Sunday, November 27, 2022

FYI: 9th Cir Upholds Dismissal of TCPA Putative Class Action Applying Duguid

The U.S. Court of Appeals for the Ninth Circuit recently upheld the dismissal of a putative class action for alleged violation of the federal Telephone Consumer Protection Act ("TCPA").

 

In so ruling, the Ninth Circuit held that a number generator must generate and dial random or sequential telephone numbers to qualify as an "automatic telephone dialing system" under the TCPA.

 

A copy of the opinion is available at:  Link to Opinion

 

After a consumer provided his phone number to an insurance provider on a website, he began receiving texts from an insurance marketer. The consumer sued under the TCPA, claiming that the marketer used a "sequential number generator" to pick the order in which to call customers who had provided their phone numbers. The consumer alleged that this type of number generator qualified as an "automatic telephone dialing system," often known as an "autodialer," under the TCPA.

 

The marketer responded that it did not use an autodialer and that the TCPA defines an autodialer as one that must generate telephone numbers to dial, not to decide which pre-selected phone numbers to call.

 

The trial court dismissed the consumer's complaint, ruling that the marketer did not use an autodialer. The consumer timely appealed.

 

As you may recall, the TCPA prohibits calling telephone numbers using an autodialer in certain cases. The TCPA defines an "automatic telephone dialing system" as:

 

equipment which has the capacity—

 

(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and

 

(B) to dial such numbers.

 

47 U.S.C. § 227(a)(1).

 

Here, the Ninth Circuit held that the statutory text makes it clear that the number in "number generator" within subpart (A) of the TCPA means a telephone number.

 

When interpreting a modifying clause set off by commas, "the most natural way to view the modifier is as applying to the entire preceding clause." Cyan, Inc. v. Beaver Cnty. Emps. Ret. Fund, 138 S. Ct. 1061, 1077 (2018). The Ninth Circuit determined that, "to store or produce telephone numbers to be called" was dependent on the clause "using a random or sequential number generator." This meant that "using a random or sequential number generator" modified the phrase "to store or produce telephone numbers to be called." Thus, the Court reasoned that it made the most sense that the "number" referred to in the modified clause was the same as the "numbers" in the dependent clause—both were referring to telephone numbers.

 

Furthermore, the Ninth Circuit noted that the Supreme Court of the United States' ruling in Duguid, 141 S. Ct. 1163, underscored that an autodialer must randomly or sequentially generate and dial a telephone number. Specifically, the SCOTUS in Duguid held that "a necessary feature of an autodialer under § 227(a)(1)(A) is the capacity to use a random or sequential number generator to either store or produce phone numbers to be called," Duguid, 141 S. Ct. at 1173, because the contrary interpretation "would capture virtually all modern cell phones, which have the capacity to store telephone numbers to be called and dial such numbers," id. at 1171.

 

The Ninth Circuit concluded that the consumer's interpretation would go against the SCOTUS holding and return the Circuit back to the pre-Duguid state in which "virtually all" cell phones were at risk of violating the TCPA.

 

The Ninth Circuit also noted that the SCOTUS discussion of the TCPA's policy aims supported the view that an autodialer must be able to generate random or sequential telephone numbers. The SCOTUS noted that, besides annoying consumers, the autodialer "threatened public safety by 'seizing the telephone lines of public emergency services, dangerously preventing those lines from being utilized to receive calls from those needing emergency services.'" Id. (quoting H.R. Rep. No. 102-317, at 24 (1991)). And it could "simultaneously tie up all the lines of any business with sequentially numbered phone lines." Id.

 

However, using a random or sequential number generator to select from a pool of customer-provided phone numbers would not cause the harms contemplated by Congress in the Ninth Circuit's view. For instance, public emergency services would presumably not be in these customer-provided lists. And if an autodialer called the phone numbers on its customer list sequentially, it would likely not reach the sequential numbers often assigned to a single business.

 

Accordingly, the Ninth Circuit affirmed the trial court's dismissal of the consumer's lawsuit.

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

Monday, November 21, 2022

FYI: 7th Cir Rules Lenders' Claims Against Borrower and Guarantor Were Time-Barred

The U.S. Court of Appeals for the Seventh Circuit recently affirmed a trial court's ruling that two lenders' claims against a borrower were barred by the applicable statute of limitations. 

