InfoBytes, February 12, 2010
Sign up for weekly updates
RSS feed
Topics in this issue:
- Federal Issues
- State Issues
- Courts
- Firm News
- Mortgages
- Banking
- Consumer Finance
- Litigation
- Privacy/Data Security
Federal Issues
Banking Regulators Issue Joint Statement on Small Business Lending. On February 5, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Federal Reserve Board, the Office of Thrift Supervision, the National Credit Union Administration, and the Conference of State Bank Supervisors issued an interagency statement announcing that financial institutions will not be subject to supervisory criticism for engaging in prudent lending to creditworthy small business borrowers. According to the statement, financial institutions should understand an individual borrower’s business – including the borrower’s long-term viability and local market conditions – and make credit decisions based on the borrower’s creditworthiness. In particular, (i) cash flow analysis should reflect a “reasonable range” of possible future conditions, (ii) the strength of management should be considered in conjunction with a borrower’s credit history and financial strength, (iii) the loan structure should be appropriate to the expected timing of the business’s cash flow, (iv) a financial institution should not have “excessive reliance” on appreciating or depreciating collateral values (or other cyclical factors) when assessing secondary sources of repayment, and (v) institutions should not rely primarily on general inputs, such as a borrower’s particular industry or geographic location, when making credit decisions. The statement also notes that financial institutions must maintain “robust” risk management practices and that examiners will take a balanced approach to assess an institution’s risk management practices pertaining to small business lending. In particular, examiners will generally not adversely classify small business loans solely due to (i) a decline in the collateral value below the loan balance if the borrower has the willingness and ability to repay the loan, or (ii) the borrower is in an industry or geographical location that is experiencing financial difficulties. Finally, the statement notes that institutions must (i) employ sound underwriting and risk management practices, (ii) maintain adequate loan loss reserves and capital, and (iii) take appropriate charge-offs. For a copy of the joint press release, please see http://federalreserve.gov/newsevents/press/bcreg/20100205a.htm. For a copy of the statement, please see http://federalreserve.gov/newsevents/press/bcreg/bcreg20100205.pdf.
Freddie Mac to Buy Back 120-Day Delinquent Loans. On February 10, Freddie Mac announced that it intends to purchase substantially all loans that are at least 120 days delinquent from its fixed-rate and adjustable-rate mortgage-backed participation certificate securities. The purchases are the result of changes to accounting standards that require financial institutions to hold all performing and nonperforming loans on their books and cease the use of off-balance-sheet special purpose entities. Freddie Mac stated that, as a result of the accounting changes, the cost of guarantee payments to security holders, including advances of interest at the security coupon rate, would exceed the cost of holding the nonperforming loans in the company’s mortgage-related investments portfolio. Freddie Mac also noted that its activities under the Making Home Affordable Program would not be affected by this announcement. For a copy of Freddie Mac’s announcement, see http://www.freddiemac.com/news/archives/mbs/2010/20100210_pc_securities.html.
FINRA Fines Two Companies for Inadequate Anti-Money Laundering Procedures. On February 2, the Financial Industry Regulatory Authority (FINRA) announced fines against two companies for alleged anti-money laundering (AML) program violations. FINRA levied a $450,000 fine against securities-clearing firm Penson Financial Services because it allegedly (i) had insufficient staff and resources to address its AML-related needs, (ii) failed to adequately monitor high-risk activities, and (iii) did not conduct timely investigations of suspicious activities flagged by its internal audit systems. FINRA also levied a $300,000 fine against Pinnacle Capital Markets, an online business that provides primarily foreign customers access to U.S. securities markets. FINRA found that Pinnacle did not have risk-based procedures to verify the identity of sub-account holders, despite the high-risk nature of the accounts. In addition, the firm used a manual suspicious activity review system, which allegedly failed to uncover several suspicious trading patterns. The announcement can be found at http://www.finra.org/Newsroom/NewsReleases/2010/P120859.
FinCEN Finalizes Info-Sharing Rule. On February 5, the Financial Crimes Enforcement Network (FinCEN) adopted as proposed a rule expanding the type of law enforcement agencies that can request information under Section 314(a) of the USA PATRIOT ACT (the Act) in furtherance of their investigations into money laundering and suspected terrorist activities (the proposed rule was reported in InfoBytes, Nov. 20, 2009). Previously, only federal law enforcement could request information under the Act, while the new rule also allows certain foreign, state and local law enforcement agencies to make such requests. Consistent with the present system, requests by law enforcement will be made through FinCEN, not to financial institutions directly. Any requesting law enforcement agency, prior to initiating a 314(a) query, will have to certify to FinCEN that (i) the matter is significant, and (ii) that the agency has been unable to locate the information sought through traditional methods of investigation and analysis. The rule became effective February 10, 2010. For a copy of the final rule, please see http://www.fincen.gov/statutes_regs/frn/pdf/20100204.pdf.
State Issues
Illinois Attorney General Files Unfair and Deceptive Marketing Practices Suits Against Reverse Mortgage Providers. On February 8, Illinois Attorney General Lisa Madigan filed suits against two mortgage brokers, Hartland Mortgage Centers, Inc. (Hartland) and American Advisors Group, Inc., for allegedly employing unfair and deceptive marketing practices in marketing reverse mortgages. According to the complaints, the companies allegedly implied in advertisements that (i) consumers were eligible for lifetime monthly income or lump-sum payments that are part of government benefit programs, (ii) the reverse mortgages would only be offered for a short time – often by including “expiration dates” in the advertisements, and (iii) consumers would maintain ownership of their property when in fact they could face foreclosure if the terms and conditions of the loan were not met. The complaint against Hartland further alleges that Hartland unfairly implied that borrowers would more greatly benefit from a reverse mortgage that paid a lump sum. The Attorney General is seeking (i) a permanent injunction banning the defendants from engaging in deceptive advertising and marketing, (ii) restitution for consumers, (iii) civil penalties, and (iv) the costs of the investigation and prosecution of the lawsuits. For a copy of the press release, please see http://www.illinoisattorneygeneral.gov/pressroom/2010_02/20100208.html.
Florida Regulator Announces Administrative Charges for Unlicensed Loan Modifications. On February 4, the Commissioner of the Florida Office of Financial Regulation announced administrative charges against Alpalo, Inc., Loan Modification Professional Service, Inc., and Mortgage Critics, LLC for providing loan modification services without a license. The administrative charges are the first made under a new law, effective January 1, 2010, that requires individuals and companies providing loan modification services (e.g., refinancing or adjusting interest rates) to Florida borrowers to maintain an active Florida mortgage lender, mortgage broker or correspondent mortgage lender license (reported in InfoBytes, Dec. 11, 2009). Under the law, loan modification service providers are prohibited from charging up-front fees for loan modification services. Further, unlicensed persons or entities that provide loan modification services to Florida borrowers may be subject to criminal penalties. For a copy of the press release, please see http://www.flofr.com/PressReleases/ViewMediaRelease.asp?ID=3424.
