Volume 3, Issue 11
Welcome to the 11th issue of All Consuming for 2022.

We are extremely pleased to announce that Spilman was named to the 2023 "Best Law Firms" list by U.S. News-Best Lawyers in 61 areas of law throughout the firm’s footprint - including several areas dealing with consumer finance and banking & finance law.

The rankings are based on a rigorous assessment process that involved the collection of client and lawyer evaluations, peer review from leading attorneys, and review of additional information provided by law firms. You can learn more here.

Thanks for reading.

Nicholas P. Mooney II, Editor of All Consuming

Data Breaches
Pennsylvania Settlements with Experian and T-Mobile
Why this is important: Pennsylvania’s Attorney General, Josh Shapiro, announced on Monday, November 7, 2022, that Pennsylvania entered into settlements (Experian #1, Experian #2, and T-Mobile) with Experian and T-Mobile related to data breach incidents that Experian experienced in 2012, and that both companies experienced in 2015. This agreement between the parties resolved a multistate action by a number state Attorneys General. The total monetary amount for the settlements was $16 million, of which the State of Pennsylvania is entitled to $464,000. The settlements also included requirements that the companies strengthen their data security practices.

Experian’s 2012 data breach involved an Experian subsidiary, Experian Data Corp. (“EDC”). That data breach involved an identity thief who posed as a private investigator in order to gain access to consumers’ personally identifiable information (“PII”). In addition to a monetary settlement, Experian is required to:
  • Strengthen its vetting and oversight of third parties requesting access to consumers’ PII;
  • Investigate and report data security incidents to the Attorneys General; and
  • Maintain a “Red Flags” program to detect and respond to potential identity theft events.

This action settled for $1 million of the total $16 million settlement.

The larger settlements involved a 2015 data breach where an unauthorized actor gained access to the part of Experian’s network that stored the personal data on behalf of its client, T-Mobile. This data breach included consumer information related to applications for T-Mobile’s postpaid services and device financing between September 2013 and September 2015. The information obtained by the unauthorized users included consumer PII and T-Mobile’s internal credit assessments. In total, 484,147 Pennsylvanians were impacted by this data breach.

In addition to obtaining a monetary settlement from Experian and T-Mobile, the settlements also included requirements that the two companies strengthen their data security practices. For Experian, this included:

  • Prohibition against misrepresentations to its clients regarding the extent to which Experian protects the privacy and security of personal information; 
  • Implementation of a comprehensive Information Security Program, incorporating zero-trust principles, regular executive-level reporting, and enhanced employee training; 
  • Due diligence provisions requiring the company to properly vet acquisitions and evaluate data security concerns prior to integration;
  • Data minimization and disposal requirements, including specific efforts aimed at reducing use of Social Security numbers as identifiers; and 
  • Specific security requirements, including with respect to encryption, segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, penetration testing, and risk assessments. 

The settlement also requires Experian to offer five years of free credit monitoring services to affected consumers, as well as two free copies of their credit reports annually during that time frame. As part of this settlement, T-Mobile was required to do the following:

  • Implementation of a Vendor Risk Management Program;
  • Maintenance of a T-Mobile vendor contract inventory, including vendor risk ratings based on the nature and type of information that the vendor receives or maintains; 
  • Imposition of contractual data security requirements on T-Mobile’s vendors and sub-vendors, including related to segmentation, passwords, encryption keys, and patching;
  • Establishment of vendor assessment and monitoring mechanisms; and
  • Appropriate action in response to vendor non-compliance, up to contract termination.

This settlement with T-Mobile does not include a separate data breach that T-Mobile suffered in 2021. That incident is subject to a separate investigation. --- Alexander L. Turner
“The Biden administration wants to target other hidden fees to save consumers even more money.”

Why this is important: On October 26, 2022, the Consumer Financial Protection Bureau issued guidance about two "junk fee" practices that it contends are likely unfair and unlawful under existing law. The first - surprise overdraft fees - includes overdraft fees charged when consumers had enough money in their account to cover a debit charge at the time the bank authorizes it. The second addresses the practice of indiscriminately charging depositor fees to every person who deposits a check that bounces. The CFPB stated that these fees "are likely unfair and unlawful" and "violate the Consumer Financial Protection Act prohibition on unfair practices when consumers cannot reasonably avoid them." According to the CFPB, in 2019, overdraft, bounced check and non-sufficient funds fees generated roughly $15 billion for banks.

The Federal Trade Commission (“FTC”) also announced plans to crack down on surprise fees. Last month, it voted to launch a rulemaking process that would limit junk fee practices, including for event ticketing, hotels, funeral homes and any other industries that use hidden mandatory fees. Some dissent among FTC Commissioners exists, however, citing that any further rulemaking may “duplicate, or contradict, existing laws and rules; is untethered from a solid foundation of FTC enforcement; relies on flawed assumptions and vague definitions; ignores impacts on competition; and diverts scarce agency resources from important law enforcement efforts.”
“The Consumer Financial Protection Bureau maintains regulatory enforcement authority over independent mortgage banks, depositories, fintechs and the reverse mortgage industry at the national level, and has seen a couple of specific developments related to its interactions with the reverse mortgage business specifically as well as a new, existential threat emerge in the form of a Fifth Circuit U.S. Court of Appeals ruling.”

Why this is important: The Consumer Financial Protection Bureau is asking for public input on ways to spur new mortgage products that help households, especially for borrowers with smaller loan balances. The CFPB also seeks public input on ways to support automatic short-term and long-term loss mitigation assistance for homeowners who experience financial disruptions. However, any efforts the CFPB may take to improve mortgage refinances for homeowners may be undone. In Community Financial Services Association of America v. CFPB, a three-judge panel for the U.S. Court of Appeals for the Fifth Circuit became the first federal court to find that the CFPB’s funding structure is unconstitutional. Thus, many, if not all, of the CFPB’s past actions may be undone. The impact this may have on the reverse mortgage industry and senior borrowers has yet to be determined. The CFPB has made clear that it does not agree with the Fifth Circuit’s decision and is likely to seek a grant of a writ of certiorari to the Supreme Court on or before its January 17, 2023 deadline. --- Victoria L. Creta
“The legal challenges could take years to play out.”

Why this is important: Last month, the United States Court of Appeals for the Fifth Circuit ruled that the Consumer Financial Protection Bureau’s independent funding structure violates the U.S. Constitution’s Appropriations Clause and principles of separation of powers. The Dodd-Frank Act, passed in the wake of the 2008 financial crisis, provided that the CFPB would not be funded through Congressional appropriations. Instead, the CFPB receives its funding directly from the Federal Reserve, which itself also is funded outside of the congressional appropriations process. Two trade associations sued the CFPB to challenge its 2017 Payday Lending Rule that governs certain types of personal loans with short-term or balloon payment structures and, among other things, limits lenders’ ability to automatically debit a borrower’s bank account. The Fifth Circuit held that the CFPB’s “double-insulated” funding structure violated the U.S. Constitution’s Appropriations Clause and principles of separation of powers. As a result, the court invalidated the Payday Lending Rule. This article discusses some predictions about the effect of that decision on the mortgage markets, which it characterizes as “an industry that’s prone to disruption when laws are murky, especially as interest rates rise.” The Fifth Circuit includes Mississippi, Louisiana, and Texas, and in those states the decision is mandatory authority. The CFPB has been an active regulator of the mortgage industry. Thus, the decision undermines its authority on some level and leaves some uncertainty about what laws govern mortgages, at least in those states. Commentators say an appeal of the Fifth Circuit’s decision is likely, but it could take years to play out as any appeal would involve a petition to the U.S. Supreme Court. In the interim, the CFPB has stated that the decision won’t stop it from policing consumer lenders. Industry stakeholders need to be aware of the decision and need to ensure that their operations comply with the CFPB’s pronouncements until this issue is settled. --- Nicholas P. Mooney II
“The United States Bankruptcy Court for the Southern District of Ohio issued an order in a Chapter 13 bankruptcy proceeding wherein it found the debtor’s mortgagee, HSBC, violated a bankruptcy rule when it sought to collect a past tax advance after the debtor’s debt had been discharged and the bankruptcy case closed.”

Why this is important: Pay close attention to the Notice of Final Cure that is sent out at the end of a bankruptcy case. Failure to take the right steps can result in sanctions down the road. What appears to have started out as a simple misunderstanding (or miscalculation) of escrow and tax advances on a mortgage, has been determined by the Court to be a sanctionable violation of Bankruptcy Rule 3002.1, in an amount yet to be determined. The Court has ordered a briefing schedule, so the ultimate outcome remains pending. At its core, it appears that the debtor in this bankruptcy case did not pay property taxes during some of the years her chapter 13 bankruptcy case was pending, mistakenly believing they had been paid, waived, or discharged. One year after receiving her bankruptcy discharge, the bank required escrow for past due taxes (which were apparently advanced by the bank during the time the bankruptcy case was pending). The debtor refused to pay and the bank declared a default and moved forward with foreclosure proceedings. In response, the debtor reopened the bankruptcy case and moved for an order of contempt for violation of the discharge order on the part of the bank. Upon review, it was found that the bank had received the Notice of Final Cure when the bankruptcy case was nearing its end, and had filed a standard response that the debtor was “current on all post-petition payments” – which would have included the property tax amounts in question. In essence, the court found that the bank was bound by its statement that the debtor was current, among other reasons, because “Rule 3002.1 exists to prevent unexpected deficiencies in residential mortgage payments when a Chapter 13 case is completed and closed.” Creditors should carefully review a debtor’s account before filing their required response to the Notice of Final Cure in a bankruptcy case. If it is later determined that past amounts remain outstanding after the bankruptcy case is closed and the discharge is entered, the creditor may have limited options for recourse. --- Brian H. Richardson
“In the near-term, the number of loans in forbearance will likely increase also due to the devastation caused by Hurricane Ian.”

Why this is important: The Mortgage Bankers Association (“MBA”) recently reported that, while servicers’ forbearance rate declined marginally again in September, it expects pressure in the coming months due to the worsening economic conditions and the destruction caused by Hurricane Ian. The total number of loans in forbearance decreased three basis points from the previous month to 0.69 percent of the servicers’ total portfolio volume in September. As of the end of 3rd quarter, approximately 345,000 homeowners were in forbearance plans, a decrease of 15,000 since August. From June 2020 to September 2022, MBA data found that 29.6 percent of forbearance exits resulted in a loan deferral or partial claim, while 18.3 percent of borrowers continued to pay during the forbearance period. However, about 17.3 percent were borrowers who did not make their monthly payments and did not have a loss mitigation plan.

With the COVID-19 federal health emergency still in effect, borrowers still may seek initial COVID-19 hardship forbearance as well as getting a forbearance plan due to natural disasters. --- Bryce J. Hunter
PPP Loans
“More than two years later, the overwhelming majority of these loans have transformed into government grants, as 91% have been either fully or partially forgiven.”

Why this is important: One of the most popular economic relief measures was the Paycheck Protection Program (“PPP”) that authorized loans to small businesses to empower them to keep their workers employed (and paychecks funded) during the mandatory shutdowns caused by the COVID-19 pandemic. Borrowers were assured that the loans would be forgivable, as long as certain conditions were met. Approximately 11.5 million loans were issued through the PPP program, using all of the $800 billion in allocated funding. In an updated report from data released by the Small Business Administration, the program appears to have been very successful – with 91 percent of loans having completed the process to be fully (or partially) forgiven. Of the 1 million loans that remain in process, the delays stem from a variety of factors, including loans issued during the later rounds of the program, being issued through online or Fintech banking systems, rather than traditional banks, and being primarily issued to sole-proprietorships. The SBA anticipates seeing these loans also qualify for forgiveness in whole or in part in the coming months. Some critics of the PPP program argue that the initial rounds of loan issuances were rife with fraudulent qualifications. Investigations remain underway for those. These results from the SBA data certainly seem to indicate that the PPP program was administered in a prudent and efficient manner by all lenders, and responsibly received by borrowers that were in desperate need of the economic assistance. --- Brian H. Richardson
“In July 2022, Congresswoman Ayanna Pressley (Democrat-Massachusetts-7th District) introduced in the U.S. House of Representatives the ‘Credit Reporting Accuracy After a Legal Name Change Act of 2022’ (H.R. 8478).”

Why this is important: H.R. 8478 would make a single revision to the Fair Credit Reporting Act, which would prohibit a consumer credit reporting agency from showing on a consumer’s credit report any prior name of the consumer after receiving from the consumer a request to use only the consumer’s current legal name. The bill is co-sponsored by five Congress persons from Illinois, California, New York and Texas. It is intended to address credit reporting issues faced by transgender and gender nonconforming consumers, but could assist any consumer whose name is changed. The bill cites findings that fragmented consumer files occurring after a name change impair the consumer's access to credit, housing, and employment because the credit score decreases. In addition, the disclosure of a transgender consumer’s former name can expose the consumer to unlawful discrimination based on the consumer’s gender identity. As of this writing, the bill has not yet passed the House. --- Debra Lee Allen
U.S. House of Representatives and U.S. Senate Committee Meetings
We have included a listing of pertinent U.S. House and Senate Committee meetings for your reference.

These are events scheduled at press time for the months of November and December 2022.

  • No November or December events are scheduled at this time.

  • No November or December events are scheduled at this time.

  • No November or December events are scheduled at this time.

  • No November or December events are scheduled at this time.
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use. The views and opinions expressed in this e-newsletter are those of the authors and do not necessarily reflect the views or positions of Spilman Thomas & Battle, PLLC.
Responsible Attorney: Michael J. Basile, 800-967-8251