 

In so ruling, the Seventh Circuit held:

 

1) Under the language of the debt instruments at issue, the statute of limitations began to accrue when an event of default occurred under the terms of the mortgage note and not under the terms of a subsequent forbearance agreement;

 

and 

 

2) Under Illinois law, the statute of limitations defense does not operate to extinguish a debt, or absolve a person in the contract from the obligation, but merely renders that obligation unenforceable in court.

 

A copy of the opinion is available at:  Link to Opinion

 

The defendant borrower (Borrower) sought investment funds for the purpose of building a condominium development off the coast of Cancun, Mexico.  Borrower formed a limited liability company and obtained loans from lenders secured by a mortgage and evidenced by a note (note) with the limited liability company (LLC) and a personal guaranty (guaranty) from the individual borrower.  

 

Borrower's venture ultimately failed. Over ten years later, lenders sued the limited liability company and individual borrower under note and guaranty seeking to recover the funds they loaned to the borrower and LLC. 

 

The trial court granted summary judgment to Borrower because any alleged breach of the mortgage, note and guaranty were brought beyond the expiration of the applicable ten-year statute of limitations under Illinois law. The lenders appealed. 

 

Lenders' claims under the note

 

Under the terms of the note, the principal and interest on the loans were due in June of 2007.  However, the note also contained an "event of default" acceleration clause that stated "the outstanding unpaid principal balance of the note, the accrued interest thereon and all other obligations of the borrower to the bank under the loan documents shall automatically become due and payable." If the borrower admitted in writing to its inability to pay its debts as they became due, then an event of default occurred.  

 

The Seventh Circuit agreed with the trial court that two separate emails from Borrower to the lenders, and not a subsequent forbearance agreement, constituted an event of default and acceleration of the outstanding unpaid principal and interest.  The first email was a request from Borrower for an additional loan from lenders in order to satisfy a tax obligation. The subsequent email referenced additional financial troubles including the notification that all construction on the project was suspended. As a result of the event of default and acceleration, the Seventh Circuit held that statute of limitations was triggered in September of 2008. 

 

The lenders argued that a forbearance agreement entered into in November of 2008 constituted a new promise to pay , and that the 10-year statute of limitations should accrue in November of 2008. However, the Seventh Circuit did not consider this argument because it was not properly raised at the trial court. As a result, the Appellate Court affirmed the trial court's ruling that the claims brought under the note were barred by the Illinois 10-year statute of limitations. 

 

Lenders' claims under the guaranty

 

On appeal, the lenders also argued that the trial court erred in holding that the statute of limitations defense was not waived in the guaranty. In support of this argument, the lenders relied on two provisions of the guaranty. First, the lenders argued that the language of the guaranty provided that the guaranty was "continuing, absolute, and unconditional, and shall remain in full force and effect with respect to any guarantor unit satisfaction in full of the borrowers' liabilities." Second, the lenders argued that the language of the guaranty provided that the guarantor waived certain defenses, including his statute of limitations defense. 

 

The guarantor argued that general waivers regarding important statutory rights should only constitute a waiver when the language in the guaranty is explicit. Because the guaranty here did not explicitly reference any waiver of the statute of limitations, the guarantor argued that the court should not rule that he waived any statute of limitations defense. 

 

The Court noted that the guaranty stated: "the Guarantor agrees that, except as hereinafter provided, its obligations under this Guaranty shall be unconditional, irrespective of … (vii) any other circumstance which might otherwise constitute a legal or equitable discharge or defense of a guarantor." 

 

The Seventh Circuit held that this provision in the guaranty ensures that the guaranty shall be unconditional and that no legal or equitable defense can alter the status of the obligations as unconditional. However, the Court held that the statute of limitations does not impact the unconditional nature of the obligation because Illinois courts recognize that the statute of limitations is not a defense that impacts a party's obligation, and does not operate to absolve a person in the contract from the obligation.  Instead, a statute of limitations only affects a party's ability to enforce the obligation in court.

 

Thus, the Court held, under the language of the guaranty, the statute of limitations defense was not waiver.

 

As a result, the Seventh Circuit affirmed the trial court's ruling that the lenders' claims were barred by the statute of limitations. 

