InfoBytes, January 4, 2010
Sign up for weekly updates
RSS feed
Topics in this issue:
- Federal Issues
- State Issues
- Courts
- Firm News
- Mortgages
- Banking
- Consumer Finance
- Insurance
- Litigation
- Privacy/Data Security
- Credit Cards
Federal Issues
FRB, FTC Publish Risk-Based Pricing Final Rules. On December 29, the Federal Reserve Board and Federal Trade Commission announced final rules requiring creditors to provide consumers with written notice when they provide credit to consumers on less favorable terms than they provide to other consumers, based on consumer credit profiles. Consumers who receive this "risk-based pricing" notice will be able to obtain a free credit report to check the accuracy of the report. The final rules provide creditors with several methods for determining which consumers must receive risk-based pricing notices. As an alternative to providing risk-based pricing notices, the final rules permit creditors to provide consumers who apply for credit with a free credit score report. The final rules become effective January 1, 2011. For a copy of the final rules, please see http://www.ftc.gov/os/2009/12/R411009riskbasedpricingfrn.pdf.
HUD Updates RESPA FAQs. On December 30, the U.S. Department of Housing and Urban Development (HUD) released an updated version of its Real Estate Settlement Procedures Act Frequently Asked Questions (RESPA FAQs). New to this version is guidance on what to do when one provider conducts the settlement and another provider performs the remainder of the title-related services. The FAQs gives specific instructions for how to comply with RESPA in this situation as well as for what should be noted on both the “Written List of Providers” as well as on the HUD-1 and HUD-1A. For a copy of the updated RESPA FAQs, please see http://www.hud.gov/offices/hsg/ramh/res/resparulefaqs.pdf.
HUD Repeals FHA Origination Fee Cap; Announces New FHA-Related Fee Disclosures. On December 30, HUD issued Mortgagee Letter 2009-53 that eliminates the 1% loan origination fee limit on FHA loans but provides that the FHA will monitor lenders to ensure they are charging “fair and reasonable” fees for all origination services and that it intends to issue future guidance containing fee limits. The letter also clarifies the manner in which fees and charges for Federal Housing Administration (FHA) insured loans must be disclosed on the new Good Faith Estimate (GFE) and HUD-1 Settlement Statement. In particular, the mortgagee letter instructs mortgagees on the proper method for disclosing origination charges (which are no longer capped at one percent of the mortgage amount for standard mortgages) and seller credits. Additionally, with respect to GFEs, the letter provides that mortgagees must file any GFE provided to the borrower on the right hand side of the insurance endorsement case binder. The new requirements go into January 1, 2010. For a copy of the letter, please see http://www.hud.gov/offices/adm/hudclips/letters/mortgagee/files/09-53ml.pdf.
HUD Issues Mortgagee Letter Clarifying Guidance on Short Sales and Short Pay Offs. On December 16, the U.S. Department of Housing and Urban Development (HUD) issued Mortgagee Letter 2009-52 updating HUD Handbook 4155.1 to provide guidance to lenders and underwriters regarding borrower eligibility for FHA mortgages after a borrower’s previously owned property is sold for less than what was owed (a “short sale”) or after there is a principal write down of the borrower’s indebtedness that cannot be refinanced into a new mortgage (a “short pay off”). The letter advises that borrowers are not eligible for a new FHA-insured mortgage if they pursue a short sale on their principal residence either (i) to take advantage of declining market conditions, or (ii) to purchase a similar or superior property at a reduced price within a reasonable commuting distance. Additionally, if a borrower is in default at the time of a short sale (or pre-foreclosure sale), then that borrower is not eligible for a new FHA-insured mortgage for at least three years, unless the lender determines that the borrower meets the criteria for an authorized exception. However, borrowers can still be eligible for an FHA-insured mortgage after a short sale if they were current on their mortgage and other installment debts at the time of a short sale, and the proceeds from the short sale served as payment in full. Finally, FHA will insure a short pay off if there is insufficient equity in the home for a refinancing, and/or the borrower has experienced a reduction in income and does not have the capacity to repay the existing indebtedness. For a copy of Mortgagee Letter 2009-52, please see http://www.hud.gov/offices/adm/hudclips/letters/mortgagee/files/09-52ml.pdf.
FFIEC Releases Proposed Guidance on Reverse Mortgage Products. On December 17, the Federal Financial Institutions Examination Counsel (FFIEC) released proposed guidance on reverse mortgage products to help financial institutions address the compliance and reputation risks raised by reverse mortgage lending. Under the proposed guidance, financial institutions are encouraged to provide their customers with clear and balanced information about the risks and benefits of reverse mortgage products. In addition, the guidance recommends that financial institutions assist consumers with their product selection decisions by supplying them with promotional materials and other product descriptions that would inform them about the costs, terms, features, and risks of reverse mortgage products. Furthermore, the proposed guidance suggests that financial institutions avoid any appearance of a conflict of interest by taking proactive steps, such as requiring their customers to receive qualified independent counseling before closing a reverse mortgage transaction. The comment period for the proposed guidance ends February 16, 2010. For a copy of the proposed guidance, please see http://www.gpo.gov/fdsys/pkg/FR-2009-12-16/html/E9-29882.htm.
