Maryland Court of Appeals Bars Confessed Judgment Clauses in Consumer Contracts

Maryland Court of Appeals Bars Confessed Judgment Clauses in Consumer ContractsA recent decision from the Maryland Court of Appeals provided somewhat surprising new guidance on the permissibility of confessed judgment clauses in consumer contracts. In Goshen Run Homeowners Association, Inc. v. Cisneros, the Court concluded that Maryland’s Consumer Protection Act (the “Maryland CPA”) prohibits all confessed judgment clauses in all consumer contracts.

In the underlying case, a homeowner failed to timely pay assessments to her HOA. The parties agreed to a deferred repayment plan that included a promissory note. The notable term of that promissory note included a confessed judgment clause. Upon the homeowner’s subsequent default under the deferred repayment plan, the HOA attempted to confess judgment in the District Court of Maryland for Montgomery County.

The parties’ dispute eventually reached the Maryland Court of Appeals. There, the HOA attempted to argue that assessments are not “consumer debt” under the Maryland CPA and, more notably, that the CPA does not prohibit the use of all confessed judgments in consumer contracts. To that end, the HOA argued that only a subset of confessed judgments — where a consumer waives the right to assert a legal defense to an action — would be precluded under the Maryland CPA.

The Court of Appeals soundly rejected these positions. Reasoning that the Maryland CPA prohibits all trade practices that are unfair, abusive or deceptive in the collection of consumer debts, the Court reminded industry participants that the non-exclusive list of deceptive practices in this context includes the use of a consumer contract containing a confessed judgment clause that waives the consumer’s right to assert a legal defense to an action.

The Court then addressed the HOA’s argument that a certain subset of confessed judgment clauses might remain permissible under the Maryland CPA if a consumer does not waive the right to assert a legal defense to an action. After examining the plain language of the Maryland CPA, specifically Md. Code, Commercial Law § 13-301(12), the Court determined that the Maryland CPA prohibits all confessed judgment clauses in consumer transactions. The Court reasoned, in so ruling, that the inherent nature of a confessed judgment requires the waiver of certain defenses — including jurisdiction, service, and venue — that are fundamental to a consumer’s due process rights.

As a result, consumer lenders operating in Maryland must now ensure that they do not seek to confess consumer judgments. Per the Court, the Maryland CPA is now ready to prohibit “all confessed judgment clauses in consumer contracts” — without regard for the content of any particular confessed judgment clause. It is unclear whether this ruling is retroactive in nature, but it is critical that consumer lenders ensure that their portfolio of Maryland contracts do not include confessed judgment clauses, and that such clauses are not used on a going-forward basis. Perhaps the saving grace of the Court of Appeals’ decision is that the Court explicitly permitted the creditor to bring suit on the same note that contained the defective confessed judgment clause, meaning that consumer attorneys should not be able to seek to invalidate instruments merely because they contain dormant confessed judgment clauses.

CFIUS/FIRRMA: Final U.S. Foreign Direct Investment Regulations

CFIUS/FIRRMA: Final U.S. Foreign Direct Investment RegulationsEffective February 13, 2020, foreign investment in U.S. businesses and real estate will require pre-deal diligence and timely filings to comply with U.S. law.

In the digital economy, the world is flat. As a result, many businesses are at risk of being an inadvertent participant in international and cross-border transactions. Based on significant changes in cyber, privacy and investment laws in the U.S. and abroad, failure to consider international involvement can expose a business and its counsel to significant risk. Such is the case with the final CFIUS/FIRRMA regulations that become effective February 13, 2020.

If you are a U.S. business or real estate holder considering investment, ownership or financing by non-US parties, you should exercise early diligence to determine if your transaction will fall within the final CFIUS/FIRRMA regulations – and you will be well advised to do so prior to entering into a letter of intent.

As background, the initial source of U.S. regulation of foreign investment was the creation of the Committee on Foreign Investment in the U.S. (CFIUS) in 1975. The 2007 Foreign Investment and National Security Act further refined the CFIUS process, provided congressional oversight and increased transparency of decisions by the Committee. The act also broadened the definition of national security and required greater scrutiny of certain types of foreign direct investment. Historically, CFIUS was limited to technology, industries and infrastructure directly involving national security. It was also a voluntary filing.

Foreign investors were quick to adapt and began structuring investments to avoid national security reviews. Despite otherwise heavy polarization, a bipartisan CFIUS reform bill moved rapidly through Congress, and on August 13, 2018, President Trump signed the CFIUS reform act titled the “Foreign Investment Risk Review Modernization Act” (FIRRMA). With the corresponding speed of its passage, the U.S. Treasury Department implemented a FIRRMA pilot program less than three months later in October 2018, creating the first mandatory CFIUS filing. On January 13, 2020, the Treasury Department released final FIRRMA regulations, which take effect February 13, 2020.

The final CFIUS/FIRRMA regulations represent an expansion of an area of law commonly referred to as “foreign direct investment” and/or “FDI.” FDI is not exclusive to the U.S., rather it has been adopted in most industrialized countries to describe and regulate non-domestic investment in domestic businesses. Anyone engaged in international and cross-border transactions should add FDI to their diligence discussions when assessing a prospective deal.

The final FIRRMA regulations apply to U.S. businesses that are involved with critical technologies, critical infrastructure, or sensitive personal data — referenced in the final regulations as “TID U.S. businesses” and “TID.” Anyone engaged in international and cross-border transactions should also add TID to their diligence discussions when assessing a prospective deal.

In issuing the final FIRRMA regulations, the U.S. Treasury Department actually issued two sets of regulations to separately address TID and real estate, presumably to permit CFIUS to better address different national security concerns unique to TID and real estate.

Regulations Regarding TID Investments

The final FIRRMA regulations expand CFIUS jurisdiction to include non-controlling investments, direct or indirect, by a foreign person in certain U.S. businesses.

A covered transaction includes investments that afford the non-U.S. person with:

  • Access to material non-public technical information
  • Membership, observer rights, or nomination rights to the board of directors or equivalent governing body of a U.S. business
  • Other than voting of shares, influence or control over the (i) use, development, acquisition, or release of critical technologies, (ii) management, operation, manufacture, or supply of critical infrastructure, or (iii) use, development, acquisition, safekeeping, or release of sensitive personal data of U.S. citizens

More broadly, the final regulations apply to non-U.S. investments in U.S. businesses that:

  • Produce, design, test, manufacture, fabricate, or develop one or more critical technologies
  • Own, operate, manufacture, supply, or service critical infrastructure
  • Maintain or collect sensitive personal data of U.S. citizens in a manner that may threaten national security

The final FIRRMA regulations specify that TID includes:

  • Critical technologies subject to export controls and other existing regulatory schemes, as well as emerging and foundational technologies controlled pursuant to the Export Control Reform Act of 2018.
  • Critical infrastructure such as telecommunications, utilities, energy, and transportation, and including businesses that own, operate, manufacture, supply, or service critical infrastructure identified in an appendix to the final regulations.
  • Sensitive personal data, including 10 categories of data — such as financial, geolocation, and health data that can be used in a manner that threatens national security — maintained or collected by U.S. businesses that (i) target products or services to certain populations, including U.S. military members and employees of federal agencies with national security responsibilities, (ii) collect or maintain data on at least one million individuals, or (iii) have a demonstrated objective to maintain or collect data on greater than one million individuals, with integration of such in products or services.

Regulations Regarding Real Estate Investments

The final FIRRMA regulations also cover real estate proximate to government installations, pose a risk of foreign surveillance, or critical U.S. infrastructure (e.g., airports and ports). Significantly the regulations broadly apply to “the purchase or lease by, or a concession to, a foreign person of private or public real estate” that is:

  • Located within, or will function as part of, an air or maritime port
  • In close proximity to a United States military installation, other facility or property that is sensitive based on national security
  • Reasonably capable of providing the ability to collect intelligence on a sensitive U.S. government installation
  • Capable of exposing national security activities, or creating a risk of foreign surveillance

The final regulations more specifically address transactions on/or around specific airports, maritime ports, and military installations. Relevant military installations are listed by name and location in an appendix to the regulations. The relevant airports and maritime ports are on referenced lists published by the Department of Transportation. The regulations include real estate that is:

  • Within, or will function as part of, an air or maritime port
  • Within “close proximity” (defined as one mile) of certain specified U.S. military installations
  • Within the “extended range” (defined as between one mile and 100 miles) of certain military installations
  • Within certain geographic areas associated with missile fields and off-shore ranges

The regulations create an exception for “excepted real estate investors” based on their ties to certain countries identified as “excepted real estate foreign states” – which are currently limited to the United Kingdom, Canada and Australia — but that sunset if those countries do not reciprocate by 2022. Other exceptions include transactions involving:

  • A company holding an active U.S. facility security clearance pursuant to a Security Control Agreement, Special Security Agreement, Proxy Agreement, or Voting Trust Agreement to mitigate its foreign ownership, control or influence (FOCI)
  • An investment fund that is managed exclusively by a U.S. person or is ultimately controlled by U.S. nationals, or does not permit foreign control of the fund, its investment decisions, or decisions regarding its U.S. investments
  • An air carrier that holds a general, temporary, or charter air transportation certificate
  • A US business that only produces, designs, tests, manufactures, fabricates, or develops encryption items, software, or technology eligible for License Exception under the Export Administration Regulations.

Significantly, as of February 13, CFIUS is no longer voluntary for covered transactions, and will require the filing of a CFIUS notice or a new FIRRMA declaration. The final regulations include enhanced enforcement powers and penalties — which are already being enforced – including the reversal of the deal, divestiture, mitigation and/or civil penalties up to the value of the transaction.

As a result, the final FIRRMA regulations necessitate that U.S. businesses and their counsel exercise early pre-deal diligence for investments, financing, acquisitions, mergers or joint venture opportunities to determine:

  • Existence of non-U.S. investors?
  • Critical or export controlled technologies?
  • Involvement of sensitive personal information of U.S. citizens?
  • Real estate that is or is proximate to critical U.S. infrastructure or sensitive U.S. government installations?

In closing, I would note that the U.S. is not alone. The European Union established Regulation 2017/0224 on November 20, 2018, which provided a framework for the screening of FDI in the EU. EU 2017/0224 mimics FIRRMA to protect the essential interests “of the EU and its Member States” from FDI. The U.K., Germany and France have active FDI screening mechanisms, and 14 other member states have adopted some form of foreign investment screening. Other industrialized countries, such as Australia, China and Japan, have also followed suit.

Bradley’s attorneys have experience assisting domestic companies with transactions involving non-U.S. firms, and assisting non-U.S. firms with U.S. transactions. Our attorneys can help safeguard transactions involving foreign investment in the United States, including early diligence to identify required U.S. disclosures and filings within the time required. We can also assist with the creation of special purpose entities to mitigate foreign ownership, control and influence (FOCI) of U.S. businesses, technology and real estate.

Additional information on the final CFIUS / FIRRMA regulations can be found on the Department of the Treasury’s website.

David Vance Lucas is a Partner in the Huntsville office of Bradley Arant Boult Cummings LLP, where he is a member of the firm’s Intellectual Property Practice Group and leads the International and Cross Border team. Much of David’s experience was accumulated as general counsel for Huntsville-based Intergraph Corporation (now Hexagon AB Group), where he garnered extensive experience in a variety of U.S. and foreign legal environments. He now advises both U.S. and foreign clients on the harmonized application of U.S., U.K. and European laws, and represents clients in various proceedings in the U.S. and abroad.

GSEs Prepare for Losing LIBOR

GSEs Prepare for Losing LIBORWith new guidance and model documents issued by Fannie Mae and Freddie Mac, the mortgage industry is several steps closer to operating without LIBOR.

The industry has been grappling with the eventual demise of LIBOR since 2017. The key body developing a coordinated approach has been the Alternative Reference Rates Committee (ARRC). The GSEs have worked closely with the ARRC and they are now putting the ARRC’s recommendations into practice. The ARRC recommended a transition from U.S. dollar (USD) LIBOR to the Secured Overnight Financing Rate (SOFR), which will be published by the Federal Reserve Bank of New York. On November 15, 2019, the ARRC also published recommended “fallback language” for use in adjustable rate mortgage (ARM) notes that would replace the LIBOR benchmark with a replacement rate and a spread adjustment that would align the replacement rate with the prior benchmark.

Fannie Mae and Freddie Mac recently announced details of their plans for a successful transition from LIBOR-indexed ARMs to SOFR-based ARMs and have provided updated form instruments for immediate use.

In Lender Letter LL-2020-01 and Bulletin 2020-1 Fannie Mae and Freddie Mac, respectively, address the following key issues:

  • Updated Form ARM Notes and Riders: both GSEs updated and published new standard ARM notes and riders to incorporate the “fallback language” suggested by the ARRC for newly-originated products.
  • Retirement of LIBOR ARMs: Fannie Mae will retire all LIBOR-indexed ARM plans later in 2020 and will no longer acquire loans indexed to LIBOR by the end of this year. Similarly, Freddie Mac will not purchase LIBOR-indexed ARMS with application received dates on or after October 1, 2020 and will no longer purchase any LIBOR-indexed ARMS on or on or after January 2, 2021.
  • SOFR ARMs: Fannie Mae and Freddie Mac both plan to accept delivery of SOFR ARMs during the second half of 2020. ARMs using an index based on a 30-day average of SOFR will be eligible for sale to the GSEs. Further details are promised in future bulletins.
  • Future Retirement of CMT ARMs: At “some point in 2021,” Fannie Mae and Freddie Mac will no longer acquire ARM loans that use an index based on constant maturity Treasury securities (CMT) and will retire all CMT ARM plans. No specific dates have been established but sellers are cautioned not to increase their CMT-indexed ARM deliveries.

While the GSE guidance and revised forms provide some clarity to the mortgage industry for newly originated ARMs, many questions about the cessation of LIBOR remain. Sources estimate there are still 2.8 million LIBOR-based ARMs with a collective value of $1 trillion that do not have the AARC “fallback language.”

Several legal and operational questions remain about how loan servicers will transition those loans from LIBOR to SOFR while avoiding borrower harm and confusion (as well as litigation). We will address those key topics and others in upcoming articles as the mortgage industry and LIBOR part ways.

HUD Proposes Amendments to the Federal Manufactured Home Construction and Safety Standards

HUD Proposes Amendments to the Federal Manufactured Home Construction and Safety StandardsOn January 30, 2020, U.S. Department of Housing and Urban Development (HUD) Secretary Ben Carson announced the release of a proposed rule to amend the Federal Manufactured Home Construction and Safety Standards. Secretary Carson made the announcement while touring the Clayton Homes Manufacturing Plant in Russellville, Alabama. The proposed rule covers numerous changes to the Federal Manufactured Home Construction and Safety Standards. As described by Secretary Carson, manufactured housing plays a vital role in meeting the nation’s affordable housing needs. The proposed rule is designed to further HUD’s role in protecting consumers, but also encourages a more robust market for manufactured housing.

The proposed amendments to the Federal Manufactured Home Construction and Safety Standards provide four main changes to the current regulatory framework:

First, the proposal eliminates the requirement that manufactured home manufacturers receive Alternative Construction approval from HUD when installing certain modern design features not addressed in the current federal building code. This change will allow for more design flexibility and reduce the regulatory requirements needed for the installation of certain features.

Second, the new provisions would require that carbon monoxide detectors be installed in all manufactured homes with fuel burning appliances and all manufactured homes designed for an attached garage or designed to be installed over a basement. HUD expects this rule to not only improve the safety of manufactured housing but it may reduce regulatory costs by creating a single uniform federal standard, rather than having to comply with the current 38 different states and numerous local jurisdiction requirements.

Third, the proposed amendments introduce new standards that allow manufacturers to design and construct homes similar to townhomes. HUD anticipates that this amendment would allow for more optimal use of manufactured homes in urban areas, including Opportunity Zones.

Fourth, the proposal adds or updates a number of standards to increase design flexibility and aligns federal standards with industry practice. The proposed updates and additions include reducing regulatory burdens for sites designed for attached garages and carports. It is HUD’s stated goal that these changes will mitigate the adverse regulatory and economic impact existing under the current rules.

Manufactured housing plays a vital role in meeting the housing needs of Americans. It represents 10% of the country’s single-family housing, providing more than 22 million Americans with housing. The proposed rules, if finalized, provide for increased flexibility in manufactured home design, the potential to expand product offerings in urban areas, the standardization of carbon monoxide detector requirements across the country, and the reduction of regulatory burdens on the industry. HUD is accepting comments on the proposed rule until March 31, 2020. Industry members are encouraged to provide comments to HUD on the proposals.

Eleventh Circuit Endorses Narrow Definition of TCPA Autodialer Creating Circuit Split

Eleventh Circuit Endorses Narrow Definition of TCPA Autodialer Creating Circuit SplitOn January 27, 2020, a federal court of appeals issued a significant decision interpreting the Telephone Consumer Protection Act (commonly referred to as the “TCPA”) in a way that limits the expansive potential liability companies face under the statute. In Glasser v. Hilton Grand Vacations Company, the U.S. Court of Appeals for the Eleventh Circuit reached three significant conclusions:

  • The court adopted a narrow definition of what constitutes an “autodialer” under the TCPA, rejecting the view that a telephone system that dials numbers from a predetermined list is an autodialer under the TCPA.
  • The court also held that “clicker agent” systems — where an employee “clicks” a number on a computer application and the system then dials the number and connects the call to another employee — require human intervention to make calls and thus do not constitute an autodialer.
  • However, the court noted that use of an artificial or prerecorded voice (without the consent of the called party) is an independent basis for liability under the TCPA, meaning the definition of an autodialer is not relevant to a TCPA analysis when the basis for liability is artificial or prerecorded voice calls.

The decision creates a precedent split with the Ninth Circuit Court of Appeals, which had embraced a more expansive definition of an autodialer. This split increases the likelihood that the Supreme Court will review this issue, but, in the meantime, the Eleventh Circuit’s decision will limit potential TCPA liability for cases in its jurisdiction.

In Glasser, a consumer and a student loan borrower filed separate TCPA lawsuits against a timeshare marketer and a student loan servicer alleging that the defendants violated the TCPA by making calls to their cell phones with autodialers and without prior consent. Both trial courts granted summary judgment in opinions that examined the TCPA’s definition of an autodialer, and the Eleventh Circuit Court of Appeals consolidated the cases on appeal.

In its opinion, the court first addressed the TCPA’s definition of an autodialer: “equipment which has the capacity—(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” 47 U.S.C. § 227(a)(1). “Remember these words,” the court instructed before diving into an intricate grammatical analysis of the relevant language.

The question, as the court identified, is whether “using a random or sequential number generator” modifies both “to store” and “[to] produce,” or just one of those verbs. The defendants argued that it modifies both. In other words, to be an autodialer, the telephone equipment must (1) store numbers using a random or sequential number generator and dial them or (2) produce numbers using a random or sequential number generator and dial them.

The plaintiffs argued that the phrase “using a random or sequential number generator” only modified “[to] produce.” Thus, telephone equipment falls under the TCPA’s autodialer definition if it (1) stores numbers and dials them or (2) produces numbers using a random or sequential number generator and dials them. This interpretation is consistent with the Ninth Circuit’s view as expressed in Marks v. Crunch San Diego, LLC.

While lamenting that the TCPA’s text lacks clarity, the court endorsed the “better option” — that the phrase “using a random or sequential number generator” modifies both verbs, meaning that use of a random or sequential number generator is required for telephone equipment to qualify as an autodialer under the TCPA. Practically speaking, this decision means that telephone equipment that relies on a pre-set list of telephone numbers to generate calls is not an autodialer under the Eleventh Circuit’s holding — which encompasses the majority of modern systems. Instead, only telephone equipment that generates telephone numbers to be called randomly or by sequence would be considered autodialers for purposes of the TCPA, at least in the Eleventh Circuit.

In reaching this decision, the court noted that, while the FCC had adopted the more expansive definition, the D.C. Circuit’s decision in ACA International v. FCC (which we previously blogged about) “wiped the slate clean” and set aside the FCC’s interpretation. The Eleventh Circuit also noted that the Ninth Circuit’s expansive definition of an autodialer in Marks conflicts with the canons of statutory construction, so much so that the Ninth Circuit’s view amounts to “surgery” rather than interpretation.

The Eleventh Circuit’s opinion also briefly touched on the human intervention exception to the TCPA’s definition of autodialer. The opinion follows other courts that have found that “clicker agent” systems — where an employee “clicks” a number on a computer application and the system then dials the number and connects the call to another employee — require sufficient human intervention so as to take them out of the definition of an autodialer.

Lastly, the Eleventh Circuit noted that using an artificial voice or recordings to call someone without their consent is an independent basis for liability under the TCPA, notwithstanding the definition of an autodialer. In other words, TCPA liability can arise simply by making a call using an artificial or recorded voice message without consent of the called party, even if the telephone system used does not otherwise qualify under the now narrower definition of an autodialer.

The Glasser opinion is likely to have a significant impact in the Eleventh Circuit’s jurisdiction —federal courts in Alabama, Georgia, and Florida — and may reduce the volume of TCPA cases in these states. However, companies operating nationwide should continue to evaluate their TCPA compliance based on the more expansive definition of an autodialer used in other jurisdictions such as the Ninth Circuit, which includes Alaska, Arizona, California, Idaho, Montana, Nevada, Oregon, and Washington. Most of the other federal courts of appeal have yet to issue a determinative decision. It is notable, however, that the opinion was authored by Sixth Circuit Court of Appeals Judge Jeff Sutton, who was sitting with the Eleventh Circuit panel by invitation. Judge Sutton’s opinion may hint the direction that the Sixth Circuit could take on this issue.

Given the circuit-split created by the opinion, both the FCC and the Supreme Court may now feel more urgency to act. And, perhaps Congress will eventually feel the need to rewrite the statute that was originally enacted in 1991 — long before cell phones became ubiquitous.

California’s Proposed “Mini-CFPB” May Increase Scrutiny of Auto Lenders and Other Industry Participants

California’s Proposed “Mini-CFPB” May Increase Scrutiny of Auto Lenders and Other Industry ParticipantsEarlier this month, California Gov. Gavin Newsom revealed plans to create a state version of the federal Consumer Financial Protection Bureau (CFPB) as part of the state’s proposed 2020-2021 budget. According to the governor’s Budget Summary, “[t]he federal government’s rollback of the CFPB leaves Californians vulnerable to predatory businesses and leaves companies without the clarity they need to innovate.” In an interview with the Los Angeles Times, Gov. Newsom added, “As the Trump administration undermines and weakens the rules that protect consumers from predatory businesses, California is filling the void and stepping up to protect families and consumers.” The 2020-2021 state budget includes $10.2 million for a Financial Protection Fund, ostensibly to provide additional consumer protection against unfair and deceptive practices in the financial services industry.

The most immediate proposed change would overhaul the existing Department of Business and rename it the Department of Financial Protection and Innovation or “DFPI.” According to the Los Angeles Times, the DFPI would add “dozens of new staff” and increase scrutiny of consumer-facing products “to identify patterns of abuse.” Per the Budget Summary, Gov. Newsom envisions granting the DFPI the authority to “pursue unlicensed financial services providers not currently subject to regulatory oversight such as debt collectors, credit reporting agencies, and financial technology (fintech) companies.”

The Budget Summary also defines new activities the DFPI would undertake, including:

  • Offering services to empower and educate consumers, especially older Americans, students, military service members, and recent immigrants;
  • Licensing and examining new industries that are currently under-regulated;
  • Analyzing patterns and developments in the market to inform evidence-based policies and enforcement;
  • Protecting consumers through enforcement against unfair, deceptive, and abusive practices;
  • Establishing a new Financial Technology Innovation Office that will proactively cultivate the responsible development of new consumer financial products;
  • Offering legal support for the administration of the new law; and
  • Expanding existing administrative and information technology staff to support the department’s increased regulatory responsibilities.

Prior to the introduction of the proposed “mini-CFPB,” some California lawmakers expressed interest in increased scrutiny of already-regulated financial services entities. For instance, in March 2019, California Assemblywoman Monique Limon (D-Santa Barbara) argued that California needs “to really rethink what a state CFPB would do,” as “[w]e see the presence of predatory lending products in auto loans, payday loans, cash-advance and small-business loans.”

For auto lenders and small-dollar lenders in particular, the creation of a miniCFPB could lead to increased regulatory exposure. One of the new activities outlined in the Budget Summary includes “enforcement against unfair, deceptive, and abusive practices,” an area rife with controversy in the context of CFPB enforcement. It is conceivable the DFPI could use such ill-defined powers to regulate auto lending beyond what the CFPB has attempted, or to ignore recent CFPB rulemakings concerning consumer ability to repay small-dollar loans.

The mini-CFPB is only a proposal at this point. California’s proposed budget must be approved by the state legislature by June 15, 2020, and it is likely we will see significant changes to the proposed DFPI before any changes are implemented. In any event, this development is one the financial services industry should watch closely.

CFPB’s New Policy on Abusive Practices Promises a “Common Sense” Approach to Enforcement

CFPB’s New Policy on Abusive Practices Promises a “Common Sense” Approach to EnforcementLast week, the CFPB released a long-anticipated policy statement clarifying the agency’s enforcement standard for “abusive acts or practices.” According to an agency press release, the CFPB’s new standard offers a “common-sense” approach that director Kathleen Kraninger says will “provide[] a solid framework to prevent consumer harm while promoting the clarity needed to foster consumer beneficial products as well as compliance in the marketplace, now and in the future.”

The policy statement is driven by industry confusion over the exact meaning of the term “abusive acts or practices,” which are banned under the 2010 Dodd-Frank Act. This confusion stems in large measure from a practice known as “dual pleading” where the CFPB charges a regulated entity with engaging in abusive practices while also charging it with deception and unfairness based on the same underlying factual predicate. According to the CFPB, out of 32 enforcement actions that involved abusiveness claims, only two have contained a stand-alone abusiveness claim that was not accompanied by an unfair or deceptive claim for the same conduct. And while the term “unfair or deceptive acts or practices” has well-understood definition based on a long history of legal interpretation, the term “abusive acts or practices,” does not have a similar history. As a result, there is a simple lack of industry guidance as to the precise meaning of “abusive acts or practices,” and, according to the Bureau, “[b]usinesses that want to comply with the law face significant challenges in doing so, and these challenges can impose substantial costs, including impeding innovation.”

In response to this lack of clarity, and the challenges faced by regulated businesses, the CFPB has developed three new principles related to its supervision and enforcement of abuse claims. First, the agency intends to cite or challenge conduct as abusive in supervision and enforcement only if the Bureau determines that the harm to consumers from the conduct outweighs the benefit to consumers. Importantly, the Bureau will consider the effect of enforcement will have on consumer access to credit. In other words, the CFPB may elect to withhold enforcement or supervision where a supervisory or enforcement action may hamper access to credit or otherwise harm the consumer.

Second, the Bureau has pledged to avoid “dual pleading.” Instead, the Bureau will endeavor to allege “stand alone” abusiveness claims “in a manner designed to demonstrate clearly the nexus between the cited facts and the Bureau’s legal analysis of the claims.” In doing so, the CFPB will facilitate the development of a body of law that clearly defines the term “abusive acts or practices.” Likewise, the CFPB has promised to release future editions of its Supervisory Highlights that will describe the basis for abusiveness actions with greater clarity.

Finally, the CFPB’s new policy indicates that it will try to avoid punitive monetary remedies for abusive acts or practices when the regulated business makes “a good-faith effort to comply with the law based on a reasonable–albeit mistaken–interpretation of the abusiveness standard.” Moreover, and “[a]bsent unusual circumstances,” the CFPB will not “intend to seek civil penalties or disgorgement” when a regulated business makes a good-faith effort to comply with the abusiveness standard. However, the CFPB will continue to seek damages and equitable relief designed to provide redress to injured consumers.

To be sure, this policy is not a formal rule. Rather, the statement signals that the CFPB will voluntarily use its discretionary power to limit the way that it enforces its mandate. As such, the CFPB may elect to reverse this policy without a formal notice and rulemaking.  Nevertheless, the CFPB’s new framework demonstrates that the agency is open minded and receptive to the legitimate concerns expressed by banks, lenders, and other regulated entities. Moreover, the additional clarity that will follow from a well-developed body of law regarding the term “abusive acts or practices” will unambiguously benefit both businesses and consumers. We will continue to monitor the agency for additional guidance related to the “abusiveness” standard.

Supreme Court Holds That an Order on a Motion for Relief from Stay Is a Final, Appealable Order

Supreme Court Holds That an Order on a Motion for Relief from Stay Is a Final, Appealable OrderIn a unanimous opinion released last week, the Supreme Court provided guidance as to how to determine the finality of an order in a bankruptcy case for purposes of an appeal under 28 U.S.C. § 158(a). The Court held that the adjudication of a creditor’s motion for relief from stay is properly considered a discrete and independent proceeding within a bankruptcy case and is immediately appealable. While the Court’s opinion may have implications beyond the context of motions for relief from stay, it also leaves unanswered questions as to how creditors should react to the routine denial or conditional denial of motions for relief in bankruptcy cases.

The opinion stems from the bankruptcy case of Jackson Masonry, LLC , pending in the United States Bankruptcy Court for the Middle District of Tennessee. Prior to the commencement of the bankruptcy case, Jackson entered into a contract with the Ritzen Group to sell real property. A dispute arose regarding the contract, and Ritzen filed a state court breach-of-contract lawsuit. Within one week prior to the state court trial, Jackson filed a Chapter 11 case. Ritzen filed a motion for relief from the stay to proceed with its state court lawsuit to adjudicate its claim.

The bankruptcy court denied Ritzen’s motion, and Ritzen did not appeal the court’s order under Bankruptcy Rule 8002(a). Ritzen did, however, file a proof of claim. Jackson objected to the proof of claim, and the claim objection was litigated before the bankruptcy court. The bankruptcy court ultimately concluded that Ritzen had breached the contract, and Ritzen appealed that decision – along with the earlier order denying stay relief. In its appeal, Ritzen relied on existing precedent in the courts that finality of an order was based on the circumstances of the case.  Ritzen argued that under these circumstances there had been no substantive issue before the court in the stay relief motion, as it decided only where the contract dispute was to be determined. The district court dismissed Ritzen’s appeal regarding the stay motion as having been untimely filed.  The district court also affirmed the bankruptcy court’s ruling in favor of Jackson on the claim objection. The United States Court of Appeals for the Sixth Circuit affirmed the district court’s opinion, and the Supreme Court granted cert.

In considering Ritzen’s arguments, the Court looked to its prior opinion in In Bullard v. Blue, the Court held that an order denying confirmation of a Chapter 13 plan is not final because the debtor could amend the plan, meaning denial of confirmation of the plan did not conclude the confirmation process. Under Bullard, the focus was on the process and not the substance of the motion. Consistent with Bullard, the Court focused on the language of 28 U.S.C. § 158(a), which gives jurisdiction for appeals from the bankruptcy court to the district court “from final judgments, orders and decrees … entered in cases and proceedings.” The Court stated that the issues were whether a motion for relief from stay is a distinct proceeding and whether the bankruptcy court order terminated that proceeding. The Court found the answer in both instances to be rather clear. The Court opined that a motion for relief from stay under § 362(a) clearly is a proceeding and the bankruptcy court terminated that proceeding by denying the relief being requested. The Court stated that this was similar to a dismissal for personal jurisdiction or dismissal for improper venue, both of which would be final decisions. Also, the Court was concerned that a ruling based on whether the outcome is substantive could lead to inconsistent results. The Court determined that there should not be a subset of finality within stay proceedings, concluding that the analysis should focus on the proceeding itself and not the substantive issue within the motion.

Those critical of the Supreme Court decision state that the Court did not fully appreciate the dynamic nature of bankruptcy cases and, specifically, a motion for relief from stay. A determination that the order is final may preclude the party from seeking relief from stay later in a case, even though circumstances may have changed that would justify a grant of relief. In order to avoid this outcome, parties should ask the bankruptcy court to make it clear in its order that the ruling on a motion for relief from stay, while it may be final, it is not prejudicial to the party asserting the motion at a later date.

False Claims Act Suits Remain a Focus of Whistleblowers in 2019

False Claims Act Suits Remain a Focus of Whistleblowers in 2019Both the Justice Department and an array of whistleblowers’ counsel continue to use the False Claims Act (FCA) to bring suits against banks and mortgage companies, even though recoveries in the financial services sector were scant in 2019. To keep you informed on the status of the law, Bradley’s Government Enforcement and Investigations Practice Group is pleased to present the False Claims Act: 2019 Year in Review, our eighth annual review of significant FCA cases, developments and trends.

Tracking Privacy: State Developments to Keep an Eye On

Tracking Privacy: State Developments to Keep an Eye OnWe are a little more than two weeks into the new year and we’ve already seen several states introduce comprehensive privacy legislation on the heels of California’s Consumer Privacy Act (CCPA). It is no easy task to stay on top of (potentially) 50 different privacy requirements, each with differing applicability standards, definitions, requirements, obligations, and enforcement mechanisms. Cue this series of articles — meant to address developments at the state and (dare we say with fingers crossed) federal level.

Because these bills are coming fast and furious, we are going to focus on the five states that were first “out of the gate” to file their consumer privacy bills in the first two weeks of the new year: Illinois, Nebraska, New Hampshire, Virginia and Washington. We will continue to monitor additional legislation, so please check back for updates and developments.

Overview and General Terms of State Privacy Legislation

Each of the states to propose comprehensive privacy legislation has taken a page (or two) from CCPA’s approach. At the same time, each one adds its own distinct obligations. For example, Nebraska’s proposed legislation is applicable to companies with an annual revenue as low as $10 million (versus $25 million for CCPA), while Virginia increases its threshold resident data collection count to 100,000 (versus 50,000 under CCPA). The majority of the proposed laws would allow for a private right of action for data breaches, while Virginia provides a private right of action for any violation of the proposed legislation. Washington and Nebraska do not provide a private right of action.

Below is a breakdown of each state’s proposed legislation. 

Illinois Data Transparency and Privacy Act (SB 2330)

  • Introduced: January 8, 2020
  • Applicability: Any for-profit business (legal entity) that collects or discloses personal information of 50,000 or more Illinois persons or households OR derives 50% or more of its annual revenue from selling consumer’s personal information (broadly defined and similar to CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – including specific pieces of personal information, categories of sources, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Opt-Out – of disclosure of personal information to third parties and affiliates (excludes service providers subject to contractual prohibitions), sale (more narrowly defined than CCPA) of personal information, and processing of personal information by the business, third parties and affiliates.
    • Right to Correction – of personal information.
    • Right to Deletion – of personal information.
  • Exemptions: GLBA, HIPAA, FCRA, HR/Employee personal information
  • Requires Updates to Privacy Policy and Disclosures?:
    • Yes, similar to CCPA.
  • Enforcement: The law would be enforced by the Illinois attorney general, with a private right of action for data breaches.
  • Proposed Effective Date: July 1, 2021

Nebraska Consumer Data Privacy Act Legislative Bill 746

  • Introduced: January 8, 2020
  • Applicability: Any for-profit legal entity that does business in Nebraska and satisfies one or more of the following: (a) has annual gross revenue of more than $10 million, (b) buys, receives, sells or shares the personal information of 50,000 or more Nebraska persons or households, OR (c) derives 50% or more of its annual revenue from selling consumers’ personal information (broadly defined and similar to CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – what personal information is collected, including specific pieces of personal information, categories of sources, business and commercial purpose for collection, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Decline or Opt-Out – of disclosure of personal information to third parties and affiliates. (“Do Not Sell” homepage link required like CCPA).
    • Right to Access – personal information that has been collected.
    • Right to Deletion – of personal information (exclusion similar to CCPA).
  • Exemptions: GLBA, HIPAA, FCRA, HITECH, Uniform Motor Vehicle Records Disclosure Act.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Requires disclosures similar to the CCPA but does not explicitly require updates every 12 months.
  • Enforcement: The law would be enforced by the Nebraska attorney general, with potential for civil penalties of up to $7,500 per violation. No private right of action.
  • Proposed Effective Date: Not specified in proposed legislation.

New Hampshire House Bill 1680

  • Introduced: January 8, 2020
  • Applicability: A business that: (a) has gross revenues in excess of $25 million; (b) alone or in combination, annually buys, receives for the business’s commercial purposes sells, or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or (c) derives 50% or more of its annual revenues from selling consumers’ personal information. (Entities with common branding and control like CCPA).
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Know – what personal information is collected, including specific pieces of personal information, categories of sources, business and commercial purpose for collection, and name and contact information for each third-party affiliate to whom personal information is sold or disclosed.
    • Right to Opt-Out – of disclosure of personal information to third parties and affiliates. (“Do Not Sell” homepage link required like CCPA).
    • Right to Access – personal information that has been collected.
    • Right to Deletion – personal information that has been collected.
  • Exemptions: HIPAA, GLBA, FCRA, HITECH, DDPA, New Hampshire Financial Information Privacy Act.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Yes, similar to CCPA.
  • Enforcement: The law would be enforced by the New Hampshire attorney general, with a private right of action for data breaches.
  • Proposed Effective Date: January 1, 2021

The Virginia Privacy Act (H 473)

  • Introduced: January 8, 2020
  • Applicability: Any entity that conducts business in Virginia or targets Virginia intentionally with products and/or services and: (1) controls or processes personal data of 100,000 or more consumers; OR (2) derives over 50 percent of gross revenue from the sale of personal data and processes or controls personal data of not fewer than 25,000 customers.
  • Privacy Rights Afforded Under Proposed Legislation:
    • Right to Access – a copy of the personal data that the controller maintains in identifiable form.
    • Right to Know – including whether personal data is being processed or sold; where personal data is being processed.
    • Right to Correct – including the completion of incomplete personal data.
    • Right to Delete – personal information.
    • Right to Restrict Processing – to specific purposes pursuant to the consumer’s request.
    • Right to Object to Processing – including the right to object to targeted advertising.
  • Exemptions: HIPAA, FCRA, GLBA, Driver’s Privacy Protection Act (DPPA), HR/Employee personal information
  • Requires Updates to Privacy Policy and Disclosures?: Yes, similar to CCPA.
  • Enforcement: Controllers have a 30-day cure period, after which consumers may bring a claim under the Virginia Consumer Protection Act (§ 59.1-196 et seq.). Consumers may recover actual damages or $500, whichever is greater. If the violation is found to be willful, actual damages may be trebled (maximum) or increased to $1,000, whichever is greater. The bill specifically provides that joint controllers or processors may be held liable under “according to the principles of comparative fault.”
  • Proposed Effective Date: Not specified in proposed legislation.

Washington Privacy Act SB 6281

  • Introduced: January 13, 2020
  • Applicability: Legal entities that conduct business in Washington or produce products or services targeted to residents of Washington; and (1) control or process data of 100,000 or more customers; or (2) derive over 50% of gross revenue from the sale of personal data (broadly defined like CCPA) and process or control personal data of 25,000 or more customers.
  • Exemptions: HIPAA, FERA, GLBA, FERPA, Student Privacy Act, DPPA, HR/Employee Personal Information
  • Privacy Rights Afforded:
    • Right to Access – right to confirm whether controller is processing personal data concerning consumer and right to access the same.
    • Right to Correct – right to correct inaccurate personal information.
    • Right to Deletion – of personal information (exclusions similar to CCPA).
    • Right to Obtain – personal information in a manner similar to CCPA.
    • Right to Opt-Out – of processing of personal information for targeted advertising; the sale of personal information; profiling in furtherance of decisions that produce legal effects concerning a consumer or similar significant effects concerning a consumer.
  • Requires Updates to Privacy Policy and Disclosures?:
    • Requires disclosures similar to CCPA but does not explicitly require 12-month updates.
  • Enforcement: The law would be enforced by the Washington attorney general. There is no private right of action. The attorney general may bring action in the name of the state or as parens patriae on behalf of persons residing in the state. Penalty not more than $7,500 per violation.
  • Proposed Effective Date: July 31, 2021
LexBlog