, and selling will need to be monitored. Stakeholders should regularly update their CCPA compliance programs and related documentation to track any internal changes relating to data practices to ensure that CCPA compliance is maintained.

These are just a few of the key requirements that deserve some attention in the new year. The requirement to document and record responses means that even decisions made early on can be scrutinized for at least two years, meaning businesses need to dive in and address these issues now to standardize their approaches.

This blog post was originally published and distributed on the Bradley website as a Cybersecurity and Privacy Alert on January 6, 2020.

New Legislation in House, Senate Would Cap Consumer Loans at 36%, Crippling the Industry

By Jennifer L. Galloway, J. David Stewart III, Andrew J. Narod and Michael M. Aphibal on Posted in CFPB, MLA, Payday Lending, Short-Term Loans, Small-Dollar Lending, TILA, Unsecured Lending

New Legislation in House, Senate Would Cap Consumer Loans at 36%, Crippling the IndustryNew federal legislation introduced in the House and Senate would place a 36% annual percentage rate cap on nearly all consumer loans, potentially killing the small dollar consumer lending industry.

Last month, Congressmen Jesús G. “Chuy” García (D-IL) and Glen Grothman (R-WI) introduced H.R. 5050, the Veterans and Consumers Fair Credit Act. The bill proposes to limit the finance charge on consumer loans to 36%. In essence, the bill would extend the rate cap from the Military Lending Act (MLA) — currently applicable only to active duty servicemembers and their families — to loans made to all consumers.

The MLA was passed in 2006 in response to a perceived need to protect military personnel from certain predatory lending practices. According to the Congressional Research Service, this was necessary because financial matters affected an individual servicemember’s personal readiness and could lead to revocations of security clearances and to eventual separation from the military. And from the Department of Defense’s (DOD) broader perspective, the loss of a security clearance or the separation of a servicemember can create critical capability gaps for deployed units, resulting in additional costs to recruit and train replacements.

The MLA places limits on the terms of consumer credit extended to active duty servicemembers and their dependents, among other things. Under the MLA, creditors may not exceed an annual percentage rate (APR) of 36% on consumer credit. Initially, the DOD limited the application of the MLA to a few closed-end credit products (e.g., payday, auto-title, and tax refund anticipation loans). But in 2015, the DOD expanded the application of the MLA to nearly all consumer loans, including open-end loans (such as credit cards). Currently, the MLA applies to all credit that is subject to the disclosure requirements of the Truth in Lending Act (TILA), except for mortgages and auto-secured purchase loans.

H.R. 5050 would extend the MLA’s 36% APR cap to loans offered to all consumers, not just active duty servicemembers and their families. The bill also employs MLA’s method for calculating APR, which is different than the APR calculation for TILA disclosures and results in a much higher number. Under the MLA (and H.R. 5050), the APR includes all additional fees and fees for ancillary products. Specifically, fees for credit insurance and debt protection are included in the calculation of APR, regardless of whether the product is optional. However, bona fide credit card fees, other than credit insurance and debt protection fees, are excluded from the calculation of APR.

H.R. 5050 would be implemented by rules from the Consumer Financial Protection Bureau (CFPB), in consultation with the DOD. In fact, the bill requires that the CFPB’s rules be consistent with the DOD’s rules for the MLA and provide as much protection to general consumers as the DOD’s rules provide to servicemembers.

The 36% cap would apply to credit extended after a “compliance date” set by the CFPB or 18 months after the passage of the bill, whichever is earlier. The bill would then be enforced by the CFPB and by state attorneys general and regulators.

Additionally, a companion bill, S. 2833, has been introduced in the Senate by Senators Jeff Merkley (D-OR), Jack Reed (D-RI), Sherrod Brown (D-OH), and Chris Van Hollen (D-MD). The Senate bill is essentially identical to the House bill.

Up to this point, federal laws governing consumer financial products primarily sought to ensure that consumers received enough information about the loan products they were obtaining to make an informed choice. Such laws achieved this end by requiring disclosures and prohibiting unfair, deceptive, or abusive acts or practices. And, except for particular loan types with unique issues (such as federally related mortgages), federal law left it up to states to determine the substantive rules that would govern loans, including rate caps. Indeed, the principal of allowing states to regulate rates caps was so protected that it was a part of the Dodd-Frank Act. It specifically prohibits the CFPB from setting rate caps for any consumer loans, including small dollar loans.

Usury, thus, has traditionally been a state law issue. Many states, responding to the concerns of their residents, have already customized their laws and licensing systems to balance the needs of consumers for credit and for protection from predatory loans in their state. H.R. 5050 appears to represent an expansive growth of federal regulation in an area left traditionally to the states. The bill would prescribe a one-size-fits-all approach and would seek to override the often carefully balanced laws that states have already put in place.

A 36% APR cap would severely limit consumer access to credit, according to many industry lenders. The cost of credit is often higher in small dollar lending due to the higher risk of consumer default with unsecured small dollar loans. The restrictions on consumer loans mandated by the MLA were aimed at a particular problem applicable only to active duty servicemembers and their families — i.e., to ensure that servicemembers could perform their military duties when they took out loans and would not be penalized during this very unusual time of being on active duty. The question must be asked whether such concerns apply to general consumers, at the expense of severely limiting access to credit. In many ways, this analysis shows that a possible extension of the MLA would be inappropriate. Industry participants, however, should remain vigilant in assessing their own risk as a result of this proposal.

Given the numerous federal and state legislative and regulatory efforts to limit small dollar lending, it is important for companies to engage in the political process. Our Governmental Affairs Practice Group is active and has significant experience working on issues of concern to the industry. If you would like to learn more about how you can engage in the political process, please contact David Stewart.

Is the Bank Open? Federal Agencies Clarify Regulatory Requirements for Banking Hemp

By J. Hunter Robinson, James W. Wright Jr. and Whitt Steineker on Posted in Banking, Cannabis, FinCEN

Is the Bank Open? Federal Agencies Clarify Regulatory Requirements for Banking HempOn December 3, several federal agencies issued guidance (Guidance) that, by its terms, “provide[s] clarity” regarding “the regulatory requirements under the Bank Secrecy Act (BSA) for banks providing services to hemp-related businesses.” Hemp proponents hope this additional clarity will encourage hesitant financial institutions to begin serving the hemp industry.

The key takeaway from the Guidance – which was issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network (FinCEN), and the Office of the Comptroller of the Currency – is that banks are not required to file with FinCEN a “Suspicious Activity Report” (SAR) regarding a customer “solely because [the customer is] engaged in the growth or cultivation of hemp in accordance with applicable laws[.]” This distinguishes banking hemp (i.e., cannabis containing less than 0.3% THC) from banking marijuana (i.e., cannabis containing more than 0.3% THC) – a bank must file a marijuana-specific SAR for each marijuana-related customer under FinCEN’s 2014 guidance. This onerous regulatory requirement (which we analyzed here) has dissuaded many financial institutions from serving marijuana-related businesses.

In the Guidance’s statement that banks are not required to file a SAR “solely because [the customer is] engaged” in a hemp-related business, “solely” is the operative word. The Guidance emphasizes that banks should follow their “standard SAR procedures” to determine whether there is sufficient “indicia of suspicious activity” surrounding a hemp customer to warrant a SAR. Such “standard SAR procedures” are governed by the BSA and its implementing regulations, which require banks to conduct “risk-based customer due diligence” to inform their SAR-filing decisions. Despite hemp’s legalization under the 2018 Farm Bill, hemp businesses will remain higher-risk customers for financial institutions given the complex regulatory requirements for growing hemp and the fine line between federally-legal hemp and federally-illegal marijuana. Consequently, banks that serve the hemp industry must ensure their BSA/anti-money laundering compliance programs include robust procedures for conducting enhanced due diligence on hemp customers to determine whether a SAR is warranted. While crafting these hemp-specific procedures could be costly, the reward to banks willing to engage the underserved hemp industry could be well worth the cost.

The Guidance states that FinCEN will issue more comprehensive guidance regarding hemp banking after it has further evaluated the U.S. Department of Agriculture’s interim final rule, which established the regulatory framework for hemp production. Once FinCEN’s guidance is published, we will analyze it in detail.

First Circuit Holds that Parents’ Tuition Payments for Adult Children Are Fraudulent Transfers

By James Bailey and Elizabeth R. Brusa on Posted in Bankruptcy, Student Loan Servicing

First Circuit Holds that Parents’ Tuition Payments for Adult Children Are Fraudulent Transfers Recently, the First Circuit held that a parent’s tuition payments on behalf of an adult child do not benefit the parent’s bankruptcy estate, and a Chapter 7 trustee may therefore claw the payments back as fraudulent transfers.

The concept underlying fraudulent transfer law is that, if a person cannot pay his debts in due course, it is fraudulent to transfer his assets to another person with a motive to avoid paying his debts. This concept is extended to “constructive fraud” where the insolvent party transfers his assets — without a bad motive — but nonetheless fails to receive reasonably equivalent value in return for the transfer.

In Degiacomo v. Sacred Heart University, Inc. (In re Steven and Lori Palladino), the debtors paid more than $64,000 to Sacred Heart University for their daughter’s tuition. In 2014, the debtors were convicted of fraud for orchestrating a multimillion-dollar Ponzi scheme. The debtors and their business filed for relief under Chapter 7 of the Bankruptcy Code. The Chapter 7 trustee filed an adversary complaint the following year, alleging the tuition payments to Sacred Heart were fraudulent transfers, and seeking clawback of the tuition payments. The parties moved for summary judgment, and the bankruptcy court ruled in favor of Sacred Heart. The bankruptcy court ruled that the debtors believed they would benefit from having a self-sufficient daughter, and such benefit was reasonably equivalent value for the tuition payments.

On direct appeal, the First Circuit reversed the bankruptcy court’s ruling. The First Circuit noted that, although there is currently a divide among courts as to whether tuition payments made on behalf of an adult child may be clawed back as fraudulent transfers, the recent trend has favored trustees. The First Circuit considered whether the debtors received value — particularly in a form that is recognized under the Bankruptcy Code — as a result of paying their adult daughter’s tuition. Finding that the debtors did not receive any value for the tuition payments, and in fact did not have any legal responsibility to pay for their adult daughter’s tuition, the First Circuit held that the tuition payments were fraudulent transfers. Mere intangible, emotional, and non-economic benefits are not the type of value that can withstand a fraudulent transfer claim.

What’s Next?

As student loan debt increases, we can expect to see more cases where parents have made payments on their adult children’s loans or tuition. Should those parents file for bankruptcy, the First Circuit’s recent decision may support claims to recover student loan payments as fraudulent transfers. The courts remain divided on these issues, but we can anticipate more litigation in the future.

Notably, the First Circuit acknowledged that, if the debtors’ daughter had been a minor, the outcome could have been different. Because debtors have legal responsibilities to provide for their minor children, under certain circumstances, school tuition payments may not be considered as fraudulent transfers. However, courts are divided on this issue as well.

Georgia Publishes 11th-Hour Temporary Authority Rule Effective November 24, 2019

By Amy Magdanz Rose and Robert S. Niemi on Posted in Mortgage Loan Originators

Georgia Publishes 11th-Hour Temporary Authority RuleIt has been almost 18 months since the passage of the Economic Growth, Regulatory Relief, and Consumer Protection Act or (as most people in the industry refer to it) the “Temporary Authority Act.” Section 106 of the act allows qualified applicants for mortgage loan originator (MLO) licenses to utilize temporary authority to continue to originate as a mortgage loan originator prior to being licensed by a state regulator. This situation would occur when an MLO is moving from employment with a federally regulated bank or bank affiliate to employment with a state-regulated independent mortgage banker or when a state licensed MLO is seeking licensure in an additional state. The act granting this temporary authority is set to go into effect November 24, 2019.  Since the passage of the act earlier this year, many states are adjusting to this new temporary authority protocol and are creating their own rules and processes. However, the Georgia Department of Banking and Finance published a notice of proposed rulemaking on November 18, 2019, leaving only six days prior to the effective date of the act for the industry to review and react to the proposed rules.

The department has proposed several additional state requirements for MLOs seeking to utilize temporary authority in Georgia prior to being licensed. These additional requirements include additional steps with regard to loan disclosures, advertising, loan transaction journal entry, and record keeping requirements. The new proposed rules also include additional signature requirements and additional notice to the department if using temporary authority in Georgia.

In this blog we summarize the new rules that will apply (if they are finalized) to mortgage companies or mortgage brokers operating in the state of Georgia that choose to employ MLOs that utilize temporary authority.

New Georgia Disclosure Requirements

The proposed rule includes an additional disclosure to the customer indicating that the loan originator is not licensed and may not ultimately be granted a license. The exact language that must be used is the following:

“The Georgia Department of Banking and Finance requires that we inform you that the mortgage loan originator responsible for your loan is not currently licensed by the Georgia Department of Banking and Finance. The mortgage loan originator has applied for a mortgage loan originator license with the Georgia Department of Banking and Finance. Federal law (12 U.S.C. § 5117) authorizes certain mortgage loan originators to operate on a temporary basis in the state of Georgia while their application is pending. The Georgia Department of Banking and Finance may grant or deny the license. Further, the Georgia Department of Banking and Finance may take administrative action against the mortgage loan originator that may prevent such individual from acting as a mortgage loan originator before your loan closes.”