Federal Banking Agencies Announce CRA, HMDA Asset-Size Threshold Adjustments. On December 29, the federal banking regulatory agencies published annual adjustments to the asset-size thresholds used to determine the Community Reinvestment Act (CRA) performance standards for financial institutions. Under the revised thresholds, a “small bank” or “small savings association” now is defined as an institution that, as of December 31 of either of the prior two calendar years, had assets of less than $1.098 billion. Within this category, the rule now provides that an institution with assets between $274 million and $1.098 billion as of December 31 of either of the prior two calendar years is considered an “intermediate small” institution. Similarly, on December 28, the Federal Reserve Board published a notice addressing the threshold for the exemption to HMDA’s reporting requirements. However, because Regulation C requires the threshold to be rounded to the nearest million, the asset-size reporting exemption for depository institutions will remain unchanged. For a copy of the CRA notice, please see http://edocket.access.gpo.gov/2009/E9-30646.htm. For a copy of the HMDA notice, please see http://edocket.access.gpo.gov/2009/E9-30603.htm.
State Issues
New York Banking Board, Superintendent Adopt Regulatory Amendments; Superintendent Issues Emergency Regulations. On December 23, the New York Banking Board adopted amendments to Part 38 of the General Regulations of the Banking Board and the Superintendent of the New York Banking Department (Superintendent) adopted amendments to Parts 410 and 413 of the Superintendent’s Regulations and to Supervisory Procedure MB 106. Specifically, amendments to Part 38 (i) clarify the definition of “branch”, eliminating the distinction between full service branches and loan solicitation branches, and codifying the prohibition on net branching, (ii) add a definition of “application” that conforms to the federal Regulation B definition, (iii) clarify disclosure requirements for points and fees and for compensation received from lenders and borrowers, (iv) add disclosure language to applications regarding the effect of providing false information and the effect of paying discount points, and (v) add a specific prohibition against dual employment (although Section 38.7 has been revised to give the Superintendent the authority to issue written approval for exceptions to the dual employment prohibition). The Superintendent’s amendments to Part 410.5 reflect the elimination of the distinction between full service and loan solicitation branches. Finally, the amendments to Part 413.3(a)(5) and MB 106 clarify the corporate surety bond requirements for mortgage brokers to act as FHA mortgage loan correspondents. In addition to these adopted regulations, effective December 22, 2009, the Superintendent adopted emergency regulations (see Part 418 of the Superintendent’s Regulations and Supervisory Procedures MB 109 and MB 110), which create the framework for the regulation of mortgage loan servicers. Emergency regulations in substantially similar form were previously adopted effective June 24, 2009 and September 23, 2009. It is expected that a proposal to adopt permanent regulations is forthcoming. For the full text of the adopted and emergency regulations, please see http://www.banking.state.ny.us/legal/adptregu.htm.
Courts
Wisconsin Federal Court Holds Common Law Claims not Preempted by FCRA for Furnishers. The U.S. District Court for the Eastern District of Wisconsin recently held that the Fair Credit Reporting Act’s (FCRA) preemption for furnishers of information does not apply to state common law claims. Ori v. Fifth Third Bank, No. 08cv0432, 2009 WL 4895667 (E.D. Wis. Dec. 14, 2009). In Ori, plaintiff sued the holder of his mortgage and the entity the holder “engaged…to process and transmit information about its mortgages,” alleging that each violated FCRA, were negligent, and committed libel in connection with the reporting of his credit. Defendants moved to dismiss plaintiff’s common law claims of negligence and libel, arguing, among other things, that FCRA Section 1681t(b)(1)(F) preempts state law claims against furnishers. However, the court disagreed holding that the language and context of the furnisher preemption provision did not support such broad application. Specifically, the court noted that Section 1681t(b)(1)(F) preempts actions based on obligations “imposed under [state] ... laws.” According to the court, the use of the plural “laws” – as opposed to the singular “law” – refers to enactments of a legislative nature and not actions based on common law. In support of its conclusion, the court also noted that FCRA provides a number of exclusions from preemption for particular state statutes, further suggesting Congress’s intent to preempt state statutory law – not common law. For a copy of the opinion, please see http://www.buckleysandler.com/Ori_v_Fifth_Third.pdf.