Multistate Mortgage Committee Announces Availability of Standardized Format for Loan Portfolio Data. On February 10, the Conference of State Bank Supervisors/American Association of Residential Mortgage Regulators Multistate Mortgage Committee (MMC) announced the availability of a standardized data format, the Licensee Examination File (LEF), to prepare loan portfolio data for submission to state regulators. While electronic data submissions of loan portfolio information to state regulators are currently optional, the MMC notes that all lenders will be expected to provide loan portfolio data uploads by 2011. Further information on the LEF will become available after February 22, 2010 via the website http://www.RCCertify.org. For a copy of the press release, please see http://www.buckleysandler.com/CSBS_021010.pdf.
Courts
Fourth Circuit Holds Only Consummated Credit Transactions Eligible for Rescission Under TILA. On February 5, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court decision that the right to rescind under the Truth in Lending Act (TILA) is available only for a consummated credit transaction. Weintraub v. Quicken Loans, Inc., No. 08-2373, 2010 WL 398124 (4th Cir. Feb. 5, 2010). In Weintraub, the plaintiffs paid a $500 deposit to the defendant lender to cover out-of-pocket expenses incurred in connection with an application to refinance a loan. Prior to closing, the plaintiffs (i) withdrew their loan application, (ii) delivered a notice of right to cancel to the lender, and (iii) demanded a refund of their deposit. The lender refused to refund the entire deposit to the plaintiffs, citing that it was not required to do so pursuant to the terms of a deposit agreement entered into by the plaintiffs. The plaintiffs alleged that the lender’s refusal to refund their deposit within 20 days of receipt of an executed notice of right to cancel violated TILA. In arriving at its decision, the court rejected the plaintiffs’ argument that the right to rescind can arise immediately after a lender’s delivery of either notices of right to cancel or TILA disclosures. Instead, the court clarified that delivery of both items, as well as consummation of the credit transaction, is required before a borrower may exercise a right to rescind under TILA. The court relied on precedent, interpretations set forth in Regulation Z, and TILA’s definitions of “residential mortgage transaction” and “reverse mortgage transaction” in support of its finding. Finally, the court noted that granting eligibility for rescission under TILA to unconsummated credit transactions would “give potential borrowers a right to a ‘free application’ for home financing, requiring lenders to bear the costs of credit reports and appraisals regardless of whether the borrower intended to proceed to a closing of the transaction.” For a copy of the opinion, please see http://pacer.ca4.uscourts.gov/opinion.pdf/082373.P.pdf.
First Circuit Holds Private Right of Action Available in FCRA “Reasonable Investigation” Disputes. On February 9, the U.S. Court of Appeals for the First Circuit affirmed a Massachusetts district court’s ruling in a suit alleging violations of the Fair Credit Reporting Act (FCRA) and Fair Debt Collection Practices Act. Chiang v. Verizon New England, Inc., No. 09-1214, 2010 WL 431873 (1st Cir. Feb. 9, 2010). In Chiang, the plaintiff consumer alleged that defendant Verizon New England (Verizon NE), a furnisher of information to credit reporting agencies (CRAs), violated FCRA by failing to adequately investigate the disputes that he filed with CRAs about his billing history, as required by FCRA (15 U.S.C. §1681s 2(b)). As a threshold matter, the court concluded that section 1681s-2(b) provides consumers with a private right of action. Citing Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147 (9th Cir. 2009), the court also determined that the consumer bears the burden of proof with a claim under section 1681s-2(b) to show that (i) the furnisher failed to conduct an objectively reasonable investigation, and (ii) that such an investigation would have uncovered actual inaccuracies (Gorman was reported in InfoBytes, Jan. 16, 2009 and InfoBytes, Oct. 23, 2009). During the district court proceedings, the consumer produced no evidence concerning Verizon NE’s procedures for investigating disputes filed through CRAs. In support of his allegations that Verizon NE was reporting inaccurate information, the consumer produced his own deposition transcripts, affidavits, and letters to Verizon NE, but failed to produce any corroborating evidence. The court concluded that the consumer failed to raise a genuine issue of material fact on two key issues on which he bore the burden of proof. First, the consumer failed to prove that Verizon NE’s investigations of his disputes with the CRAs was unreasonable. As a separate and independent issue, the consumer also failed to prove that there were actual inaccuracies in the data Verizon NE reported to CRAs that could have been detected in a reasonable investigation. Accordingly, the court affirmed the ruling granting summary judgment for Verizon NE. For a copy of the opinion, please see http://www.ca1.uscourts.gov/pdf.opinions/09-1214P-01A.pdf.
Virginia Federal District Court Holds FDCPA Does Not Permit Cancellation of Debt. On February 3, the U.S. District Court for the Eastern District of Virginia held that injunctive and declaratory relief that has the effect of cancelling or extinguishing a debt is not available to private litigants suing for violations of the Fair Debt Collection Practices Act (FDCPA). Vitullo v. Mancini, No. 1:09cv614, 2010 WL 438248 (E.D. Va. Feb. 3, 2010). In Mancini, the plaintiffs received a “Pre-Foreclosure/Right to Cure” letter from a foreclosure attorney in connection with their mortgage debt. The plaintiffs notified the attorney that they were disputing the debt and requested the name and address of the original creditor; however, because the alleged default was not cured, the attorney foreclosed on their property. The plaintiffs then brought suit, claiming that the foreclosure sale of their property violated § 1692g(b) of the FDCPA, which requires debt collectors to cease collection of disputed debts. The plaintiffs requested a declaration that the foreclosure sale was invalid and that the plaintiffs had no liability to the noteholder for any deficiency on the note. The court, however, held that this remedy was not available under the FDCPA. According to the court, “[private] litigants are limited to the damages remedy provided in 15 U.S.C. § 1692k(a) because: (i) the FDCPA’s structure--namely the difference in remedies expressly provided in § 1692k(a) and § 1692/(a)--implies that only the FTC is permitted to seek injunctive relief under the FDCPA; and (ii) nothing in the FDCPA suggests that a debtor may seek a declaratory judgment under the FDCPA cancelling or extinguishing a debt, in lieu of damages.” For a copy of the opinion, please see http://www.buckleysandler.com/Vitullo_v_Mancini.pdf.