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

Friday, November 18, 2022

FYI: Companies With Lax Data Security Risk Running Afoul of FTC

In a pair of recent enforcement actions, the Federal Trade Commission cracked down on companies with allegedly lax data security measures that resulted in the theft of personal information of millions of consumers.

 

In the first enforcement action, the FTC alleged that an online marketplace company and its CEO "were alerted to security problems two years prior to the breach yet failed to take steps to protect consumers' data from hackers."

 

Specifically, in 2018 hackers infiltrated the company's servers until the login information for its cloud computing account was changed. Unfortunately, according to the FTC, the company did not address that breach with adequate security measures yet continued to represent to the public it had appropriate security protections. Two years later, an employee's account was breached, and customers' information was stolen.

 

In the second enforcement action, the FTC alleged an education technology company suffered four security breaches since 2017 but failed to undertake adequate remediation, resulting in the exfiltration of millions of consumers' personal information.

 

A number of alleged violations were common to both companies, including:

 

> Failing to require multifactor authentication

> Limiting access to consumers' personal information

> Neglecting to monitor for security threats

> Failing to develop adequate security policies

> Failing to properly train employees

 

Pursuant to the proposed consent orders, both companies are required to remediate these and other issues. Notably, the order concerning the online marketplace company extends to its CEO individually, who "will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals, and where he is a majority owner, CEO, or senior officer with information security responsibilities."

 

The FTC has published a description of the first and second consent agreement packages in the Federal Register.  The agreements are subject to public comment for 30 days after publication, following which the Commission will decide whether to make the proposed consent orders final.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

Monday, November 14, 2022

FYI: NY DFS Announces $4.5 Million Cybersecurity Penalty, Proposes Amendments to Cybersecurity Regs

The Superintendent for the New York Department of Financial Services (DFS) recently announced a consent order assessing a $4.5 million penalty against a health insurance company for violations of the DFS Cybersecurity Regulations, 23 NYCRR, Part 500.

 

The regulations apply to a "covered entity," defined as "any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law."

 

In this case, a phishing attack likely allowed unauthorized access to six years' worth of consumers' non-public information. According to DFS, the company failed to:

 

  • implement multi-factor authentication (§ 500.12);
  • limit user access privileges (§ 500.07);
  • implement sufficient data retention and disposal processes (§ 500.13); and
  • conduct an adequate risk assessment (§ 500.09).

 

In addition to the monetary penalty, the company is required conduct a comprehensive risk assessment, to include: a) reasonably necessary changes to address material issues identified in the assessment; b) plans for revisions of controls to respond to technological developments and evolving threats; and c) plans for updating or creating additional written policies and procedures.

 

To its credit, the company's "commendable cooperation throughout [the] investigation" was acknowledged by DFS as well as its "ongoing and completed efforts to remediate the shortcomings identified in this Consent Order."  This is contained in the "Monetary Penalty" section of the Consent Order, so presumably this favorable conduct had a positive impact on the amount of the penalty.

 

PROPOSED AMENDMENTS TO CYBERSECURITY REGULATIONS

 

DFS recently announced proposed amendments to its Cybersecurity Regulations that, if implemented, would require:

 

The creation of three tiers of companies, further tailoring the regulation to a diverse set of businesses with different defensive needs. Furthermore, based on feedback from the industry and in recognition of the realities of operating a small business, the proposed amendment increases the size threshold of smaller companies that are exempt from many parts of the regulation;   

 

Enhanced governance requirements, thereby increasing accountability for cybersecurity at the Board and C-Suite levels;  

 

Additional controls to prevent initial unauthorized access to technology systems and to prevent or mitigate the spread of an attack;  

 

Requiring more regular risk and vulnerability assessments, as well as more robust incident response, business continuity and disaster recovery planning; and  

 

Directing companies to invest in regular training and cybersecurity awareness programs that are relevant to their business model and personnel.  

 

DFS is accepting public comment on the proposed amendments through Jan. 9, 2023.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

Friday, November 11, 2022

FYI: CFPB On Schedule With Consumer Data Privacy Rights Rulemaking Process

The Director of the Consumer Financial Protection Bureau (CFPB) recently announced at a fintech conference that the CFPB "will launch the process to activate a dormant authority under Section 1033 of the Consumer Financial Protection Act . . . [to] provide for personal financial data rights for Americans".