New Jersey Federal Court Dismisses Shareholder Claim Based on Computer Security Breach. On December 25, the U.S. District Court for New Jersey dismissed various securities fraud claims brought in shareholder class action against Heartland Payment Systems, Inc. (Heartland) based on a security breach that resulted in an almost 80% decline in value of Heartland’s stock. In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D.N.J. Dec. 25, 2009). Heartland provides bank card payment processing services to merchants. In December 2007, a group of hackers launched a “Structured Query Language” attack (SQL attack) on Heartland’s computer network. The SQL attack affected the company’s payroll manager application containing internal company data. On January 12 or 13, 2009, Heartland discovered that the SQL attack placed malicious software on Heartland’s network, allowing the hackers to enter the payment processing system and steal 130 million credit card and debit card numbers. Heartland immediately notified government authorities and the credit card companies that were affected by the breach. On January 20, Heartland publicly disclosed the theft, and its stock began dropping in value. The plaintiffs had purchased Heartland stock in 2008 and suffered significant losses as a result of the decline in value. The shareholders who were affected brought suit, claiming that Heartland concealed the attack and misrepresented the state of its computer network security in a February 2008 earnings conference call and in its 2007 Form 10-K that it filed with the Securities and Exchange Commission. During the conference call, analysts asked whether any specific securities incident had prompted information technology expenditures. Heartland responded in the negative because the expenditures preceded the security breach and were unrelated to that incident. In its Form 10-K Heartland stated that it placed “significant emphasis on maintaining a high level of security” but also warned that its “computer systems could be penetrated by hackers.” The court found that the complaint did not identify “any material misrepresentations or omissions.” The court also ruled that the plaintiffs failed to show that the defendants made false or reckless statements concerning the company’s emphasis on security. The court dismissed the complaint based on the plaintiffs’ failure to allege the existence of a material misstatement or omission and its failure to allege scienter adequately. For a copy of the opinion, please see http://www.buckleysandler.com/In_re_Heartland_Payment_Systems.pdf.
Puerto Rico Federal Court Holds FCRA Inapplicable to Credit Report of Officer Obtained in Connection with Application for Commercial Credit. On December 8, the U.S. District Court for the District of Puerto Rico held that a defendant business credit grantor did not violate the Fair Credit Reporting Act (FCRA) by procuring the personal credit report of a plaintiff officer applying for commercial credit on behalf of his company. Vélez-Colon v. Caribbean Produce Exchange, Inc., No. 08-1607, 2009 WL 4782125 (D. P.R. Dec. 8, 2009). In Vélez-Colon, the plaintiff alleged that the defendant violated FCRA by obtaining his credit report under false pretenses and without a permissible purpose. However, the court agreed with the defendant that FCRA was inapplicable because the plaintiff’s credit report did not meet FCRA’s definition of “consumer report,” as it was obtained solely to determine his business’ eligibility for credit. According to the court, a plaintiff applying for an extension of credit for commercial purposes “is not a member of the class that FCRA was intended to benefit.” Additionally, the court agreed with the defendant that, even if the plaintiff’s credit report did meet FCRA’s definition of “consumer report,” the defendant did not violate FCRA because the plaintiff authorized the report in writing and because the defendant had a “legitimate business need” for obtaining the report. Notably, the opinion does not mention the Federal Trade Commission’s (FTC) June 22, 2001 informal staff letter opining, among other things, that a lender has a permissible purpose to obtain a consumer report on a consumer in a business transaction if the consumer will be personally liable (e.g., as an individual proprietor, co-signer, or guarantor). For a copy of the FTC’s informal staff letter, please see http://www.ftc.gov/os/statutes/fcra/tatelbaum2.shtm. For a copy of the opinion, please see http://www.buckleysandler.com/Velez-Colon_v_Carribean.pdf.
Firm News
Andrew Sandler has been selected to receive a Good Apple Award at the Louisiana Appleseed’s Good Apple Gala for his vision aimed at expanding access to financial institutions for Latino immigrants and his leadership in bringing together Louisiana banks and Federal banking regulators to discuss barriers to access and solutions.
Louisiana Appleseed is part of a nationwide nonprofit organization that uncovers and corrects injustices and barriers to opportunity through legal, legislative and market-based structural reform. Working with its extensive pro bono network, Louisiana Appleseed identifies, researches, and analyzes social injustices in order to make specific recommendations and advocate for effective solutions to deep-seated structural problems.
The Gala will be held Thursday, January 21, 2010 at Basin St. Station in New Orleans.
For more information about Louisiana Appleseed, please visit their website - http://louisiana.appleseednetwork.org/.
Jeff Naimon will be speaking on January 10 at the winter meeting of the Consumer Financial Services Committee of the American Bar Association’s Business Law Section in Park City, Utah on Truth in Lending Act case law developments.
Kirk Jensen will be speaking on January 9 at the winter meeting of the Consumer Financial Services Committee of the American Bar Association’s Business Law Section in Park City, Utah. He will be giving a presentation entitled: "Consumer Financial Protection Agency: Past, Present and Future." Kirk has also been named chair of the Residential Real Estate Subcommittee of the ABA Litigation Section’s Real Estate Litigation Committee.