The language must appear on the loan documentation in 10-point bold-face type. The disclosure must be signed by the consumer and must be maintained by the company.

New Georgia Advertising Requirements

The proposed rules require any advertisement to “clearly and conspicuously” indicate that the MLO is originating under the temporary authority but is currently unlicensed and has submitted an MLO application to the department. Additionally, the advertisement must include the phrase, “Department may grant or deny the license application.”

New Georgia Transaction Journal Requirements

Under the proposed rules, Georgia mortgage companies must identify when any MLO utilized temporary authority at any point in the origination process. The transaction journal should also notate the outcome of MLO’s application as either “approved, withdrawn, or denied.”

New Georgia MLO Signature Requirements

Additionally, the proposed rules state that any MLO who utilizes temporary authority must indicate “TAO,” (temporary authority to operate) or a substantially similar notification next to any signature on a loan document, including any that relates to the negotiation of terms or the offering of a loan.

New Georgia Department Notification Requirements

Finally, the last additional requirement states that any MLO who wishes to utilize temporary authority must submit proof of enrollment in a class that would satisfy department education requirements. The MLO must also provide notification of registration to take the national MLO test. Both notifications must be submitted within 30 days of the application submission on the NMLS. We note that any MLO that utilizes temporary authority that is already licensed in another state would already have taken the national test and completed many education requirements.

We note that the department has broad authority under the federal SAFE Act and state statutes to make rules and procedures associated with the temporary authority granted in the Temporary Authority Act. However, many have sensed a real hesitation from Georgia to embrace this new MLO status. This appears to be reflected in the new proposed rules, in the timing of the rules, and even in some of the comments shared. We believe this hesitation is most reflected in the following proposed rule:

Permitting unlicensed persons to engage in mortgage loan originator activities. Any licensee or registrant who employs a person who does not hold a mortgage loan originator’s license or does not satisfy the temporary authority to operate requirements set forth in 12 U.S.C. § 5117 but engages in licensed mortgage loan originator activities as set forth in O.C.G.A. § 7-1-1000(22) shall be subject to a fine of one thousand dollars ($1,000) per occurrence and the licensee or registrant shall be subject to suspension or revocation. Licensees are responsible for the actions of their employees.”

As such, Bradley plans on monitoring the roll out of temporary authority next week but will be paying particular attention as to how Georgia administers the temporary authority process.

Uncertainties Surround Rising Agricultural Debt and Default Rates in the U.S.

By Kaylee Beauchamp on Posted in Commercial Lending

Uncertainties Surround Rising Agricultural Debt and Default Rates in the U.S.The United States and China reached the first phase of a trade deal on October 11th, postponing the next round of tariffs that President Trump planned to impose on Chinese goods the following week. Under the trade deal, which is still being negotiated, China agreed to buy billions of dollars’ worth of American agricultural products annually. China’s agreement to purchase U.S. agricultural products was likely at the center of negotiations for this trade deal because there has been a decline in U.S. farm revenues over the past few years. The decrease in farm revenues is troubling for many reasons, one of which is that, in this year alone, farmers are expected to hold over $400 billion in debt.

Of the over $370 billion in total farm debt in 2018, the USDA’s Farm Service Agency (FSA) provided roughly 2.6% of that debt through direct loans and 4% to 5% in loan guarantees. The Farm Credit System (FCS), a federal government-sponsored enterprise, provided 41% of the total 2018 farm debt. Commercial banks were lenders of  42% of the total agriculture loan debt in 2018. During the first quarter of 2019, agriculture loans held by FDIC-insured institutions totaled $184 billion — with community banks holding 69% ($127 billion) of total agriculture loans. At the beginning of this year, the U.S. saw the delinquency rate for FSA loans reach its highest level since 2011 — this was also true for farm loans held by community banks. Indeed, in 2019, FDIC-insured banks have seen a rise to 2.39% of agricultural loans that are at least 30-days past due, which is the highest delinquency rate since 2012.

Farming has always been an unpredictable and risky business, especially since farmers are beholden to Mother Nature, fluctuating consumer demands, and foreign trade policies. In light of these common adversities, farmers and financial institutions are closely watching these factors to determine if this new year may continue to see farm revenue decline, debt held by farmers grow, and default rates for farm loans increase.

LexBlog