 

As background, § 1033[1] of the Consumer Financial Protection Act, a/k/a, the Dodd-Frank Act, generally allows a consumer access to transactional information that a business holds related to products or services that were provided to the consumer.

 

Specifically, § 1033(a) provides:

 

Subject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.

 

Of course, the rulemaking process under § 1033 was actually "launched" six years ago when the CFPB issued a Request for Information, which was followed by an Advance Notice of Proposed Rulemaking in 2020 that received 100 comments.

 

SBREFA PROCESS

 

Director Chopra's announcement was aligned with the Spring 2022 Unified Agenda that indicated the CFPB would issue a Small Business Regulatory Enforcement Fairness Act Outline ("Outline") in November 2022.  In fact, the CFPB ended up slightly ahead of schedule, issuing the Outline on Oct. 27.

 

The purpose of the Outline is "to assess the impact on small entities that would be directly affected by the proposals under consideration prior to issuing a proposed rule regarding section 1033."  The CFPB will convene a Small Business Review Panel to request and receive feedback from small entity representatives, and others may submit comments by Jan. 25, 2023.

 

SBREFA OUTLINE

 

The Outline consists of 149 questions on these topics:

 

-  Coverage of data providers subject to the proposals under consideration

-  Recipients of information

-  The types of information a covered data provider would be required to make available

-  How and when information would need to be made available

-  Third party obligations

-  Record retention obligations

-  Implementation period

-  Potential impacts on small entities

 

COVERAGE OF DATA PROVIDERS

 

The CFPB is proposing rules that would require a defined subset[2] of covered persons[3] that are data providers[4] to make consumer financial information available to a consumer or an authorized third party.[5],[6],[7],[8]

 

The CFPB is beginning with these covered persons, in part, "because they both implicate payments and transaction data," noting, however, that it "intends to evaluate how to proceed with regard to other data providers in the future."

 

Initially, as proposed, the rules would apply to this subset of covered persons:

 

Financial institutions with consumer "accounts" as defined in Regulation E,[9] such as banks, credit unions and other entities holding consumer asset accounts; and

"Card issuers" as defined in Regulation Z.[10]

 

Regarding entities that meet the Regulation E definition, the CFPB identifies:

 

-  Banks and credit unions that directly or indirectly hold a consumer asset account (including a prepaid account);

-  Other persons that directly or indirectly hold an asset account belonging to a consumer (including a prepaid account); and

-  Persons that issue an access device and agree with a consumer to provide electronic fund transfer (EFT) services (including mobile wallets and other electronic payment products).

 

Regarding entities that meet the Regulation Z definition, the CFPB identifies:

 

-  Issuers of a credit card account under an open-end (not home-secured) consumer credit plan (as defined in Regulation Z § 1026.2(a)(15)(ii)), i.e., a credit card account under an open-end (not home-secured) consumer credit plan is any open-end credit account that is accessed by a credit card; and

-  Issuers that do not hold consumer credit card accounts, but that issue credit cards, such as by issuing digital credential storage wallets, notwithstanding that those transactions rely on consumer credit card accounts held at another entity.

 

The CFPB is also considering exempting some data providers from a requirement to make data available via data portals based on thresholds, such as asset size of activity level.

 

RECIPIENTS OF INFORMATION

 

The CFPB is proposing that "a covered data provider would satisfy its obligation to make information available directly to a consumer by making the information available to the consumer who requested the information or all the consumers on a jointly held account."  This section includes a discussion of third-party authorization requirements.

 

TYPES OF INFORMATION MADE AVAILABLE

 

The CFPB proposes covered data providers would make available the following types of information:

 

-  Periodic statement information for settled transactions and deposits, such as generally appear for asset and credit card accounts;

-  Information regarding prior transactions and deposits that have not yet settled, such as transaction histories commonly made available through online management portals;

-  Other information about prior transactions not typically shown on periodic statements or portals, such as data from payment networks;

-  Online banking transactions that the consumer has set up but that have not yet occurred, such as with bill pay services;

-  Account identity information, but balancing it with concerns about fraud, privacy, and security; and

-  Other information, such as:

          -  Consumer reports from consumer reporting agencies, such as credit bureaus, obtained and used by the covered data provider in deciding whether to provide an account or other financial product or service to a consumer;

          -  Fees that the covered data provider assesses in connection with its covered accounts;

          -  Bonuses, rewards, discounts, or other incentives that the covered data provider issues to consumers; and

          -  Information about security breaches that exposed a consumer's identity or financial information.