Mortgages
HUD Updates RESPA FAQs. On December 30, the U.S. Department of Housing and Urban Development (HUD) released an updated version of its Real Estate Settlement Procedures Act Frequently Asked Questions (RESPA FAQs). New to this version is guidance on what to do when one provider conducts the settlement and another provider performs the remainder of the title-related services. The FAQs gives specific instructions for how to comply with RESPA in this situation as well as for what should be noted on both the “Written List of Providers” as well as on the HUD-1 and HUD-1A. For a copy of the updated RESPA FAQs, please see http://www.hud.gov/offices/hsg/ramh/res/resparulefaqs.pdf.
HUD Repeals FHA Origination Fee Cap; Announces New FHA-Related Fee Disclosures. On December 30, HUD issued Mortgagee Letter 2009-53 that eliminates the 1% loan origination fee limit on FHA loans but provides that the FHA will monitor lenders to ensure they are charging “fair and reasonable” fees for all origination services and that it intends to issue future guidance containing fee limits. The letter also clarifies the manner in which fees and charges for Federal Housing Administration (FHA) insured loans must be disclosed on the new Good Faith Estimate (GFE) and HUD-1 Settlement Statement. In particular, the mortgagee letter instructs mortgagees on the proper method for disclosing origination charges (which are no longer capped at one percent of the mortgage amount for standard mortgages) and seller credits. Additionally, with respect to GFEs, the letter provides that mortgagees must file any GFE provided to the borrower on the right hand side of the insurance endorsement case binder. The new requirements go into January 1, 2010. For a copy of the letter, please see http://www.hud.gov/offices/adm/hudclips/letters/mortgagee/files/09-53ml.pdf.
HUD Issues Mortgagee Letter Clarifying Guidance on Short Sales and Short Pay Offs. On December 16, the U.S. Department of Housing and Urban Development (HUD) issued Mortgagee Letter 2009-52 updating HUD Handbook 4155.1 to provide guidance to lenders and underwriters regarding borrower eligibility for FHA mortgages after a borrower’s previously owned property is sold for less than what was owed (a “short sale”) or after there is a principal write down of the borrower’s indebtedness that cannot be refinanced into a new mortgage (a “short pay off”). The letter advises that borrowers are not eligible for a new FHA-insured mortgage if they pursue a short sale on their principal residence either (i) to take advantage of declining market conditions, or (ii) to purchase a similar or superior property at a reduced price within a reasonable commuting distance. Additionally, if a borrower is in default at the time of a short sale (or pre-foreclosure sale), then that borrower is not eligible for a new FHA-insured mortgage for at least three years, unless the lender determines that the borrower meets the criteria for an authorized exception. However, borrowers can still be eligible for an FHA-insured mortgage after a short sale if they were current on their mortgage and other installment debts at the time of a short sale, and the proceeds from the short sale served as payment in full. Finally, FHA will insure a short pay off if there is insufficient equity in the home for a refinancing, and/or the borrower has experienced a reduction in income and does not have the capacity to repay the existing indebtedness. For a copy of Mortgagee Letter 2009-52, please see http://www.hud.gov/offices/adm/hudclips/letters/mortgagee/files/09-52ml.pdf.
FFIEC Releases Proposed Guidance on Reverse Mortgage Products. On December 17, the Federal Financial Institutions Examination Counsel (FFIEC) released proposed guidance on reverse mortgage products to help financial institutions address the compliance and reputation risks raised by reverse mortgage lending. Under the proposed guidance, financial institutions are encouraged to provide their customers with clear and balanced information about the risks and benefits of reverse mortgage products. In addition, the guidance recommends that financial institutions assist consumers with their product selection decisions by supplying them with promotional materials and other product descriptions that would inform them about the costs, terms, features, and risks of reverse mortgage products. Furthermore, the proposed guidance suggests that financial institutions avoid any appearance of a conflict of interest by taking proactive steps, such as requiring their customers to receive qualified independent counseling before closing a reverse mortgage transaction. The comment period for the proposed guidance ends February 16, 2010. For a copy of the proposed guidance, please see http://www.gpo.gov/fdsys/pkg/FR-2009-12-16/html/E9-29882.htm.
New York Banking Board, Superintendent Adopt Regulatory Amendments; Superintendent Issues Emergency Regulations. On December 23, the New York Banking Board adopted amendments to Part 38 of the General Regulations of the Banking Board and the Superintendent of the New York Banking Department (Superintendent) adopted amendments to Parts 410 and 413 of the Superintendent’s Regulations and to Supervisory Procedure MB 106. Specifically, amendments to Part 38 (i) clarify the definition of “branch”, eliminating the distinction between full service branches and loan solicitation branches, and codifying the prohibition on net branching, (ii) add a definition of “application” that conforms to the federal Regulation B definition, (iii) clarify disclosure requirements for points and fees and for compensation received from lenders and borrowers, (iv) add disclosure language to applications regarding the effect of providing false information and the effect of paying discount points, and (v) add a specific prohibition against dual employment (although Section 38.7 has been revised to give the Superintendent the authority to issue written approval for exceptions to the dual employment prohibition). The Superintendent’s amendments to Part 410.5 reflect the elimination of the distinction between full service and loan solicitation branches. Finally, the amendments to Part 413.3(a)(5) and MB 106 clarify the corporate surety bond requirements for mortgage brokers to act as FHA mortgage loan correspondents. In addition to these adopted regulations, effective December 22, 2009, the Superintendent adopted emergency regulations (see Part 418 of the Superintendent’s Regulations and Supervisory Procedures MB 109 and MB 110), which create the framework for the regulation of mortgage loan servicers. Emergency regulations in substantially similar form were previously adopted effective June 24, 2009 and September 23, 2009. It is expected that a proposal to adopt permanent regulations is forthcoming. For the full text of the adopted and emergency regulations, please see http://www.banking.state.ny.us/legal/adptregu.htm.
Banking
FRB, FTC Publish Risk-Based Pricing Final Rules. On December 29, the Federal Reserve Board and Federal Trade Commission announced final rules requiring creditors to provide consumers with written notice when they provide credit to consumers on less favorable terms than they provide to other consumers, based on consumer credit profiles. Consumers who receive this "risk-based pricing" notice will be able to obtain a free credit report to check the accuracy of the report. The final rules provide creditors with several methods for determining which consumers must receive risk-based pricing notices. As an alternative to providing risk-based pricing notices, the final rules permit creditors to provide consumers who apply for credit with a free credit score report. The final rules become effective January 1, 2011. For a copy of the final rules, please see http://www.ftc.gov/os/2009/12/R411009riskbasedpricingfrn.pdf.
Federal Banking Agencies Announce CRA, HMDA Asset-Size Threshold Adjustments. On December 29, the federal banking regulatory agencies published annual adjustments to the asset-size thresholds used to determine the Community Reinvestment Act (CRA) performance standards for financial institutions. Under the revised thresholds, a “small bank” or “small savings association” now is defined as an institution that, as of December 31 of either of the prior two calendar years, had assets of less than $1.098 billion. Within this category, the rule now provides that an institution with assets between $274 million and $1.098 billion as of December 31 of either of the prior two calendar years is considered an “intermediate small” institution. Similarly, on December 28, the Federal Reserve Board published a notice addressing the threshold for the exemption to HMDA’s reporting requirements. However, because Regulation C requires the threshold to be rounded to the nearest million, the asset-size reporting exemption for depository institutions will remain unchanged. For a copy of the CRA notice, please see http://edocket.access.gpo.gov/2009/E9-30646.htm. For a copy of the HMDA notice, please see http://edocket.access.gpo.gov/2009/E9-30603.htm.
Consumer Finance
FRB, FTC Publish Risk-Based Pricing Final Rules. On December 29, the Federal Reserve Board and Federal Trade Commission announced final rules requiring creditors to provide consumers with written notice when they provide credit to consumers on less favorable terms than they provide to other consumers, based on consumer credit profiles. Consumers who receive this "risk-based pricing" notice will be able to obtain a free credit report to check the accuracy of the report. The final rules provide creditors with several methods for determining which consumers must receive risk-based pricing notices. As an alternative to providing risk-based pricing notices, the final rules permit creditors to provide consumers who apply for credit with a free credit score report. The final rules become effective January 1, 2011. For a copy of the final rules, please see http://www.ftc.gov/os/2009/12/R411009riskbasedpricingfrn.pdf.
Puerto Rico Federal Court Holds FCRA Inapplicable to Credit Report of Officer Obtained in Connection with Application for Commercial Credit. On December 8, the U.S. District Court for the District of Puerto Rico held that a defendant business credit grantor did not violate the Fair Credit Reporting Act (FCRA) by procuring the personal credit report of a plaintiff officer applying for commercial credit on behalf of his company. Vélez-Colon v. Caribbean Produce Exchange, Inc., No. 08-1607, 2009 WL 4782125 (D. P.R. Dec. 8, 2009). In Vélez-Colon, the plaintiff alleged that the defendant violated FCRA by obtaining his credit report under false pretenses and without a permissible purpose. However, the court agreed with the defendant that FCRA was inapplicable because the plaintiff’s credit report did not meet FCRA’s definition of “consumer report,” as it was obtained solely to determine his business’ eligibility for credit. According to the court, a plaintiff applying for an extension of credit for commercial purposes “is not a member of the class that FCRA was intended to benefit.” Additionally, the court agreed with the defendant that, even if the plaintiff’s credit report did meet FCRA’s definition of “consumer report,” the defendant did not violate FCRA because the plaintiff authorized the report in writing and because the defendant had a “legitimate business need” for obtaining the report. Notably, the opinion does not mention the Federal Trade Commission’s (FTC) June 22, 2001 informal staff letter opining, among other things, that a lender has a permissible purpose to obtain a consumer report on a consumer in a business transaction if the consumer will be personally liable (e.g., as an individual proprietor, co-signer, or guarantor). For a copy of the FTC’s informal staff letter, please see http://www.ftc.gov/os/statutes/fcra/tatelbaum2.shtm. For a copy of the opinion, please see http://www.buckleysandler.com/Velez-Colon_v_Carribean.pdf
Insurance
HUD Updates RESPA FAQs. On December 30, the U.S. Department of Housing and Urban Development (HUD) released an updated version of its Real Estate Settlement Procedures Act Frequently Asked Questions (RESPA FAQs). New to this version is guidance on what to do when one provider conducts the settlement and another provider performs the remainder of the title-related services. The FAQs gives specific instructions for how to comply with RESPA in this situation as well as for what should be noted on both the “Written List of Providers” as well as on the HUD-1 and HUD-1A. For a copy of the updated RESPA FAQs, please see http://www.hud.gov/offices/hsg/ramh/res/resparulefaqs.pdf.
New Jersey Federal Court Dismisses Shareholder Claim Based on Computer Security Breach. On December 25, the U.S. District Court for New Jersey dismissed various securities fraud claims brought in shareholder class action against Heartland Payment Systems, Inc. (Heartland) based on a security breach that resulted in an almost 80% decline in value of Heartland’s stock. In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D.N.J. Dec. 25, 2009). Heartland provides bank card payment processing services to merchants. In December 2007, a group of hackers launched a “Structured Query Language” attack (SQL attack) on Heartland’s computer network. The SQL attack affected the company’s payroll manager application containing internal company data. On January 12 or 13, 2009, Heartland discovered that the SQL attack placed malicious software on Heartland’s network, allowing the hackers to enter the payment processing system and steal 130 million credit card and debit card numbers. Heartland immediately notified government authorities and the credit card companies that were affected by the breach. On January 20, Heartland publicly disclosed the theft, and its stock began dropping in value. The plaintiffs had purchased Heartland stock in 2008 and suffered significant losses as a result of the decline in value. The shareholders who were affected brought suit, claiming that Heartland concealed the attack and misrepresented the state of its computer network security in a February 2008 earnings conference call and in its 2007 Form 10-K that it filed with the Securities and Exchange Commission. During the conference call, analysts asked whether any specific securities incident had prompted information technology expenditures. Heartland responded in the negative because the expenditures preceded the security breach and were unrelated to that incident. In its Form 10-K Heartland stated that it placed “significant emphasis on maintaining a high level of security” but also warned that its “computer systems could be penetrated by hackers.” The court found that the complaint did not identify “any material misrepresentations or omissions.” The court also ruled that the plaintiffs failed to show that the defendants made false or reckless statements concerning the company’s emphasis on security. The court dismissed the complaint based on the plaintiffs’ failure to allege the existence of a material misstatement or omission and its failure to allege scienter adequately. For a copy of the opinion, please see http://www.buckleysandler.com/In_re_Heartland_Payment_Systems.pdf.
Litigation
Wisconsin Federal Court Holds Common Law Claims not Preempted by FCRA for Furnishers. The U.S. District Court for the Eastern District of Wisconsin recently held that the Fair Credit Reporting Act’s (FCRA) preemption for furnishers of information does not apply to state common law claims. Ori v. Fifth Third Bank, No. 08cv0432, 2009 WL 4895667 (E.D. Wis. Dec. 14, 2009). In Ori, plaintiff sued the holder of his mortgage and the entity the holder “engaged…to process and transmit information about its mortgages,” alleging that each violated FCRA, were negligent, and committed libel in connection with the reporting of his credit. Defendants moved to dismiss plaintiff’s common law claims of negligence and libel, arguing, among other things, that FCRA Section 1681t(b)(1)(F) preempts state law claims against furnishers. However, the court disagreed holding that the language and context of the furnisher preemption provision did not support such broad application. Specifically, the court noted that Section 1681t(b)(1)(F) preempts actions based on obligations “imposed under [state] ... laws.” According to the court, the use of the plural “laws” – as opposed to the singular “law” – refers to enactments of a legislative nature and not actions based on common law. In support of its conclusion, the court also noted that FCRA provides a number of exclusions from preemption for particular state statutes, further suggesting Congress’s intent to preempt state statutory law – not common law. For a copy of the opinion, please see http://www.buckleysandler.com/Ori_v_Fifth_Third.pdf.