Lawsuits Allege Banks Did Not Maintain “Commercially Reasonable” Data Security Systems. Recently, data security breaches at banks in Texas and Maine have resulted in two separate lawsuits alleging that the banks did not maintain “commercially reasonable” data security systems. PlainsCapital Bank v. Hillary Mach. Inc., No. 4:09-cv-00653 (E.D. Tex. Dec. 31, 2009). Patco Constr. Co. Inc. v. People’s United Bank, No. 2:09-CV-00503 (D. Maine Feb. 2, 2010). In PlainsCapital, a Texas bank approved an $800,000 transfer request from the account of a machining company. The transfer was discovered to be fraudulent and, though the bank was able to recover nearly three-quarters of the transferred funds, the machining company sent a letter to the bank arguing that the bank was liable for the remaining funds, because it failed to maintain “commercially reasonable security measures” in its internet banking system. Shortly after receiving the letter, the bank filed a complaint in the Eastern District of Texas seeking a declaratory judgment that its security measures are “commercially reasonable” within the meaning of §§ 4A-201 and 4A-202 of the Uniform Commercial Code (UCC). In Patco, a construction company sued a Maine bank after the bank allowed a fraudulent transfer of $588,581 from the company’s account. In its complaint, the construction company alleged, among other things, (i) that the bank failed to maintain “commercially reasonable” data security, as required by § 4-1204 of Maine’s version of the UCC, because the bank employed single factor user authentication, instead of multi-factor user authentication as recommended by the Federal Financial Institutions Examination Council’s online banking security standards guidance, and (ii) set an unreasonably low threshold for the challenge question for authentication of customer passwords (the complaint, originally filed in state court, was reported in InfoBytes, Oct. 9, 2009). In its answer, the bank argued that the construction company was contributorily negligent because it failed to perform daily monitoring of its account, as required by its eBanking agreement and Automated Clearing House transfer of funds contract with the bank. For a copy of the complaint in PlainsCapital, please see http://www.buckleysandler.com/Plainscapital_v_Hillary.pdf. For a copy of the complaint and defendant’s answer in Patco, please see http://www.buckleysandler.com/Patco_v_Peoples.pdf and http://www.buckleysandler.com/Patco_v_Peoples(1).pdf.
Illinois Federal Court Finds Collection Agency’s Letters Violated the FDCPA. On January 26, the U.S. District Court for the Northern District of Illinois held that statements in a defendant collection agency’s form letters to consumers who inquired about their accounts were false, deceptive, and misleading, in violation of the Fair Debt Collection Practices Act (FDCPA). Hale v. Afni, Inc., No. 08 CV 3918, 2010 WL 380906 (N.D. Ill. Jan. 26, 2010). The class included all individuals, with addresses in Illinois, Indiana, or Wisconsin, to whom the defendant collection agency sent the form letter that the named plaintiff received (the certification of the class reported in InfoBytes, Nov. 6, 2009). The plaintiffs alleged that the collection agency sent false, non-responsive form letters to every consumer who wrote to the collection agency without providing payment, stating that the collection agency was "unable to investigate" the debt and that the consumers had "provided insufficient information to substantiate [the] claim.” The court found that these statements were false based on the collection agency’s subsequent actions, but noted that false statements, by themselves, do not violate the FDCPA; the statements must also be (i) confusing or misleading, and (ii) “material.” The court determined that the statements were "plainly deceptive" and that the collection agency’s explanation of the statements not only failed to establish their veracity but also “rings with insincerity.” The collection agency never explained why the information that the consumers provided was insufficient, and it made no effort to tailor its letter to reflect the additional information supposedly necessary to investigate or substantiate the claim. Noting that it must consider the letter from the vantage point of the unsophisticated consumer, the court further concluded that the collection agency’s letter would confuse an unsophisticated consumer--or, for that matter, any consumer. Finally, the court concluded that the challenged false statements were material because they (i) impaired a consumer’s ability to challenge the debt at issue, and (ii) would influence a consumer’s decision to pay a debt. The court also found that the collection agency could not assert the bona fide error defense because, even if this defense were available for errors of law, the collection agency had not established that it reasonably relied on either (i) the legal opinion of an attorney who had conducted the appropriate legal research, or (ii) the opinion of another person or organization with expertise in the relevant area of law (e.g., the appropriate government agency). For a copy of the opinion, please see http://www.buckleysandler.com/Hale_v_AFNI_01_10.pdf.
Firm News
Sara Emley will speak at the Investment Adviser Association/ACA Insight 2010 Adviser Compliance Forum on February 25 in Arlington, VA. Her topic is “Current Hot Topics for Managers with Individual Clients.”
David Baris will speak regarding bank director liability at the NACD/AABD Bank Director Workshop on April 14.
Kirk Jensen spoke on January 9 at the winter meeting of the Consumer Financial Services Committee of the American Bar Association’s Business Law Section in Park City, Utah. He gave one presentation entitled "Consumer Financial Protection Agency: Past, Present and Future," and another entitled “Government Enforcement Trends and Servicing Best Practices.” Kirk has also been named chair of the Residential Real Estate Subcommittee of the ABA Litigation Section’s Real Estate Litigation Committee.
Jeff Naimon spoke on January 10 at the winter meeting of the Consumer Financial Services Committee of the American Bar Association’s Business Law Section in Park City, Utah on Truth in Lending Act case law developments.
Jeff Naimon spoke on January 12 in an American Bankers Association Telephone Briefing focusing on “RESPA and TILA Compliance in the NEW Mortgage World.”
Joe Kolar spoke to member institutions of the Federal Home Loan Bank of Chicago on the new RESPA and TILA rules on January 13.
Andrew Sandler was selected to receive a Good Apple Award at the Louisiana Appleseed’s Good Apple Gala for his vision aimed at expanding access to financial institutions for Latino immigrants and his leadership in bringing together Louisiana banks and Federal banking regulators to discuss barriers to access and solutions. The Gala was held on January 21 in New Orleans, LA.
Jonathan Cannon was quoted in a January 22 article in RESPA News entitled “Judge Issues Another Ruling in RESPA ‘Thing of Value’ Case Involving Inflated Appraisals.”
Margo Tank presented a one-hour, one-credit CLE telephone seminar entitled “Electronic Signatures and Records—What’s the Current Law?” on January 26.
Andrew Sandler spoke at the American Conference Institute’s 9th Annual Conference on Consumer Finance Class Actions & Litigation in Washington, DC on January 27-8.
Jenifer Slagle Peck spoke at an event at American University Washington College of Law on Thursday, February 4 regarding legal careers.
John Kromer was a participant in a panel entitled "Federal Registration of Mortgage Loan Originators and NMLS" on February 10 at the 2010 NMLS User Conference in San Diego, CA.
Mortgages
Freddie Mac to Buy Back 120-Day Delinquent Loans. On February 10, Freddie Mac announced that it intends to purchase substantially all loans that are at least 120 days delinquent from its fixed-rate and adjustable-rate mortgage-backed participation certificate securities. The purchases are the result of changes to accounting standards that require financial institutions to hold all performing and nonperforming loans on their books and cease the use of off-balance-sheet special purpose entities. Freddie Mac stated that, as a result of the accounting changes, the cost of guarantee payments to security holders, including advances of interest at the security coupon rate, would exceed the cost of holding the nonperforming loans in the company’s mortgage-related investments portfolio. Freddie Mac also noted that its activities under the Making Home Affordable Program would not be affected by this announcement. For a copy of Freddie Mac’s announcement, see http://www.freddiemac.com/news/archives/mbs/2010/20100210_pc_securities.html.
Illinois Attorney General Files Unfair and Deceptive Marketing Practices Suits Against Reverse Mortgage Providers. On February 8, Illinois Attorney General Lisa Madigan filed suits against two mortgage brokers, Hartland Mortgage Centers, Inc. (Hartland) and American Advisors Group, Inc., for allegedly employing unfair and deceptive marketing practices in marketing reverse mortgages. According to the complaints, the companies allegedly implied in advertisements that (i) consumers were eligible for lifetime monthly income or lump-sum payments that are part of government benefit programs, (ii) the reverse mortgages would only be offered for a short time – often by including “expiration dates” in the advertisements, and (iii) consumers would maintain ownership of their property when in fact they could face foreclosure if the terms and conditions of the loan were not met. The complaint against Hartland further alleges that Hartland unfairly implied that borrowers would more greatly benefit from a reverse mortgage that paid a lump sum. The Attorney General is seeking (i) a permanent injunction banning the defendants from engaging in deceptive advertising and marketing, (ii) restitution for consumers, (iii) civil penalties, and (iv) the costs of the investigation and prosecution of the lawsuits. For a copy of the press release, please see http://www.illinoisattorneygeneral.gov/pressroom/2010_02/20100208.html.
Florida Regulator Announces Administrative Charges for Unlicensed Loan Modifications. On February 4, the Commissioner of the Florida Office of Financial Regulation announced administrative charges against Alpalo, Inc., Loan Modification Professional Service, Inc., and Mortgage Critics, LLC for providing loan modification services without a license. The administrative charges are the first made under a new law, effective January 1, 2010, that requires individuals and companies providing loan modification services (e.g., refinancing or adjusting interest rates) to Florida borrowers to maintain an active Florida mortgage lender, mortgage broker or correspondent mortgage lender license (reported in InfoBytes, Dec. 11, 2009). Under the law, loan modification service providers are prohibited from charging up-front fees for loan modification services. Further, unlicensed persons or entities that provide loan modification services to Florida borrowers may be subject to criminal penalties. For a copy of the press release, please see http://www.flofr.com/PressReleases/ViewMediaRelease.asp?ID=3424.
Multistate Mortgage Committee Announces Availability of Standardized Format for Loan Portfolio Data. On February 10, the Conference of State Bank Supervisors/American Association of Residential Mortgage Regulators Multistate Mortgage Committee (MMC) announced the availability of a standardized data format, the Licensee Examination File (LEF), to prepare loan portfolio data for submission to state regulators. While electronic data submissions of loan portfolio information to state regulators are currently optional, the MMC notes that all lenders will be expected to provide loan portfolio data uploads by 2011. Further information on the LEF will become available after February 22, 2010 via the website http://www.RCCertify.org. For a copy of the press release, please see http://www.buckleysandler.com/CSBS_021010.pdf.
Virginia Federal District Court Holds FDCPA Does Not Permit Cancellation of Debt. On February 3, the U.S. District Court for the Eastern District of Virginia held that injunctive and declaratory relief that has the effect of cancelling or extinguishing a debt is not available to private litigants suing for violations of the Fair Debt Collection Practices Act (FDCPA). Vitullo v. Mancini, No. 1:09cv614, 2010 WL 438248 (E.D. Va. Feb. 3, 2010). In Mancini, the plaintiffs received a “Pre-Foreclosure/Right to Cure” letter from a foreclosure attorney in connection with their mortgage debt. The plaintiffs notified the attorney that they were disputing the debt and requested the name and address of the original creditor; however, because the alleged default was not cured, the attorney foreclosed on their property. The plaintiffs then brought suit, claiming that the foreclosure sale of their property violated § 1692g(b) of the FDCPA, which requires debt collectors to cease collection of disputed debts. The plaintiffs requested a declaration that the foreclosure sale was invalid and that the plaintiffs had no liability to the noteholder for any deficiency on the note. The court, however, held that this remedy was not available under the FDCPA. According to the court, “[private] litigants are limited to the damages remedy provided in 15 U.S.C. § 1692k(a) because: (i) the FDCPA’s structure--namely the difference in remedies expressly provided in § 1692k(a) and § 1692/(a)--implies that only the FTC is permitted to seek injunctive relief under the FDCPA; and (ii) nothing in the FDCPA suggests that a debtor may seek a declaratory judgment under the FDCPA cancelling or extinguishing a debt, in lieu of damages.” For a copy of the opinion, please see http://www.buckleysandler.com/Vitullo_v_Mancini.pdf.
Banking
Banking Regulators Issue Joint Statement on Small Business Lending. On February 5, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Federal Reserve Board, the Office of Thrift Supervision, the National Credit Union Administration, and the Conference of State Bank Supervisors issued an interagency statement announcing that financial institutions will not be subject to supervisory criticism for engaging in prudent lending to creditworthy small business borrowers. According to the statement, financial institutions should understand an individual borrower’s business – including the borrower’s long-term viability and local market conditions – and make credit decisions based on the borrower’s creditworthiness. In particular, (i) cash flow analysis should reflect a “reasonable range” of possible future conditions, (ii) the strength of management should be considered in conjunction with a borrower’s credit history and financial strength, (iii) the loan structure should be appropriate to the expected timing of the business’s cash flow, (iv) a financial institution should not have “excessive reliance” on appreciating or depreciating collateral values (or other cyclical factors) when assessing secondary sources of repayment, and (v) institutions should not rely primarily on general inputs, such as a borrower’s particular industry or geographic location, when making credit decisions. The statement also notes that financial institutions must maintain “robust” risk management practices and that examiners will take a balanced approach to assess an institution’s risk management practices pertaining to small business lending. In particular, examiners will generally not adversely classify small business loans solely due to (i) a decline in the collateral value below the loan balance if the borrower has the willingness and ability to repay the loan, or (ii) the borrower is in an industry or geographical location that is experiencing financial difficulties. Finally, the statement notes that institutions must (i) employ sound underwriting and risk management practices, (ii) maintain adequate loan loss reserves and capital, and (iii) take appropriate charge-offs. For a copy of the joint press release, please see http://federalreserve.gov/newsevents/press/bcreg/20100205a.htm. For a copy of the statement, please see http://federalreserve.gov/newsevents/press/bcreg/bcreg20100205.pdf.
FINRA Fines Two Companies for Inadequate Anti-Money Laundering Procedures. On February 2, the Financial Industry Regulatory Authority (FINRA) announced fines against two companies for alleged anti-money laundering (AML) program violations. FINRA levied a $450,000 fine against securities-clearing firm Penson Financial Services because it allegedly (i) had insufficient staff and resources to address its AML-related needs, (ii) failed to adequately monitor high-risk activities, and (iii) did not conduct timely investigations of suspicious activities flagged by its internal audit systems. FINRA also levied a $300,000 fine against Pinnacle Capital Markets, an online business that provides primarily foreign customers access to U.S. securities markets. FINRA found that Pinnacle did not have risk-based procedures to verify the identity of sub-account holders, despite the high-risk nature of the accounts. In addition, the firm used a manual suspicious activity review system, which allegedly failed to uncover several suspicious trading patterns. The announcement can be found at http://www.finra.org/Newsroom/NewsReleases/2010/P120859.
FinCEN Finalizes Info-Sharing Rule. On February 5, the Financial Crimes Enforcement Network (FinCEN) adopted as proposed a rule expanding the type of law enforcement agencies that can request information under Section 314(a) of the USA PATRIOT ACT (the Act) in furtherance of their investigations into money laundering and suspected terrorist activities (the proposed rule was reported in InfoBytes, Nov. 20, 2009). Previously, only federal law enforcement could request information under the Act, while the new rule also allows certain foreign, state and local law enforcement agencies to make such requests. Consistent with the present system, requests by law enforcement will be made through FinCEN, not to financial institutions directly. Any requesting law enforcement agency, prior to initiating a 314(a) query, will have to certify to FinCEN that (i) the matter is significant, and (ii) that the agency has been unable to locate the information sought through traditional methods of investigation and analysis. The rule became effective February 10, 2010. For a copy of the final rule, please see http://www.fincen.gov/statutes_regs/frn/pdf/20100204.pdf.
Consumer Finance
Fourth Circuit Holds Only Consummated Credit Transactions Eligible for Rescission Under TILA. On February 5, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court decision that the right to rescind under the Truth in Lending Act (TILA) is available only for a consummated credit transaction. Weintraub v. Quicken Loans, Inc., No. 08-2373, 2010 WL 398124 (4th Cir. Feb. 5, 2010). In Weintraub, the plaintiffs paid a $500 deposit to the defendant lender to cover out-of-pocket expenses incurred in connection with an application to refinance a loan. Prior to closing, the plaintiffs (i) withdrew their loan application, (ii) delivered a notice of right to cancel to the lender, and (iii) demanded a refund of their deposit. The lender refused to refund the entire deposit to the plaintiffs, citing that it was not required to do so pursuant to the terms of a deposit agreement entered into by the plaintiffs. The plaintiffs alleged that the lender’s refusal to refund their deposit within 20 days of receipt of an executed notice of right to cancel violated TILA. In arriving at its decision, the court rejected the plaintiffs’ argument that the right to rescind can arise immediately after a lender’s delivery of either notices of right to cancel or TILA disclosures. Instead, the court clarified that delivery of both items, as well as consummation of the credit transaction, is required before a borrower may exercise a right to rescind under TILA. The court relied on precedent, interpretations set forth in Regulation Z, and TILA’s definitions of “residential mortgage transaction” and “reverse mortgage transaction” in support of its finding. Finally, the court noted that granting eligibility for rescission under TILA to unconsummated credit transactions would “give potential borrowers a right to a ‘free application’ for home financing, requiring lenders to bear the costs of credit reports and appraisals regardless of whether the borrower intended to proceed to a closing of the transaction.” For a copy of the opinion, please see http://pacer.ca4.uscourts.gov/opinion.pdf/082373.P.pdf.
First Circuit Holds Private Right of Action Available in FCRA “Reasonable Investigation” Disputes. On February 9, the U.S. Court of Appeals for the First Circuit affirmed a Massachusetts district court’s ruling in a suit alleging violations of the Fair Credit Reporting Act (FCRA) and Fair Debt Collection Practices Act. Chiang v. Verizon New England, Inc., No. 09-1214, 2010 WL 431873 (1st Cir. Feb. 9, 2010). In Chiang, the plaintiff consumer alleged that defendant Verizon New England (Verizon NE), a furnisher of information to credit reporting agencies (CRAs), violated FCRA by failing to adequately investigate the disputes that he filed with CRAs about his billing history, as required by FCRA (15 U.S.C. §1681s 2(b)). As a threshold matter, the court concluded that section 1681s-2(b) provides consumers with a private right of action. Citing Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147 (9th Cir. 2009), the court also determined that the consumer bears the burden of proof with a claim under section 1681s-2(b) to show that (i) the furnisher failed to conduct an objectively reasonable investigation, and (ii) that such an investigation would have uncovered actual inaccuracies (Gorman was reported in InfoBytes, Jan. 16, 2009 and InfoBytes, Oct. 23, 2009). During the district court proceedings, the consumer produced no evidence concerning Verizon NE’s procedures for investigating disputes filed through CRAs. In support of his allegations that Verizon NE was reporting inaccurate information, the consumer produced his own deposition transcripts, affidavits, and letters to Verizon NE, but failed to produce any corroborating evidence. The court concluded that the consumer failed to raise a genuine issue of material fact on two key issues on which he bore the burden of proof. First, the consumer failed to prove that Verizon NE’s investigations of his disputes with the CRAs was unreasonable. As a separate and independent issue, the consumer also failed to prove that there were actual inaccuracies in the data Verizon NE reported to CRAs that could have been detected in a reasonable investigation. Accordingly, the court affirmed the ruling granting summary judgment for Verizon NE. For a copy of the opinion, please see http://www.ca1.uscourts.gov/pdf.opinions/09-1214P-01A.pdf.
Virginia Federal District Court Holds FDCPA Does Not Permit Cancellation of Debt. On February 3, the U.S. District Court for the Eastern District of Virginia held that injunctive and declaratory relief that has the effect of cancelling or extinguishing a debt is not available to private litigants suing for violations of the Fair Debt Collection Practices Act (FDCPA). Vitullo v. Mancini, No. 1:09cv614, 2010 WL 438248 (E.D. Va. Feb. 3, 2010). In Mancini, the plaintiffs received a “Pre-Foreclosure/Right to Cure” letter from a foreclosure attorney in connection with their mortgage debt. The plaintiffs notified the attorney that they were disputing the debt and requested the name and address of the original creditor; however, because the alleged default was not cured, the attorney foreclosed on their property. The plaintiffs then brought suit, claiming that the foreclosure sale of their property violated § 1692g(b) of the FDCPA, which requires debt collectors to cease collection of disputed debts. The plaintiffs requested a declaration that the foreclosure sale was invalid and that the plaintiffs had no liability to the noteholder for any deficiency on the note. The court, however, held that this remedy was not available under the FDCPA. According to the court, “[private] litigants are limited to the damages remedy provided in 15 U.S.C. § 1692k(a) because: (i) the FDCPA’s structure--namely the difference in remedies expressly provided in § 1692k(a) and § 1692/(a)--implies that only the FTC is permitted to seek injunctive relief under the FDCPA; and (ii) nothing in the FDCPA suggests that a debtor may seek a declaratory judgment under the FDCPA cancelling or extinguishing a debt, in lieu of damages.” For a copy of the opinion, please see http://www.buckleysandler.com/Vitullo_v_Mancini.pdf.
Illinois Federal Court Finds Collection Agency’s Letters Violated the FDCPA. On January 26, the U.S. District Court for the Northern District of Illinois held that statements in a defendant collection agency’s form letters to consumers who inquired about their accounts were false, deceptive, and misleading, in violation of the Fair Debt Collection Practices Act (FDCPA). Hale v. Afni, Inc., No. 08 CV 3918, 2010 WL 380906 (N.D. Ill. Jan. 26, 2010). The class included all individuals, with addresses in Illinois, Indiana, or Wisconsin, to whom the defendant collection agency sent the form letter that the named plaintiff received (the certification of the class reported in InfoBytes, Nov. 6, 2009). The plaintiffs alleged that the collection agency sent false, non-responsive form letters to every consumer who wrote to the collection agency without providing payment, stating that the collection agency was "unable to investigate" the debt and that the consumers had "provided insufficient information to substantiate [the] claim.” The court found that these statements were false based on the collection agency’s subsequent actions, but noted that false statements, by themselves, do not violate the FDCPA; the statements must also be (i) confusing or misleading, and (ii) “material.” The court determined that the statements were "plainly deceptive" and that the collection agency’s explanation of the statements not only failed to establish their veracity but also “rings with insincerity.” The collection agency never explained why the information that the consumers provided was insufficient, and it made no effort to tailor its letter to reflect the additional information supposedly necessary to investigate or substantiate the claim. Noting that it must consider the letter from the vantage point of the unsophisticated consumer, the court further concluded that the collection agency’s letter would confuse an unsophisticated consumer--or, for that matter, any consumer. Finally, the court concluded that the challenged false statements were material because they (i) impaired a consumer’s ability to challenge the debt at issue, and (ii) would influence a consumer’s decision to pay a debt. The court also found that the collection agency could not assert the bona fide error defense because, even if this defense were available for errors of law, the collection agency had not established that it reasonably relied on either (i) the legal opinion of an attorney who had conducted the appropriate legal research, or (ii) the opinion of another person or organization with expertise in the relevant area of law (e.g., the appropriate government agency). For a copy of the opinion, please see http://www.buckleysandler.com/Hale_v_AFNI_01_10.pdf.
Litigation
Fourth Circuit Holds Only Consummated Credit Transactions Eligible for Rescission Under TILA. On February 5, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court decision that the right to rescind under the Truth in Lending Act (TILA) is available only for a consummated credit transaction. Weintraub v. Quicken Loans, Inc., No. 08-2373, 2010 WL 398124 (4th Cir. Feb. 5, 2010). In Weintraub, the plaintiffs paid a $500 deposit to the defendant lender to cover out-of-pocket expenses incurred in connection with an application to refinance a loan. Prior to closing, the plaintiffs (i) withdrew their loan application, (ii) delivered a notice of right to cancel to the lender, and (iii) demanded a refund of their deposit. The lender refused to refund the entire deposit to the plaintiffs, citing that it was not required to do so pursuant to the terms of a deposit agreement entered into by the plaintiffs. The plaintiffs alleged that the lender’s refusal to refund their deposit within 20 days of receipt of an executed notice of right to cancel violated TILA. In arriving at its decision, the court rejected the plaintiffs’ argument that the right to rescind can arise immediately after a lender’s delivery of either notices of right to cancel or TILA disclosures. Instead, the court clarified that delivery of both items, as well as consummation of the credit transaction, is required before a borrower may exercise a right to rescind under TILA. The court relied on precedent, interpretations set forth in Regulation Z, and TILA’s definitions of “residential mortgage transaction” and “reverse mortgage transaction” in support of its finding. Finally, the court noted that granting eligibility for rescission under TILA to unconsummated credit transactions would “give potential borrowers a right to a ‘free application’ for home financing, requiring lenders to bear the costs of credit reports and appraisals regardless of whether the borrower intended to proceed to a closing of the transaction.” For a copy of the opinion, please see http://pacer.ca4.uscourts.gov/opinion.pdf/082373.P.pdf.
First Circuit Holds Private Right of Action Available in FCRA “Reasonable Investigation” Disputes. On February 9, the U.S. Court of Appeals for the First Circuit affirmed a Massachusetts district court’s ruling in a suit alleging violations of the Fair Credit Reporting Act (FCRA) and Fair Debt Collection Practices Act. Chiang v. Verizon New England, Inc., No. 09-1214, 2010 WL 431873 (1st Cir. Feb. 9, 2010). In Chiang, the plaintiff consumer alleged that defendant Verizon New England (Verizon NE), a furnisher of information to credit reporting agencies (CRAs), violated FCRA by failing to adequately investigate the disputes that he filed with CRAs about his billing history, as required by FCRA (15 U.S.C. §1681s 2(b)). As a threshold matter, the court concluded that section 1681s-2(b) provides consumers with a private right of action. Citing Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147 (9th Cir. 2009), the court also determined that the consumer bears the burden of proof with a claim under section 1681s-2(b) to show that (i) the furnisher failed to conduct an objectively reasonable investigation, and (ii) that such an investigation would have uncovered actual inaccuracies (Gorman was reported in InfoBytes, Jan. 16, 2009 and InfoBytes, Oct. 23, 2009). During the district court proceedings, the consumer produced no evidence concerning Verizon NE’s procedures for investigating disputes filed through CRAs. In support of his allegations that Verizon NE was reporting inaccurate information, the consumer produced his own deposition transcripts, affidavits, and letters to Verizon NE, but failed to produce any corroborating evidence. The court concluded that the consumer failed to raise a genuine issue of material fact on two key issues on which he bore the burden of proof. First, the consumer failed to prove that Verizon NE’s investigations of his disputes with the CRAs was unreasonable. As a separate and independent issue, the consumer also failed to prove that there were actual inaccuracies in the data Verizon NE reported to CRAs that could have been detected in a reasonable investigation. Accordingly, the court affirmed the ruling granting summary judgment for Verizon NE. For a copy of the opinion, please see http://www.ca1.uscourts.gov/pdf.opinions/09-1214P-01A.pdf.
Virginia Federal District Court Holds FDCPA Does Not Permit Cancellation of Debt. On February 3, the U.S. District Court for the Eastern District of Virginia held that injunctive and declaratory relief that has the effect of cancelling or extinguishing a debt is not available to private litigants suing for violations of the Fair Debt Collection Practices Act (FDCPA). Vitullo v. Mancini, No. 1:09cv614, 2010 WL 438248 (E.D. Va. Feb. 3, 2010). In Mancini, the plaintiffs received a “Pre-Foreclosure/Right to Cure” letter from a foreclosure attorney in connection with their mortgage debt. The plaintiffs notified the attorney that they were disputing the debt and requested the name and address of the original creditor; however, because the alleged default was not cured, the attorney foreclosed on their property. The plaintiffs then brought suit, claiming that the foreclosure sale of their property violated § 1692g(b) of the FDCPA, which requires debt collectors to cease collection of disputed debts. The plaintiffs requested a declaration that the foreclosure sale was invalid and that the plaintiffs had no liability to the noteholder for any deficiency on the note. The court, however, held that this remedy was not available under the FDCPA. According to the court, “[private] litigants are limited to the damages remedy provided in 15 U.S.C. § 1692k(a) because: (i) the FDCPA’s structure--namely the difference in remedies expressly provided in § 1692k(a) and § 1692/(a)--implies that only the FTC is permitted to seek injunctive relief under the FDCPA; and (ii) nothing in the FDCPA suggests that a debtor may seek a declaratory judgment under the FDCPA cancelling or extinguishing a debt, in lieu of damages.” For a copy of the opinion, please see http://www.buckleysandler.com/Vitullo_v_Mancini.pdf.
Lawsuits Allege Banks Did Not Maintain “Commercially Reasonable” Data Security Systems. Recently, data security breaches at banks in Texas and Maine have resulted in two separate lawsuits alleging that the banks did not maintain “commercially reasonable” data security systems. PlainsCapital Bank v. Hillary Mach. Inc., No. 4:09-cv-00653 (E.D. Tex. Dec. 31, 2009). Patco Constr. Co. Inc. v. People’s United Bank, No. 2:09-CV-00503 (D. Maine Feb. 2, 2010). In PlainsCapital, a Texas bank approved an $800,000 transfer request from the account of a machining company. The transfer was discovered to be fraudulent and, though the bank was able to recover nearly three-quarters of the transferred funds, the machining company sent a letter to the bank arguing that the bank was liable for the remaining funds, because it failed to maintain “commercially reasonable security measures” in its internet banking system. Shortly after receiving the letter, the bank filed a complaint in the Eastern District of Texas seeking a declaratory judgment that its security measures are “commercially reasonable” within the meaning of §§ 4A-201 and 4A-202 of the Uniform Commercial Code (UCC). In Patco, a construction company sued a Maine bank after the bank allowed a fraudulent transfer of $588,581 from the company’s account. In its complaint, the construction company alleged, among other things, (i) that the bank failed to maintain “commercially reasonable” data security, as required by § 4-1204 of Maine’s version of the UCC, because the bank employed single factor user authentication, instead of multi-factor user authentication as recommended by the Federal Financial Institutions Examination Council’s online banking security standards guidance, and (ii) set an unreasonably low threshold for the challenge question for authentication of customer passwords (the complaint, originally filed in state court, was reported in InfoBytes, Oct. 9, 2009). In its answer, the bank argued that the construction company was contributorily negligent because it failed to perform daily monitoring of its account, as required by its eBanking agreement and Automated Clearing House transfer of funds contract with the bank. For a copy of the complaint in PlainsCapital, please see http://www.buckleysandler.com/Plainscapital_v_Hillary.pdf. For a copy of the complaint and defendant’s answer in Patco, please see http://www.buckleysandler.com/Patco_v_Peoples.pdf and http://www.buckleysandler.com/Patco_v_Peoples(1).pdf.
Illinois Federal Court Finds Collection Agency’s Letters Violated the FDCPA. On January 26, the U.S. District Court for the Northern District of Illinois held that statements in a defendant collection agency’s form letters to consumers who inquired about their accounts were false, deceptive, and misleading, in violation of the Fair Debt Collection Practices Act (FDCPA). Hale v. Afni, Inc., No. 08 CV 3918, 2010 WL 380906 (N.D. Ill. Jan. 26, 2010). The class included all individuals, with addresses in Illinois, Indiana, or Wisconsin, to whom the defendant collection agency sent the form letter that the named plaintiff received (the certification of the class reported in InfoBytes, Nov. 6, 2009). The plaintiffs alleged that the collection agency sent false, non-responsive form letters to every consumer who wrote to the collection agency without providing payment, stating that the collection agency was "unable to investigate" the debt and that the consumers had "provided insufficient information to substantiate [the] claim.” The court found that these statements were false based on the collection agency’s subsequent actions, but noted that false statements, by themselves, do not violate the FDCPA; the statements must also be (i) confusing or misleading, and (ii) “material.” The court determined that the statements were "plainly deceptive" and that the collection agency’s explanation of the statements not only failed to establish their veracity but also “rings with insincerity.” The collection agency never explained why the information that the consumers provided was insufficient, and it made no effort to tailor its letter to reflect the additional information supposedly necessary to investigate or substantiate the claim. Noting that it must consider the letter from the vantage point of the unsophisticated consumer, the court further concluded that the collection agency’s letter would confuse an unsophisticated consumer--or, for that matter, any consumer. Finally, the court concluded that the challenged false statements were material because they (i) impaired a consumer’s ability to challenge the debt at issue, and (ii) would influence a consumer’s decision to pay a debt. The court also found that the collection agency could not assert the bona fide error defense because, even if this defense were available for errors of law, the collection agency had not established that it reasonably relied on either (i) the legal opinion of an attorney who had conducted the appropriate legal research, or (ii) the opinion of another person or organization with expertise in the relevant area of law (e.g., the appropriate government agency). For a copy of the opinion, please see http://www.buckleysandler.com/Hale_v_AFNI_01_10.pdf.
Lawsuits Allege Banks Did Not Maintain “Commercially Reasonable” Data Security Systems. Recently, data security breaches at banks in Texas and Maine have resulted in two separate lawsuits alleging that the banks did not maintain “commercially reasonable” data security systems. PlainsCapital Bank v. Hillary Mach. Inc., No. 4:09-cv-00653 (E.D. Tex. Dec. 31, 2009). Patco Constr. Co. Inc. v. People’s United Bank, No. 2:09-CV-00503 (D. Maine Feb. 2, 2010). In PlainsCapital, a Texas bank approved an $800,000 transfer request from the account of a machining company. The transfer was discovered to be fraudulent and, though the bank was able to recover nearly three-quarters of the transferred funds, the machining company sent a letter to the bank arguing that the bank was liable for the remaining funds, because it failed to maintain “commercially reasonable security measures” in its internet banking system. Shortly after receiving the letter, the bank filed a complaint in the Eastern District of Texas seeking a declaratory judgment that its security measures are “commercially reasonable” within the meaning of §§ 4A-201 and 4A-202 of the Uniform Commercial Code (UCC). In Patco, a construction company sued a Maine bank after the bank allowed a fraudulent transfer of $588,581 from the company’s account. In its complaint, the construction company alleged, among other things, (i) that the bank failed to maintain “commercially reasonable” data security, as required by § 4-1204 of Maine’s version of the UCC, because the bank employed single factor user authentication, instead of multi-factor user authentication as recommended by the Federal Financial Institutions Examination Council’s online banking security standards guidance, and (ii) set an unreasonably low threshold for the challenge question for authentication of customer passwords (the complaint, originally filed in state court, was reported in InfoBytes, Oct. 9, 2009). In its answer, the bank argued that the construction company was contributorily negligent because it failed to perform daily monitoring of its account, as required by its eBanking agreement and Automated Clearing House transfer of funds contract with the bank. For a copy of the complaint in PlainsCapital, please see http://www.buckleysandler.com/Plainscapital_v_Hillary.pdf. For a copy of the complaint and defendant’s answer in Patco, please see http://www.buckleysandler.com/Patco_v_Peoples.pdf and http://www.buckleysandler.com/Patco_v_Peoples(1).pdf.
Privacy/Data Security
First Circuit Holds Private Right of Action Available in FCRA “Reasonable Investigation” Disputes. On February 9, the U.S. Court of Appeals for the First Circuit affirmed a Massachusetts district court’s ruling in a suit alleging violations of the Fair Credit Reporting Act (FCRA) and Fair Debt Collection Practices Act. Chiang v. Verizon New England, Inc., No. 09-1214, 2010 WL 431873 (1st Cir. Feb. 9, 2010). In Chiang, the plaintiff consumer alleged that defendant Verizon New England (Verizon NE), a furnisher of information to credit reporting agencies (CRAs), violated FCRA by failing to adequately investigate the disputes that he filed with CRAs about his billing history, as required by FCRA (15 U.S.C. §1681s 2(b)). As a threshold matter, the court concluded that section 1681s-2(b) provides consumers with a private right of action. Citing Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147 (9th Cir. 2009), the court also determined that the consumer bears the burden of proof with a claim under section 1681s-2(b) to show that (i) the furnisher failed to conduct an objectively reasonable investigation, and (ii) that such an investigation would have uncovered actual inaccuracies (Gorman was reported in InfoBytes, Jan. 16, 2009 and InfoBytes, Oct. 23, 2009). During the district court proceedings, the consumer produced no evidence concerning Verizon NE’s procedures for investigating disputes filed through CRAs. In support of his allegations that Verizon NE was reporting inaccurate information, the consumer produced his own deposition transcripts, affidavits, and letters to Verizon NE, but failed to produce any corroborating evidence. The court concluded that the consumer failed to raise a genuine issue of material fact on two key issues on which he bore the burden of proof. First, the consumer failed to prove that Verizon NE’s investigations of his disputes with the CRAs was unreasonable. As a separate and independent issue, the consumer also failed to prove that there were actual inaccuracies in the data Verizon NE reported to CRAs that could have been detected in a reasonable investigation. Accordingly, the court affirmed the ruling granting summary judgment for Verizon NE. For a copy of the opinion, please see http://www.ca1.uscourts.gov/pdf.opinions/09-1214P-01A.pdf.
Lawsuits Allege Banks Did Not Maintain “Commercially Reasonable” Data Security Systems. Recently, data security breaches at banks in Texas and Maine have resulted in two separate lawsuits alleging that the banks did not maintain “commercially reasonable” data security systems. PlainsCapital Bank v. Hillary Mach. Inc., No. 4:09-cv-00653 (E.D. Tex. Dec. 31, 2009). Patco Constr. Co. Inc. v. People’s United Bank, No. 2:09-CV-00503 (D. Maine Feb. 2, 2010). In PlainsCapital, a Texas bank approved an $800,000 transfer request from the account of a machining company. The transfer was discovered to be fraudulent and, though the bank was able to recover nearly three-quarters of the transferred funds, the machining company sent a letter to the bank arguing that the bank was liable for the remaining funds, because it failed to maintain “commercially reasonable security measures” in its internet banking system. Shortly after receiving the letter, the bank filed a complaint in the Eastern District of Texas seeking a declaratory judgment that its security measures are “commercially reasonable” within the meaning of §§ 4A-201 and 4A-202 of the Uniform Commercial Code (UCC). In Patco, a construction company sued a Maine bank after the bank allowed a fraudulent transfer of $588,581 from the company’s account. In its complaint, the construction company alleged, among other things, (i) that the bank failed to maintain “commercially reasonable” data security, as required by § 4-1204 of Maine’s version of the UCC, because the bank employed single factor user authentication, instead of multi-factor user authentication as recommended by the Federal Financial Institutions Examination Council’s online banking security standards guidance, and (ii) set an unreasonably low threshold for the challenge question for authentication of customer passwords (the complaint, originally filed in state court, was reported in InfoBytes, Oct. 9, 2009). In its answer, the bank argued that the construction company was contributorily negligent because it failed to perform daily monitoring of its account, as required by its eBanking agreement and Automated Clearing House transfer of funds contract with the bank. For a copy of the complaint in PlainsCapital, please see http://www.buckleysandler.com/Plainscapital_v_Hillary.pdf. For a copy of the complaint and defendant’s answer in Patco, please see http://www.buckleysandler.com/Patco_v_Peoples.pdf and http://www.buckleysandler.com/Patco_v_Peoples(1).pdf.