 

HOW AND WHEN INFORMATION WOULD BE MADE AVAILABLE

 

Regarding direct access to information by consumers, the CFPB proposes that "a covered data provider would be required to make available information if it has enough information to reasonably authenticate the consumer's identity and reasonably identify the information requested."  Also, with proper authentication, that "covered data providers would be required to allow consumers to export the information covered by the proposals under consideration in both human and machine-readable formats."

 

The CFPB seeks input regarding consumer identity authentication, fees, included data elements, and data formats.

 

Related proposals regarding third-party access include:

 

-  Third-party portals that do not require an authorized third party to possess or retain consumer credentials;

-  Requirements to promote the availability, security, and accuracy of information made available to authorized third parties, including establishment of a general framework under which industry-set standards and guidelines can further develop;

-  Third-party portal requirements related to factors affecting the quality, timeliness, and usability of the information;

-  Required policies and procedures or performance standards to ensure that the transmission of information through the covered data provider's third-party access portal does not introduce inaccuracies;

-  Requirements to make information available to a third party only upon receipt of a third party's authority to access information on behalf of a consumer, information sufficient to identify the scope of the information requested, and information sufficient to authenticate the third party's identity; and

-  Requirements and restrictions regarding the provision of information to third parties that is known to be inaccurate.

 

THIRD PARTY OBLIGATIONS

 

Here, the CFPB's proposals relate to the obligations of third parties, including:

 

-  Prohibiting the collection, use, or retention of consumer information beyond what is reasonably necessary to provide the product or service the consumer has requested;

-  Limitations on duration and frequency of information access;

-  Limitations on third parties' secondary use of consumer-authorized information;

-  Deletion of consumer information that is no longer reasonably necessary to provide the consumer's requested product or service, or upon the consumer's revocation of the third-party's authorization;

-  Compliance with the Safeguards Rule or Safeguards Guidelines, or development and implementation of security programs based on the third party's size and complexity and the nature of the data;

-  Requiring policies and procedures to ensure the accuracy of information collected and used;

-  Requiring periodic reminders to consumers on how to revoke authorization; and

-  Requiring a mechanism to request information about the extent and purposes of the authorized third party's access.

 

RECORD RETENTION OBLIGATIONS

 

The CFPB is seeking feedback on its proposal for "record retention requirements for covered data providers and authorized third parties to demonstrate compliance with certain requirements of the rule."

 

IMPLEMENTATION PERIOD

 

The CFPB is seeking "input on an appropriate implementation period for complying with a final rule," and how the timeframe may need to take into consideration smaller entities' ability to operationalize the requirements.

 

POTENTIAL IMPACTS ON SMALL ENTITIES

 

A major part of this section is devoted to quantifying the number of small entities that may be affected by the proposals. The CFPB provides estimates for the following:

 

Small Depository Firms

Commercial Banking and Savings Institutions

Credit Unions

Small Nondepository Firms

Software Publishers

Data Processing, Hosting, and Related Services

Sales Financing

Consumer Lending

Real Estate Credit

Financial Transactions Processing, Reserve, and Clearinghouse Activities

Other Activities Related to Credit Intermediation

Investment Banking and Securities Dealing

Securities Brokerage

Commodities Contracts Brokerage

Payroll Services

Custom Computer Programming Services

Credit Bureaus

 

IMPRESSION

 

The concepts and proposals in the Outline are similar to the consumer rights contained in the data privacy laws passed in California, Virginia, Colorado, Utah, and Connecticut, with one major difference: there is no exemption for data or entities subject to the Gramm-Leach-Bliley Act.  Thus, businesses that fit the definition of a covered data provider and have previously relied in whole or in part on those GLBA exemptions should monitor this rulemaking closely and consider the new compliance challenges it will pose.

 

[1]  12 U.S.C. § 5533.