New Jersey Federal Court Dismisses Shareholder Claim Based on Computer Security Breach. On December 25, the U.S. District Court for New Jersey dismissed various securities fraud claims brought in shareholder class action against Heartland Payment Systems, Inc. (Heartland) based on a security breach that resulted in an almost 80% decline in value of Heartland’s stock. In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D.N.J. Dec. 25, 2009). Heartland provides bank card payment processing services to merchants. In December 2007, a group of hackers launched a “Structured Query Language” attack (SQL attack) on Heartland’s computer network. The SQL attack affected the company’s payroll manager application containing internal company data. On January 12 or 13, 2009, Heartland discovered that the SQL attack placed malicious software on Heartland’s network, allowing the hackers to enter the payment processing system and steal 130 million credit card and debit card numbers. Heartland immediately notified government authorities and the credit card companies that were affected by the breach. On January 20, Heartland publicly disclosed the theft, and its stock began dropping in value. The plaintiffs had purchased Heartland stock in 2008 and suffered significant losses as a result of the decline in value. The shareholders who were affected brought suit, claiming that Heartland concealed the attack and misrepresented the state of its computer network security in a February 2008 earnings conference call and in its 2007 Form 10-K that it filed with the Securities and Exchange Commission. During the conference call, analysts asked whether any specific securities incident had prompted information technology expenditures. Heartland responded in the negative because the expenditures preceded the security breach and were unrelated to that incident. In its Form 10-K Heartland stated that it placed “significant emphasis on maintaining a high level of security” but also warned that its “computer systems could be penetrated by hackers.” The court found that the complaint did not identify “any material misrepresentations or omissions.” The court also ruled that the plaintiffs failed to show that the defendants made false or reckless statements concerning the company’s emphasis on security. The court dismissed the complaint based on the plaintiffs’ failure to allege the existence of a material misstatement or omission and its failure to allege scienter adequately. For a copy of the opinion, please see http://www.buckleysandler.com/In_re_Heartland_Payment_Systems.pdf.
Puerto Rico Federal Court Holds FCRA Inapplicable to Credit Report of Officer Obtained in Connection with Application for Commercial Credit. On December 8, the U.S. District Court for the District of Puerto Rico held that a defendant business credit grantor did not violate the Fair Credit Reporting Act (FCRA) by procuring the personal credit report of a plaintiff officer applying for commercial credit on behalf of his company. Vélez-Colon v. Caribbean Produce Exchange, Inc., No. 08-1607, 2009 WL 4782125 (D. P.R. Dec. 8, 2009). In Vélez-Colon, the plaintiff alleged that the defendant violated FCRA by obtaining his credit report under false pretenses and without a permissible purpose. However, the court agreed with the defendant that FCRA was inapplicable because the plaintiff’s credit report did not meet FCRA’s definition of “consumer report,” as it was obtained solely to determine his business’ eligibility for credit. According to the court, a plaintiff applying for an extension of credit for commercial purposes “is not a member of the class that FCRA was intended to benefit.” Additionally, the court agreed with the defendant that, even if the plaintiff’s credit report did meet FCRA’s definition of “consumer report,” the defendant did not violate FCRA because the plaintiff authorized the report in writing and because the defendant had a “legitimate business need” for obtaining the report. Notably, the opinion does not mention the Federal Trade Commission’s (FTC) June 22, 2001 informal staff letter opining, among other things, that a lender has a permissible purpose to obtain a consumer report on a consumer in a business transaction if the consumer will be personally liable (e.g., as an individual proprietor, co-signer, or guarantor). For a copy of the FTC’s informal staff letter, please see http://www.ftc.gov/os/statutes/fcra/tatelbaum2.shtm. For a copy of the opinion, please see http://www.buckleysandler.com/Velez-Colon_v_Carribean.pdf.
Privacy/Data Security
New Jersey Federal Court Dismisses Shareholder Claim Based on Computer Security Breach. On December 25, the U.S. District Court for New Jersey dismissed various securities fraud claims brought in shareholder class action against Heartland Payment Systems, Inc. (Heartland) based on a security breach that resulted in an almost 80% decline in value of Heartland’s stock. In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D.N.J. Dec. 25, 2009). Heartland provides bank card payment processing services to merchants. In December 2007, a group of hackers launched a “Structured Query Language” attack (SQL attack) on Heartland’s computer network. The SQL attack affected the company’s payroll manager application containing internal company data. On January 12 or 13, 2009, Heartland discovered that the SQL attack placed malicious software on Heartland’s network, allowing the hackers to enter the payment processing system and steal 130 million credit card and debit card numbers. Heartland immediately notified government authorities and the credit card companies that were affected by the breach. On January 20, Heartland publicly disclosed the theft, and its stock began dropping in value. The plaintiffs had purchased Heartland stock in 2008 and suffered significant losses as a result of the decline in value. The shareholders who were affected brought suit, claiming that Heartland concealed the attack and misrepresented the state of its computer network security in a February 2008 earnings conference call and in its 2007 Form 10-K that it filed with the Securities and Exchange Commission. During the conference call, analysts asked whether any specific securities incident had prompted information technology expenditures. Heartland responded in the negative because the expenditures preceded the security breach and were unrelated to that incident. In its Form 10-K Heartland stated that it placed “significant emphasis on maintaining a high level of security” but also warned that its “computer systems could be penetrated by hackers.” The court found that the complaint did not identify “any material misrepresentations or omissions.” The court also ruled that the plaintiffs failed to show that the defendants made false or reckless statements concerning the company’s emphasis on security. The court dismissed the complaint based on the plaintiffs’ failure to allege the existence of a material misstatement or omission and its failure to allege scienter adequately. For a copy of the opinion, please see http://www.buckleysandler.com/In_re_Heartland_Payment_Systems.pdf.
Puerto Rico Federal Court Holds FCRA Inapplicable to Credit Report of Officer Obtained in Connection with Application for Commercial Credit. On December 8, the U.S. District Court for the District of Puerto Rico held that a defendant business credit grantor did not violate the Fair Credit Reporting Act (FCRA) by procuring the personal credit report of a plaintiff officer applying for commercial credit on behalf of his company. Vélez-Colon v. Caribbean Produce Exchange, Inc., No. 08-1607, 2009 WL 4782125 (D. P.R. Dec. 8, 2009). In Vélez-Colon, the plaintiff alleged that the defendant violated FCRA by obtaining his credit report under false pretenses and without a permissible purpose. However, the court agreed with the defendant that FCRA was inapplicable because the plaintiff’s credit report did not meet FCRA’s definition of “consumer report,” as it was obtained solely to determine his business’ eligibility for credit. According to the court, a plaintiff applying for an extension of credit for commercial purposes “is not a member of the class that FCRA was intended to benefit.” Additionally, the court agreed with the defendant that, even if the plaintiff’s credit report did meet FCRA’s definition of “consumer report,” the defendant did not violate FCRA because the plaintiff authorized the report in writing and because the defendant had a “legitimate business need” for obtaining the report. Notably, the opinion does not mention the Federal Trade Commission’s (FTC) June 22, 2001 informal staff letter opining, among other things, that a lender has a permissible purpose to obtain a consumer report on a consumer in a business transaction if the consumer will be personally liable (e.g., as an individual proprietor, co-signer, or guarantor). For a copy of the FTC’s informal staff letter, please see http://www.ftc.gov/os/statutes/fcra/tatelbaum2.shtm. For a copy of the opinion, please see http://www.buckleysandler.com/Velez-Colon_v_Carribean.pdf.
Credit Cards
New Jersey Federal Court Dismisses Shareholder Claim Based on Computer Security Breach. On December 25, the U.S. District Court for New Jersey dismissed various securities fraud claims brought in shareholder class action against Heartland Payment Systems, Inc. (Heartland) based on a security breach that resulted in an almost 80% decline in value of Heartland’s stock. In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D.N.J. Dec. 25, 2009). Heartland provides bank card payment processing services to merchants. In December 2007, a group of hackers launched a “Structured Query Language” attack (SQL attack) on Heartland’s computer network. The SQL attack affected the company’s payroll manager application containing internal company data. On January 12 or 13, 2009, Heartland discovered that the SQL attack placed malicious software on Heartland’s network, allowing the hackers to enter the payment processing system and steal 130 million credit card and debit card numbers. Heartland immediately notified government authorities and the credit card companies that were affected by the breach. On January 20, Heartland publicly disclosed the theft, and its stock began dropping in value. The plaintiffs had purchased Heartland stock in 2008 and suffered significant losses as a result of the decline in value. The shareholders who were affected brought suit, claiming that Heartland concealed the attack and misrepresented the state of its computer network security in a February 2008 earnings conference call and in its 2007 Form 10-K that it filed with the Securities and Exchange Commission. During the conference call, analysts asked whether any specific securities incident had prompted information technology expenditures. Heartland responded in the negative because the expenditures preceded the security breach and were unrelated to that incident. In its Form 10-K Heartland stated that it placed “significant emphasis on maintaining a high level of security” but also warned that its “computer systems could be penetrated by hackers.” The court found that the complaint did not identify “any material misrepresentations or omissions.” The court also ruled that the plaintiffs failed to show that the defendants made false or reckless statements concerning the company’s emphasis on security. The court dismissed the complaint based on the plaintiffs’ failure to allege the existence of a material misstatement or omission and its failure to allege scienter adequately. For a copy of the opinion, please see http://www.buckleysandler.com/In_re_Heartland_Payment_Systems.pdf.