FFIEC Highlights Cyber Insurance for Financial Institutions

FFIEC Highlights Cyber Insurance for Financial InstitutionsThe Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement emphasizing the need for lenders and servicers to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most in the industry have already recognized: Cyber coverage is quickly becoming indispensable.

Among the points highlighted by the FFIEC:

  • Financial institutions face a variety of risks from cyber incidents, including risks resulting from fraud, data loss, and disruption of service.
  • Traditional insurance coverage may not cover cyber risk exposures.
  • Cyber insurance can be an effective tool for mitigating risk.
  • Insurance does not remove the need for an effective system of controls as the primary defense to cyber threats.
  • The cyber insurance marketplace is growing and evolving, requiring due diligence to determine what insurance products will meet an organization’s needs.

Although not specifically mentioned in the FFIEC statement, financial institutions should be aware that cyber coverage can be an important source of mitigating regulatory risk associated with data breaches – if the organization purchases a policy that provides regulatory coverage. Today, there are a number of insurers offering products that reimburse costs for investigating and responding to a regulatory investigation or enforcement proceeding, as well as provide coverage for administrative penalties. Given amplified scrutiny from regulators in the area of data security, the importance of such coverage continues to increase. With a rapidly changing market, institutions should carefully review policies to be sure that the scope and limitations of coverage match their exposure.

SEC Action Highlights Importance of Specific Language in Directors and Officers Insurance for Fintech and Other Startup Companies

SEC Action Highlights Importance of Specific Language in Directors and Officers Insurance for Fintech and Other Startup CompaniesThe founder of Mozido, the fintech startup once claimed to be valued at $5.6 billion, has been named as a defendant in a civil lawsuit filed by the Securities and Exchange Commission (SEC). The complaint names Michael Liberty (and others) individually and also names corporate entities related to Mozido as defendants. This action by the SEC highlights the importance of ensuring adequate Directors and Officers (D&O) insurance for startup fintech entities and for their directors and officers. In addition, the fraud allegation illustrates the significance of negotiating specific language in the standard D&O fraud exclusion.

In its civil complaint, the SEC asserts that the defendants engaged in a “long-running fraudulent scheme using multiple fraudulent securities offerings” that “tricked investors into believing they were funding fast-growing startup companies.” The complaint further alleges that this fraudulent scheme “centered on MDO, a financial technology company (then known as Mozido LLC), and later on Mozido, Inc.” and that “Liberty claimed to be the founder of MDO and served as a de facto officer of MDO and Mozido, Inc.” The 66-page complaint asserts a number of securities fraud claims and seeks injunctive relief, disgorgement, and civil monetary penalties.

The typical D&O policy provides insurance coverage under three different insuring agreements, commonly known as Side A, Side B, and Side C coverage. Side A provides “direct” or personal liability coverage for individual directors and officers where the company cannot legally provide a defense or indemnify loss (where such indemnity is prohibited by state law) or where the company is financially unable to do so. Side B indirectly covers the individual directors and officers of the company by reimbursing the company for defense or indemnity payments that the company has made or is required to make on behalf of its directors and officers. Side C, which is also known as “entity coverage,” provides coverage for claims against the company itself. In short, D&O insurance may protect corporations from potentially sizable losses and also protects the individual directors or officers against those losses when corporate indemnification is not available.

The insuring agreement of most D&O policies will provide coverage for “loss” that is incurred as a result of a “claim” made for a “wrongful act.” While the specific language of D&O policies varies, the term “claim” typically refers to an assertion of a legal right or demand for payment by a third party against the insured, and the term “wrongful act” generally is defined as “actual or alleged act, error, misstatement, misleading statement, omission or breach of duty.” Importantly, the term “loss” usually includes defense costs; the value of the D&O policy in providing coverage in response to claims such as the SEC complaint is that the insurer should advance defense costs to an individual, or corporation, accused of offenses.

In addition, most D&O policies will include a “fraud exclusion,” which excludes coverage for claims based on an insured’s fraudulent act. A policyholder may incorrectly assume that a claim alleging a “long-running fraudulent scheme,” such as the SEC complaint, is excluded by a D&O policy. It is important to understand, however, that under the fraud exclusion language found in many D&O policies, allegations of fraud alone are insufficient to trigger the exclusion. For example, the fraud exclusion may apply only when there is an “actual finding of dishonesty or fraud,” a “final adjudication of fraud,” or better yet, fraud that is “established by a final and non-appealable adjudication.” Courts interpreting such narrow fraud exclusions, which are construed against the insurer, have generally found that “actual finding” requires a finding of fraud by a court. When such language is included in the fraud exclusion, the D&O insurer should provide coverage for claims such as the SEC complaint, unless and until a court finds the defendant has committed fraud.

Any fintech startup should work with coverage counsel and an experienced broker to identify risks and consider procurement of insurance to offset those risks. Counsel and the broker can help ensure that policy language, such as a narrow fraud exclusion, will maximize coverage to the insured in the event of a claim.

Do Servicers Have to Monitor Whether a Successor in Interest is in Bankruptcy? CFPB’s FAQ Suggests the Answer is “Yes”

Do Servicers Have to Monitor Whether a Successor in Interest is in Bankruptcy?  CFPB’s FAQ Suggests the Answer is “Yes”As the effective date for the CFPB’s successor in interest and bankruptcy billing statement requirements quickly approaches, one question we’ve heard multiple times is whether a mortgage servicer is required to know when a confirmed successor in interest is in bankruptcy. The question stems from upcoming provisions in Regulations X and Z that will collectively say, in essence, that a confirmed successor in interest must be treated as if he or she is a borrower for the purposes of the mortgage servicing rules. Combine that mandate with specific requirements in the periodic billing statement and early intervention contexts that apply when “any consumer [or borrower] on a mortgage loan is a debtor in bankruptcy” and it becomes clear why many servicers have wondered whether a confirmed successor in interest’s bankruptcy might trigger the various bankruptcy-specific requirements in the mortgage servicing rules.

On March 20, 2018, the CFPB arguably settled the debate when it published a set of Frequently Asked Questions that primarily addresses issues related to the upcoming periodic billing statement requirements for borrowers in bankruptcy. However, towards the end of the FAQ the CFPB includes the following question:

Do servicers have a responsibility to know if a confirmed successor in interest is in bankruptcy for purposes of complying with the early intervention and periodic statement requirements?

The answer, which may be surprising to some, is “yes”:

Under Regulation X, § 1024.30(d) and Regulation Z, § 1026.2(a)(11), confirmed successors in interest are considered “borrowers” for purposes of the early intervention requirements and “consumers” for purposes of the periodic statement provisions. Because confirmed successors in interest are considered to be “borrowers” and “consumers” for the relevant parts of Regulation X and Regulation Z, servicers need to know whether confirmed successors in interest are in bankruptcy and may want to include them in any normal checks they utilize to identify borrowers in bankruptcy.

This means that yes, mortgage servicers do have to monitor whether a confirmed successor in interest is in bankruptcy and will, therefore, have to figure out how to include confirmed successors in interest in their standard bankruptcy checks. This may mean obtaining a confirmed successor in interest’s Social Security number or figuring out another way to determine whether a confirmed successor in interest is impacted by bankruptcy.

As the CFPB noted, if a borrower or consumer—and now a confirmed successor in interest—is a debtor in bankruptcy, a servicer’s obligations change in terms of early intervention contact and periodic billing statements. Although there are some nuances to the early intervention requirements when someone is in bankruptcy, servicers generally seem much more comfortable in that context as compared to the upcoming billing statement requirements when someone is impacted by bankruptcy. On April 19, 2018, new billing statement requirements will go into effect for when someone is in active bankruptcy or has received a discharge. There are certain scenarios where a servicer may be exempt altogether from sending periodic statements, but, when those exemptions do not apply, the upcoming law requires very detailed content and formatting modifications that take into account different chapters of bankruptcy.

In terms of required content on a periodic billing statement and whether a confirmed successor in interest’s status as a debtor in bankruptcy will trigger the modified billing statement obligations, the CFPB posed the following question in its FAQ:

Do the modifications to the periodic statement required for borrowers in bankruptcy apply if the borrower is a confirmed successor in interest in bankruptcy?

Given the CFPB’s response to the first question, you might not be surprised to learn that the answer is “yes”:

Under Regulation Z, § 1026.2(a)(11), confirmed successors in interest are borrowers for purposes of the periodic statement provisions, and so the periodic statement modification requirements for borrowers in bankruptcy in § 1026.41(f) would apply to the periodic statements supplied to that confirmed successor in interest in bankruptcy.

This means that not only will servicers have to figure out how to track whether a confirmed successor in interest is in bankruptcy, they will also have to figure out how to appropriately populate the periodic billing statement, in many cases with information that is specific to the successor’s bankruptcy case.

Together, these two questions and answers shed light on how the CFPB currently interprets the new law. They very clearly do believe that a confirmed successor in interest must be treated as a borrower or consumer for the purposes of all mortgage servicing rules, including those triggered by bankruptcy. Although it is helpful to have some clarity from the CFPB in advance of the rules’ effective date, the timing—approximately just one month before servicers are expected to be fully compliant—is likely to leave some servicers scrambling at the last minute.

CFPB Issues Implementation Guidance for Mortgage Servicing Rule Amendments

CFPB Issues Implementation Guidance for Mortgage Servicing Rule AmendmentsOn March 29, 2018, the Consumer Financial Protection Bureau (CFPB) released two important implementation tools that may help mortgage servicers ensure compliance with recent amendments to the mortgage servicing rules in Regulations X and Z. This release comes shortly after the CFPB published a set of Frequently Asked Questions that primarily addressed issues related to the upcoming periodic billing statement requirements for borrowers in bankruptcy, and certain interactions with successors in interest.

First, the CFPB updated its Small Entity Compliance Guide so that it now reflects the status of the law that will become effective on April 19, 2018. The new version 3.1 incorporates the latest timing requirements related to the transition to and/or from modified periodic billing statements that account for a consumer’s status as a debtor in bankruptcy. That change stems from the CFPB’s March 8, 2018, final rule that amended the 2016 Mortgage Servicing Rules. Additionally, version 3.1 now removes aspects of the mortgage servicing rules that will no longer be in effect on or after April 19, 2018. For example, the blanket exemption from sending periodic billing statements to all accounts impacted by bankruptcy is removed, and the guide now reflects the upcoming rule that will soon be in effect.

Second, the CFPB published a Mortgage Servicing Coverage Chart that explains the applicability and exclusions of each section of the mortgage servicing rules in Regulations X and Z. The new version replaces the prior chart that the CFPB released in 2014, and now incorporates all of the CFPB’s amendments to the original rules. This type of document has historically been one of the more valuable and relied upon tools issued by the CFPB.

After comparing the new version to the older one, a few notable changes become evident:

  • The CFPB now clarifies in the escrow context that annual escrow statements are not required for “certain default, foreclosure, or bankruptcy situations, per 1024.17(i)(2).”
  • Early intervention partial exemptions for borrowers in bankruptcy and “certain debt collection-related situations,” meaning borrowers who are protected by the Federal Fair Debt Collection Practices Act and who properly submit a cease communication request, are now included.
  • Small servicer obligations in the loss mitigation and dual tracking context are more accurate and specific. The prior version suggested that small servicers were prohibited from filing foreclosure if a borrower is performing pursuant to a loss mitigation agreement or is less than 120 days delinquent. The new version more accurately explains that a small servicer must comply with “certain prohibitions on foreclosure referral, moving for judgment or order of sale, or conducting a sale.”
  • The new version now specifies that a servicer may be exempt from sending the otherwise required notice in conjunction with the first interest rate change on an ARM loan in “certain debt collection-related situations,” meaning when borrowers who are protected by the Federal Fair Debt Collection Practices Act properly submit a cease communication request.
  • New periodic billing statement exemptions for certain charged off loans and certain consumers impacted by bankruptcy are now included.
  • Applicable mortgage servicing requirements that were not part of the original 2014 rules (e.g., escrow cancellation notices in 1026.20(e) and mortgage loan transfer disclosures in § 1026.39) are not included on the chart.

As mentioned above, the CFPB’s scope chart has long been a valuable tool for mortgage servicers to ensure compliance and assist in deciphering what rules apply in certain scenarios. The newest version appears to be a more complete view into the law as it currently stands.

New Decision from the D.C. Court of Appeals Recognizes Additional Defenses to HOA Super-Priority Lien Statute

New Decision from the D.C. Court of Appeals Recognizes Additional Defenses to HOA Super-Priority Lien StatuteAs we noted in last week’s blog post, the District of Columbia Court of Appeals issued a decision on March 1, 2018, that created a new wave of uncertainty for lenders with loans secured by deeds of trust on condominium units in the District of Columbia. In the Liu decision, the court held that a condominium association’s foreclosure on its statutory lien could wipe out a first priority security interest on the same property even when the association expressly purported to foreclose subject to the first deed of trust. But a new decision in U.S. Bank, N.A. v. Green Parks, LLC, issued on March 13, 2018, offers insight into what secured lenders can do to avoid the outcome in Liu.

Green Parks involved a similar fact pattern. In 2013, a condominium association foreclosed on its statutory lien but advertised its sale and described it in the memorandum of purchase and deed as having taken place “subject to” U.S. Bank’s deed of trust.

After the D.C. Court of Appeals issued its decision in Chase Plaza Cond. Ass’n v. JPMorgan Chase Bank (which indicated that a condominium’s foreclosure on its statutory lien could extinguish a first deed of trust), U.S. Bank brought an action to establish the validity of its security interest in relation to Green Parks, which bought the property at the foreclosure sale. Green Parks filed a counterclaim, seeking a judgment that under Chase Plaza, it had acquired title to the property free and clear of U.S. Bank’s interest. U.S. Bank responded to the counterclaim with an answer that raised affirmative defenses – including unconscionability and unclean hands – and moved to dismiss, citing the extensive evidence that the association intended to foreclose on a lien that was subordinate to U.S. Bank’s interest.

In considering U.S. Bank’s motion, the trial court flipped the script. It first converted the motion to dismiss to a motion for summary judgment and denied it. It then went even further by dismissing U.S. Bank’s counterclaim and granting summary judgment against U.S. Bank, even though Green Parks had not requested that relief.

On appeal, the D.C. Court of Appeals quickly reasoned that the trial court’s order was incorrect because it failed to provide the parties with proper notice that it was considering granting summary judgment and because it failed to view the evidence in the light most favorable to U.S. Bank in granting summary judgment for Green Parks. But especially noteworthy is how the court framed the prejudice U.S. Bank suffered as a result of these actions. In the court’s words, “The surprise entry of judgment was not harmless for it deprived the Bank of an adequate opportunity to dodge the bullet.”

The Court of Appeals also noted that Liu left an important question unsettled: What happens if an association forecloses on a lien greater than the six months of unpaid assessments given super-priority status under D.C. law? The Green Parks court described it as an open question as to whether such a lien is “entirely lower in priority than a first deed of trust or whether a portion of the lien enjoys super-priority status.”

Furthermore, the Green Parks decision instructed that, on remand, the trial court had to consider the merits of U.S. Bank’s arguments that the association’s foreclosure sale should be set aside based on equitable doctrines such as unclean hands or unconscionability. While Liu may have established the legal priority of the association’s lien, U.S. Bank’s arguments that the sale was invalid based on equitable defenses were still to be decided.

Going forward, lenders now have a road map as to how to protect their deeds of trust on condominiums in the District of Columbia that have been placed in jeopardy as a result of an association’s foreclosure. The first step is determining whether the association included more than six months of unpaid assessments in its advertised lien amount. According to the Green Parks court, such a foreclosure may mean that the entire association lien is subordinate to the deed of trust. Second, and independently, lenders can raise equitable defenses to the association’s foreclosure sale and seek to have it invalidated on those grounds.

Better Late than Never? Alabama, the 50th State to Pass a Data Breach Law

Better Late than Never? Alabama, the 49th State to Pass a Data Breach Law

On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB 62 into law, making his state the 49th to pass a data breach notification law.

Spearheaded by the Attorney General’s Office, SB 318 would make Alabama the 50th and final state to enact data breach notification legislation. Now, all that remains is for Alabama Governor Kay Ivey to sign the bill into law.

The Statute

SB 318 defines a qualifying data breach as any “unauthorized acquisition of data in electronic form containing sensitive personally identifying information (PII).” The proposed bill takes care to include ongoing and repeated data breaches in the definition, as long as the breach is perpetrated by the same offender. The release of publicly available records and law enforcement investigations, though, are not within the scope of SB 318.

Covered Entities and Information

The act has a wide breadth of covered entities ranging from individuals to commercial entities and, notably, nonprofit organizations. Under the act, an affected individual is any Alabama resident whose personal information (PI) is compromised, or “reasonably believed” to be, as a result of a data breach. SB 318 defines the following types of information as PII, when one or more is combined with an individual’s first name or first initial and last name:

  • A non-truncated Social Security number or tax identification number
  • A non-truncated driver’s license number, state-issued identification card number, passport number, military identification number, or other government-issued unique identification number
  • A financial account number in combination with any security code, access code, password, expiration date, or PIN
  • Any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional
  • A health insurance policy number, subscriber identification number, or any unique identifier used by a health insurer
  • User name or email address combined with a password or security question

Reasonably, the act does not include public records as a category of PII.  Likewise, where the data involved in the breach is encrypted or de-identified, SB 318 does not recognize it as PII and will not require consumer notification.

“Reasonable Security” for Covered Entities and Third Parties

SB 318 also imposes a requirement that each covered entity, as well as any third-party vendor of the covered entity, implement and maintain reasonable security measures to protect PII against a breach of security. The proposed statue would require that covered entities and third parties develop security measures that:

  • designate an employee or employees to coordinate the covered entity’s security measures;
  • identify internal and external risks;
  • adopt appropriate information safeguards and assess the effectiveness of such safeguards;
  • retain service providers, if any, that are contractually required to maintain appropriate safeguards for PII;
  • evaluate and adjust security measures to account for changes in circumstances affecting the security of PII; and
  • keep management of the covered entity, including its board of directors, if any, appropriately informed of the overall status of its security measures.

Companies should bear in mind that SB 318, will not only require an incident response plan for Alabama residents, but will also require the creation of a reasonable security plan that complies with the requirements set forth above.

Notice Requirements

The highlight of SB 318 for Alabama consumers is the Section 5 notice requirements. Pursuant to Section 5, a covered entity is required to notify individuals in the event of a breach when PII has been or is “reasonably believed” to have been acquired by an unauthorized person. Under SB 318, companies would be required to notify affected individuals within 45 days of the discovery that a data breach has occurred. The notice may be sent through the mail or by email, but must include the following: (1) the date, or an approximation thereof, of the breach, (2) a description of the sensitive PII that was acquired, (3) a general description of the actions taken to restore the security and confidentiality of the PI involved in the breach, (4) a general description of steps a consumer can take to protect himself or herself from identity theft, and (5) contact information that the individual can use to inquire about the breach. However, where the entity will face excessive cost in notifying affected individuals, where there is incomplete contact information, or where over 500,000 individuals are affected, SB 318 allows for substitute notice in the form of TV, newsprint, radio, and online advertisements.

In addition to notifying affected individuals, SB 318 requires entities to notify the Attorney General’s Office, within 45 days of discovery of a breach, when more than 1,000 people are affected. When notifying the Attorney General, the entity must include a summary of the breach, an estimate of the number of affected individuals, anticipated services that will be offered to individuals because of the breach, i.e. credit monitoring, and a contact to which questions may be directed. Alabama SB 318 also includes a consumer reporting agency notification requirement where more than 1,000 individuals are affected at once.


A violation of SB 318 will also stand as a violation of the Alabama Deceptive Trade Practices Act. There is, however, no private cause of action established by the statute and so any suits brought under it must be initiated by the Office of the Attorney General. Noncompliance with SB 318 could result in fines of up to $5,000 per day for each day that the entity fails to take reasonable action to comply with the notice provisions.


Although SB 318 has yet to be signed into law, it appears to have an overwhelming amount of support from the state legislature, as evidenced by the relative ease and quickness with which it passed in both chambers. SB 318 could go into effect as early as June 2018 if Governor Ivey signs it immediately. For those in Alabama, and elsewhere, this is one to keep an eye on in the next few months.

HOA Super-Priority Lien Law Preempted by Federal Statute

Nevada Supreme CourtGiven the significant role Fannie Mae and Freddie Mac have in the national housing market, it is unsurprising that both have become embroiled in the Nevada HOA super-priority lien litigation. Since July 2008 – well before the Nevada Supreme Court held that an HOA’s foreclosure on its super-priority lien could extinguish a first deed of trust – Fannie Mae and Freddie Mac have been in the conservatorship of the Federal Housing Finance Agency (FHFA). The Housing and Economic Recovery Act of 2008 (Federal Foreclosure Bar), which created FHFA, includes a provision commonly referred to as the Federal Foreclosure Bar, which provides that FHFA’s property shall not be subject to foreclosure without FHFA’s consent. Fannie Mae and Freddie Mac, as well as loan servicers acting on their behalf, have long argued that the Federal Foreclosure Bar preempts the Nevada HOA super-priority lien statute and prevents HOA foreclosure sales from extinguishing the interests of Fannie Mae and Freddie Mac. While the Ninth Circuit already held that the Federal Foreclosure Bar preempts Nevada’s HOA super-priority lien statute, the Nevada Supreme Court had not weighed in until now. On March 21, 2018, the Nevada Supreme Court released a unanimous, en banc opinion in Saticoy Bay LLC Series 9641 Christine View v. Federal National Mortgage Association, siding with the Ninth Circuit on federal preemption.

The case arose after Saticoy Bay purchased the subject property at an HOA foreclosure sale and filed suit against Fannie Mae and others, seeking to quiet title. The trial court granted Fannie Mae’s motion for summary judgment and held that the Federal Foreclosure Bar preempts the Nevada HOA super-priority lien statute. Saticoy Bay appealed and argued (1) that Fannie Mae lacked standing to assert the Federal Foreclosure Bar because the statute protected the property of FHFA and FHFA was not a party to the action, and (2) the Federal Foreclosure Bar did not actually preempt the state law.

The Nevada Supreme Court affirmed the trial court’s judgment, holding that because the Nevada HOA super-priority lien statute allowed an HOA to extinguish Fannie Mae’s interest without the consent of FHFA, it directly conflicted with Congress’ clear goal of protecting Fannie Mae’s property while under FHFA’s conservatorship. The court also confirmed that Fannie Mae has standing to assert the Federal Foreclosure Bar. This decision on standing follows the court’s earlier decision in Nationstar Mortgage, LLC v. SFR Investments Pool 1, LLC that the servicer of a loan owned by Fannie Mae or Freddie Mac has standing to raise the Federal Foreclosure Bar in defense of Fannie Mae’s and Freddie Mac’s property interests.

Importantly, the court rejected Saticoy Bay’s argument that FHFA implicitly consented to extinguishment of the deed of trust by failing to act to prevent the HOA foreclosure sale. Citing the Ninth Circuit’s Berezovsky opinion, the court held that FHFA must affirmatively consent to extinguishment and is not required to actively resist foreclosure.

While this decision is unpublished, it seems to provide an indication as to how the Nevada Supreme Court will rule on the Federal Foreclosure Bar in future published opinions.

D.C. Circuit Court of Appeals’ TCPA Ruling Is a Mixed Bag

D.C. Circuit Court of Appeals' TCPA Ruling Is a Mixed BagOn March 16, 2018, the D.C. Circuit Court of Appeals issued its long-awaited Telephone Consumer Protection Act (TCPA) opinion in ACA International v. Federal Communications Commission, a consolidated appeal of the FCC’s July 10, 2015, TCPA Declaratory Ruling and Order. While the D.C. Circuit Court of Appeals upheld the FCC’s approach to revocation of consent for autodialed calls and exemption for time-sensitive healthcare calls, the opinion sets aside the FCC’s interpretation of the type of telephone equipment that constitutes an “autodialer” and vacates the FCC’s approach to calls to reassigned numbers.

The opinion should have major implications for TCPA litigation concerning the definition of an autodialer and provides some clarification for compliance with the TCPA’s revocation of consent scheme. The opinion, however, creates more uncertainty regarding calls to reassigned numbers.

The petitioners in ACA International challenged four aspects of the FCC’s 2015 TCPA Declaratory Ruling and Order:

  • The types of telephone equipment that constitute an autodialer for purposes of the TCPA;
  • Whether a call to a reassigned number violates the TCPA;
  • How a party who previously consented to autodialed calls can revoke consent; and
  • The scope of the FCC’s narrow exemption for certain healthcare-related calls.

In its opinion, the D.C. Circuit Court of Appeals struck down the FCC’s expansive definition of what types of telephone equipment constitutes an autodialer for purposes of the TCPA. Citing current FCC Chairman Ajit Pai’s dissenting opinion to the FCC’s 2015 Declaratory Ruling and Order, the court noted that the FCC’s interpretation encompassed any and all smartphones—which are now nearly ubiquitous.  The court stated that the “TCPA cannot reasonably be read to render every smartphone an [autodialer] subject to the Act’s restrictions,” and accordingly found that the FCC’s interpretation was arbitrary and capricious.

In addressing calls to reassigned numbers, the court also set aside the FCC’s one-call, post-reassignment safe harbor and the FCC’s treatment of reassigned numbers more generally.

The TCPA does not prohibit autodialed calls to cells phones “made with the prior express consent of the called party” (47 U.S.C. § 227 (b)(1)(A)(iii)). While the FCC interpreted “called party” to refer to the person actually reached, the petitioners in ACA International contended that the “called party” actually means the person the caller expected to reach—an interpretation which would limit liability for calls to reassigned numbers.  The court sided with the FCC, finding that the FCC could permissibly interpret “called party” to mean the person subscribing to the called number at the time the call is made.  While the opinion appears to further limit what is not an autodialer, it does very little to define what is an autodialer.  Accordingly, this issue will likely continue to be the subject of litigation, as the courts work through the uncertainty over what is and is not an autodialer.

The court, however, went further, striking down as arbitrary the FCC’s safe harbor for just one call to a reassigned number before TCPA liability is imposed. The court noted that the FCC could not justify why a caller’s reasonable reliance on a previous subscriber’s express consent only extended to one call, making the rule arbitrary. Because striking down the one call safe harbor would result in a more severe and strict liability regime for calls to reassigned numbers—which the court did not think the FCC would have intended—the court set aside the FCC’s treatment of reassigned numbers as a whole.

Next, the court upheld the FCC’s approach to revocation of consent, which allows a called party to revoke consent at any time and through any reasonable means (rejecting industry requests for an interpretation that would allow callers to prescribe an exclusive means for revocation of consent). The court’s opinion, however, appears to support the caller’s creation of clearly defined and easy-to-use revocation processes as a means to limit some of the uncertainty of what methods of revocation are considered reasonable. To this end, the court noted that the FCC’s ruling absolves callers of any responsibility to adopt revocation procedures and systems that would entail “undue burdens,” but does not go so far as to define what might constitute an “undue burden.”

The court also noted that the FCC’s ruling does not address revocation procedures contractually agreed upon by the parties. Accordingly, the court stated that nothing in the FCC’s ruling “should be understood to speak to parties’ ability to agree upon revocation procedures.”

Lastly, the court upheld the scope of the FCC’s exemption of certain healthcare-related calls from the TCPA’s prior-consent requirement for calls to wireless numbers. Rite Aid challenged the scope of the FCC’s exemption on the grounds that it conflicted with the Health Insurance Portability and Accountability Act (HIPAA) and was arbitrary and capricious. The court held that HIPPA does not conflict with or supersede the TCPA and that the FCC’s interpretation was reasonable.

Is a Foreclosure Crisis Looming in Our Nation’s Capital?

Is a Foreclosure Crisis Looming in Our Nation’s Capital?The District of Columbia Court of Appeals recently sent a new set of shockwaves through the mortgage industry in the nation’s capital when it released its decision in Andrea Liu v. U.S. Bank National Association. Having held over three years ago that condominium associations have “super-priority” liens for unpaid assessments and can wipe out first mortgages by foreclosing on those liens, the Liu decision went an unexpected step farther: An association’s foreclosure would wipe out the first mortgage even if the association expressly stated that it intended for the foreclosure to be held subject to that mortgage. Secured lenders who thought they might have dodged the bullet now find themselves fighting for the validity of their security interests.

In 2014, the D.C. Court of Appeals issued its decision in Chase Plaza Condominium Ass’n v. JPMorgan Chase Bank, N.A., which addressed the effect of a condominium association’s foreclosure sale in the District of Columbia. The Chase Plaza court explained that D.C. Code § 42-1903.13 entitled a condominium association to foreclose and then apply the sale proceeds first to the six months of assessments considered a “super-priority” lien under D.C. law. Moreover, the court reasoned that because the super-priority lien had seniority over a lender’s first mortgage on the same property, the association’s foreclosure would wipe out that mortgage. If the sales proceeds were insufficient to pay the outstanding balance of the mortgage, then the secured lender would be left with a potentially hefty unsecured debt.

In light of the uncertainty regarding the interpretation of D.C. Code § 42-1903.13, condominium associations wishing to foreclose on a unit had developed a practice of expressly indicating that the property would be sold at a foreclosure sale subject to the lender’s mortgage. In Liu, for example, the advertisements of sale, the memorandum of sale to Ms. Liu, and the deed of trust all specified that the condominium association sale was made subject to the first deed of trust. Thus, the secured lender argued that it was “abundantly clear” that Ms. Liu purchased the property subject to its lien.

The Court of Appeals rejected that argument based on a somewhat surprising reading of D.C. Code § 42-1903.13. The court explained that D.C. Code § 42-1901.07 prevented parties from varying the terms of a condominium association super-priority lien sale by agreement. Based on that reasoning, the Liu court held that notwithstanding the repeated, express representations made by the association indicating that the first mortgage would survive the association’s foreclosure sale, Ms. Liu bought the property free and clear of the first mortgage (for a sales price representing a tiny fraction of the property’s market value).

The practical impact of the Liu court’s holding is that a condominium association’s sale, even if made explicitly subject to a first deed of trust, might not be actually subject to that deed of trust. Secured lenders who have reasonably relied on express representations made by an association that their lien interests would remain intact have suddenly learned that their reliance might have been misplaced.

The D.C. condominium association sale statute was amended in April 2017 to require parties to specify at the outset whether a sale would be a super-priority sale that extinguished all other liens, or a sale for more than the super-priority amount that would be subject to a first deed of trust. For sales prior to that date, however, the Liu decision adds a significant amount of uncertainty. It appears that pre-2017 condominium association sales might now be treated as extinguishing first deeds of trust, even if all parties thought otherwise.

The Liu decision creates an enormous amount of uncertainty as to the enforceability of pre-foreclosure mortgages and whether such mortgages survived condominium association foreclosure sales. It is certainly within the realm of possibility that condominium sale purchasers will now claim that they own their property outright, causing a new wave of litigation in the District of Columbia. Lenders with security interests on D.C. condominiums will be closely watching to see if the D.C. Court of Appeals accepts en banc review of the Liu decision, hopefully to prevent a new wave of uncertainty and litigation.

Federal Reserve Proposes Modifications to Its Supervisory Appeals Process and Ombudsman Policy

On Tuesday, February 27, 2018, the Federal Reserve proposed to modify its guidelines and processes that institutions may rely upon to appeal an adverse material supervisory determination. The proposal also seeks to modify the Federal Reserve’s policy for its Ombudsman. Comments regarding the proposals will be accepted through April 30, 2018.

Federal Reserve Proposes Modifications to Its Supervisory Appeals Process and Ombudsman PolicyAppeals Process

The Federal Reserve’s proposal is “designed to improve and expedite the appeals process.” Specifically, the proposal would remove one of the existing three levels of appeal. The proposed two-tiered framework would require that an initial review panel first consider an entity’s appeal request, and, if the entity continues to have concerns, a final review could be requested.

The initial review panel would be comprised of three Reserve Bank employees and an attorney that would advise the panel on its responsibilities. Those four individuals (1) must not have been substantively involved in any matter at issue in the appeal, (2) cannot report directly or indirectly to anyone who made the initial supervisory determination, (3) must not be employed by the Reserve Bank that made the initial supervisory determination, and (4) must have experience relevant to the issue at hand in the review. The initial review panel would be required to approach the review as if no determination had previously been made, and would be permitted to consider any relevant materials submitted by the institution and the Federal Reserve staff.

The final review panel would be comprised primarily of Federal Reserve Board staff. It would include at least two Federal Reserve Board employees, at least one of whom must be an associate director or hold a higher position. The Federal Reserve Board’s general counsel would also appoint an attorney to advise the panel on its responsibilities. The four individuals (1) must not be employed by the Reserve Bank that made the initial supervisory determination, (2) cannot report directly or indirectly to anyone who made the initial supervisory determination, (3) must not have been members of the initial review panel, and (4) must not have been personally consulted on the issue being appealed or provided guidance on how the issue should be resolved during a prior review. The final review panel would consider whether the initial review panel’s determination was “reasonable and supported by a preponderance of the evidence in the record,” and would not be permitted to review new information that was not in the record. The final review panel’s decision would be made public “[i]n order to maximize transparency.”

The Federal Reserve notes that it welcomes comments on all aspects of the proposal related to the appeals process, but specifically notes that it is seeking comments on:

  • The proposed standards of review for the initial and final review panels;
  • The nature and composition of the initial and final review panels;
  • The record that each of the review panels may consider during an appeal; and
  • The proposed appeal timelines.

Ombudsman Policy

The Federal Reserve’s release notes that the Ombudsman currently “is the initial recipient of all complaints pertaining to the supervisory process, which may include an appeal request.” The proposal would formalize that and would also allow the Ombudsman to attend an appeal hearing or deliberation if requested by the appealing institution or the Federal Reserve staff. The Ombudsman’s role at a hearing or deliberation would be as an observer.

The Federal Reserve is also proposing to make the Ombudsman the decision-maker with respect to claims of retaliation resulting from a supervisory appeal. Finally, the proposal would emphasize within the Ombudsman policy that the Ombudsman is available to facilitate the informal resolution of concerns related to supervisory determinations so as to avoid having to utilize the formal appeals process.

The Federal Reserve is seeking comment on all aspects of the proposed Ombudsman policy modifications.