 

[2] "Covered data provider means a financial institution, as defined in Regulation E (EFTA), or a card issuer, as defined in Regulation Z (TILA), who is a data provider."  Outline, p. 66

 

[3] "The term 'covered person' means: (A) any person that engages in offering or providing a consumer financial product or service; and (B) any affiliate of a person described in subparagraph (A) if such affiliate acts as a service provider to such person."  12 U.S.C. § 5481(6).

 

[4] A "data provider" means a covered person, as defined under the Dodd-Frank Act (12 U.S.C. 5481(6)), with control or possession of consumer financial information. Outline, p. 66.

 

[5] "Third party refers, generally, to data recipients or data aggregators." Outline, p. 68.

 

[6] "Data recipient means a third party that uses consumer-authorized information access to provide (1) products or services to the authorizing consumer or (2) services used by entities that provide products or services to the authorizing consumer." Outline, p. 66.

 

[7] "Data aggregator (or aggregator) means an entity that supports data recipients and data providers in enabling consumer-authorized information access." Outline, p. 66.

 

[8] "Authorized third party means a third party who has followed the procedures for authorization described in part III.B.2." Outline, p. 66.

 

[9] "'Account' means a demand deposit (checking), savings, or other consumer asset account (other than an occasional or incidental credit balance in a credit plan) held directly or indirectly by a financial institution and established primarily for personal, family, or household purposes." 12 C.F.R. § 1005.2(b)(1).

 

[10] "Card issuer means a person that issues a credit card or that person's agent with respect to the card." 12 C.F.R. § 1026.2(a)(7).

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320

Fax: (312) 284-4751

Mobile:  (312) 493-0874

Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

CONFIDENTIALITY NOTICE:  This communication (including any related attachments) may contain confidential and/or privileged material.  Any unauthorized disclosure or use is prohibited.  If you received this communication in error, please contact the sender immediately, and permanently delete the communication (including any related attachments) and permanently destroy any copies.

IRS CIRCULAR 230 NOTICE:  To the extent that this message or any attachment concerns tax matters, it is not intended to be used and cannot be used by any taxpayer for the purpose of avoiding penalties that may be imposed by law.

 

 

Monday, November 7, 2022

FYI: Cal App Ct (4th Dist) Upholds Dismissal of Challenges to PACE Loans

The California Court of Appeal, Fourth Appellate District, recently held that a group of senior citizen consumers were required to pursue administrative remedies before suing private companies to challenge their tax assessments billed under the state's Property Assessed Clean Energy program (PACE).

 

In so ruling, the Fourth District upheld the trial court's dismissal of several putative class action complaints seeking "tax refunds, an injunction against future tax assessments, and removal of tax liens" relating to PACE loans.

 

A copy of the opinion is available at:  Link to Opinion

 

California enacted PACE as a method for homeowners to finance energy and water conservation improvements. A PACE debt is created by contract and secured by the improved property. But like a tax, the installment payments are billed and paid as a special assessment on the improved property, resulting in a first-priority tax lien in the event of default.

 

Classes of consumers in multiple putative class actions who were over 65 years old and entered into PACE contracts sued private companies who either made PACE loans to the consumers, were assigned rights to payment, and/or administered PACE programs for municipalities. The consumers alleged that the PACE financing was actually, and should have been treated as, a secured home improvement loan. The consumers also asserted that the companies engaged in unfair and deceptive business practices by violating consumer protection laws, including California Civil Code section 1804.1(j), which prohibits taking a security interest in a senior citizen's residence to secure a home improvement loan.

 

The defendant companies demurred to the complaints on the sole ground that the consumers failed to allege they first exhausted administrative remedies.

 

Generally, "a party must exhaust administrative remedies before resorting to the courts." Plantier v. Ramona Municipal Water Dist. (2019) 7 Cal.5th 372, 383. Additionally, the California Constitution gives the legislature exclusive control over the procedure under which a taxpayer may recover certain tax payments. Article XIII, section 32 provides: "After payment of a tax claimed to be illegal, an action may be maintained to recover the tax paid, with interest, in such manner as may be provided by the Legislature." It also specifies that "[t]he Legislature shall pass all laws necessary to carry out [its] provisions." Cal. Const., art. XIII, § 33.

 

​​Taxpayers have the right to challenge an inaccurate or illegal tax assessment and to claim a refund of taxes. The process is initiated by an application for assessment reduction under Civil Code section 1603, subdivision (a), which provides: "A reduction in an assessment on the local roll shall not be made unless the party affected . . . files with the county board a verified, written application showing the facts claimed to require the reduction and the applicant's opinion of the full value of the property." Under section 1610.8, the board may "cancel[ ] improper assessments." An order for refund cannot be made unless a verified claim is filed under section 5097. Lastly, the taxpayer may file an action in the superior court to recover a tax that the board has refused to refund after a duly filed claim. § 5140.

 

The trial court agreed with the defendant companies, sustained the demurrers without leave to amend, and entered a judgment of dismissal. The consumers timely appealed.

 

On appeal, the consumers primarily contended that they were not required to pursue administrative remedies because they had sued only private companies and did not challenge the municipal tax process involved. Instead, the complaints sought tax refunds, an injunction against future tax assessments, and removal of tax liens. Relying on Oakland v. California Construction Co. (1940) 15 Cal.2d 573 (Oakland), the consumers asserted that a "request by private party property owners for the return of money paid out on a void contractual obligation [is] not a challenge to an assessment lien" and, therefore, does not require that they first exhaust administrative remedies.

 

The Fourth District disagreed and held that, for the purposes of applying the exhaustion rule, the PACE assessments can only be treated as taxes. This is because, under Revenue and Taxation Code section 4801, "taxes" include "assessments collected at the same time and in the same manner as county taxes." § 4801; see Kahan v. City of Richmond (2019) 35 Cal.App.5th 721, 737. Therefore, despite their assertions to the contrary, the Court concluded that the consumers did challenge their property tax assessments.

 

The Fourth District also found the California Supreme Court's ruling in Oakland to be materially distinguishable because that case did not involve a challenge to any tax. Rather, the city of Oakland sought to void street improvement contracts based on a contractor's alleged fraud during the bidding process. Oakland, supra, 15 Cal.2d at pp. 574‒575.

 

The consumers also argued that the exhaustion rule only applies to lawsuits against the government. They found support for this view in section 5140, which provides that the "person who paid the tax" is authorized to bring a refund action against "a county or a city" to recover tax the county or city has refused to refund.

 

However, the Fourth District determined that this argument was foreclosed by the California Supreme Court's decision in Loeffler. In that case, the court held that consumers had to first exhaust administrative tax remedies before bringing an action under the Unfair Competition Law to challenge a retailer's alleged misrepresentation about whether a sale of hot coffee was subject to sales tax. Loeffler, 58 Cal.4th at pp. 1092, 1134. The California Supreme Court explained that the question of taxability had to be first decided administratively, followed by judicial review of the agency's decision. Id. at p. 1127. An injunction prohibiting retailers from collecting sales tax "could indirectly reduce the flow of tax revenue in the future" and thus involved policies the exhaustion rule was intended to address. Id. at p. 1131.

 

Similarly here, the Fourth District concluded that the consumers' PACE assessments undoubtedly would be affected by the adjudication of the complaints. The consumers alleged that the PACE loans were "void at inception for illegality" and the resulting security interest (i.e., a property tax lien) was also unlawful and "void." Because the tax rested exclusively upon the validity of the PACE financing, a judgment that the debt and security interest were illegal and void would negate the sole basis of the tax assessment.

 

The consumers also asked the Fourth District to apply a broad exception to exhaustion on the grounds that "no purpose would be served" by requiring the board to consider a pure legal issue — whether consumer protection statutes apply to these PACE loans.

 

A limited exception to the exhaustion rule has generally been recognized where " 'the administrative agency cannot provide an adequate remedy' and 'when the subject of a controversy lies outside the agency's jurisdiction.' " Williams & Fickett, supra, 2 Cal.5th at p. 1274. But in this case, the Fourth District concluded that an adequate remedy did exist because, by statute, the board "shall" refund property tax that is erroneously or illegally assessed. § 5096, subds. (b), (c).

 

Lastly, the consumers asserted that the Fourth District should still rule on whether they have stated a valid claim on the merits. However, because the demurrers were limited to whether the consumers had failed to exhaust administrative remedies, the Appellate Court held that the issue of whether the consumers' substantive claims had merit was not before it.

 

Accordingly, the Fourth District affirmed the judgment of the trial court.

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   California   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars