• REGULATORY & ENFORCEMENT • NEW LAWSUITS • NOTEWORTHY CASE DEVELOPMENTS • INTERCHANGE FEE LITIGATION ISSUE FIVE I MAY 2024
ISSUE 5 | 3 REGULATORY & ENFORCEMENT Agencies Issue Third-Party Risk Management Guide for Community Banks On May 3, 2024, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued Third-Party Risk Management: A Guide for Community Banks, a guide “to assist community banks when developing and implementing their third-party risk management (TPRM) practices.” In June 2023, the agencies issued the Interagency Guidance on Third-Party Relationships: Risk Management, which describes sound risk-management principles for banking organizations to consider when developing and implementing risk-management practices for all stages in the life cycle of third-party relationships. The Community Bank TPRM Guide is not a substitute for the guidance, but rather is intended to be a resource for community banks to consider when managing the risk of third-party relationships. The Community Bank TPRM Guide provides potential considerations, resources, and examples through each stage of the TPRM life cycle. Like the guidance, the Community Bank TPRM Guide emphasizes that community banks should apply more rigorous risk-management practices throughout the third-party relationship life cycle for third parties that support higher-risk activities. The agencies highlight that the Community Bank TPRM Guide is not a checklist and does not prescribe specific risk-management practices or establish any safe harbors for compliance with laws or regulations. Additionally, the agencies underscore that the Community Bank TPRM Guide does not have the force and effect of law and does not impose any new requirements on banks. The agencies also remind banks that even when they partner with third parties, the banks remain responsible for operating in a safe and sound manner and for complying with applicable legal and regulatory requirements. CFPB Warns Remittance Transfer Providers Against False Advertising Following a series of consent orders and other regulatory actions against remittance transfer providers, the Consumer Financial Protection Bureau (CFPB) issued a circular that warns those providers against deceptively marketing the speed and cost to consumers of sending a remittance transfer. Remittance transfer providers allow consumers to engage in person-to-person transfers across international borders. Remittance transfers typically occur when immigrants send financial support to family in their home country, but also occur when parents send money to students or other Americans living abroad. Some remittance transfers include cross-border consumer-to-business payments. The remittance transfer provider market is dominated by a small number of large nonbank money transmitters, though some startups have begun offering faster, digital-only transfers. Transfers can take as little as an hour or as long as three to five days. Costs vary greatly and can often be hidden in nonmarket exchange rates. The Dodd–Frank Act mandated certain disclosure requirements for remittance transfer providers. These disclosure requirements include alerting the consumer engaging in the transfer to the amount that will be transferred in both U.S. dollars and the recipient’s currency, any fees or taxes, the exchange rate used for the transfer, the date funds will be available to the recipient, and the total amount that will be available to the recipient in their currency. The circular argues that remittance transfer providers may also run afoul of the Consumer Financial Protection Act (CFPA) if they mislead consumers through those disclosure requirements. Remittance transfer providers engage in deceptive practices when they: • Mislead consumers on the speed of the transfer, which is often a key consideration for consumers. The CFPB has already issued a consent order against one remittance transfer provider for falsely advertising that transfers occur “instantly” or “within seconds” when the transfers actually take longer. • Advertise “no-fee” transfers and then charge a fee. The same consent order also alleged that the provider advertised that money could be sent to Nigeria “with no fees,” then charged consumers fees on all transfers from the United States to Nigeria. • Fail to clarify that promotional pricing is limited or for a limited time. The CFPB has long criticized written disclosures in fine print as insufficient to correct a prior misleading statement made in advertising. • Advertise a transfer as “free,” particularly when the cost of the transfer is hidden in a nonmarket exchange rate. BaaS Banks Draw Outsized Enforcement Scrutiny At least five banks that provide banking as a service (BaaS) to fintech partners were the target of enforcement actions in 2023, making up 13.5% of severe enforcement actions by federal bank regulators. With fewer than 100 BaaS banks in the United States, out of roughly 4,800 banks, the number of enforcement actions appears to fall disproportionately on banks partnering with fintechs. The litany of enforcement actions against fintechs and bank partners has not slowed down in 2024. According to Konrad Alt, between 2020 and the first quarter of 2024, more than a quarter of fintech-partnered banks were the target of at least one enforcement action from a federal regulator. In the first quarter of 2024, both Piermont Bank and Sutton Bank—both of which partner with fintechs—entered consent orders. • Piermont Bank: Piermont entered into consent orders with the FDIC and the New York Department of Financial Services (NYDFS) related to its offering banking services to fintechs, both directly and through its business units Treasury Prime and Unit. The FDIC and NYDFS alleged that Piermont failed to comply with anti-money laundering (AML) laws, and as a result may have failed to report suspicious activities in accounts at Piermont. The consent order required Piermont to review all its third-party relationships, update its data transfer and processing systems, and better comply with AML requirements. • Sutton Bank: Like Piermont, Sutton also partners with fintechs to offer banking services to consumers. It entered into a consent order with the FDIC in February 2024, under which it is
ISSUE 5 | 5 required to expand its AML and suspicious reporting capabilities and develop appropriate third-party risk management policies and procedures. CFPB and Banking Industry Fight over Validity of Credit Card Penalty Fees Final Rule On March 5, 2024, the CFPB issued a Credit Card Penalty Fees Final Rule, which reduces the safe harbor for the maximum late fee that large credit card issuers may charge to $8. Under the Credit Card Accountability Responsibility and Disclosure Act of 2009, any penalty fee—including late fees—imposed on a consumer in connection with an omission or violation of a cardholder agreement under an open-end consumer credit plan must be “reasonable and proportional” to the omission and violation. And under Regulation Z, which implements this provision, an issuer may not impose a penalty fee unless the issuer (1) undergoes a cost analysis and determines that the fee is reasonably proportional to the total costs incurred by the issuer for the violation; or (2) complies with the safe harbor provisions, which provide set amounts for penalty fees that card issuers may charge. Previously, the safe harbor for all penalty fees extended up to $30 for an initial violation and $41 for certain subsequent violations. Now, under the new final rule, it will be reduced to $8 for late fees. This final rule applies only to “large card issuers,” which are card issuers with one million or more open credit card accounts, and became effective on May 14, 2024. This final rule was immediately challenged by the U.S. Chamber of Commerce, American Bankers Association, Consumer Bankers Association, and others, which sued the CFPB in the Northern District of Texas seeking a preliminary injunction and to set aside the final rule in its entirety based on numerous alleged procedural and substantive flaws. Rather than rule on the motion for preliminary injunction, the district court invited the CFPB to file a motion to transfer, which the CFPB filed, and the court granted. The plaintiffs challenged this action before the Fifth Circuit, which vacated the district court’s transfer order. On May 10, 2024, the Northern District of Texas granted the plaintiffs’motion for a preliminary injunction, basing its determination of the plaintiffs’likelihood of success on the merits entirely on the Fifth Circuit’s prior opinion that the CFPB’s funding structure is unconstitutional. That matter is currently under consideration by the U.S. Supreme Court in CFPB v. CFSA, with an opinion anticipated before the Court’s summer recess. Nacha Approves New Rule Regulating Fraud Monitoring of ACH Transfers In March 2024, Nacha—the national clearinghouse association that governs the ACH Network—approved new rules requiring fraud monitoring of ACH payments. The new rules require all parties involved in an ACH transfer (except for consumers) to monitor transactions for potential fraud. This means that for the first time, receiving financial institutions will be required to monitor the ACH payments they receive. According to Nacha, the rules are aimed at reducing incidence of frauds that make use of credit-push payments. In a credit-push payment, the payer initiates a transfer of funds to a payee. In this scenario, the payer (sender) authorizes their bank or financial institution to transfer funds directly to the payee’s account, rather than the payee pulling funds from the payer’s account, like in a direct debit or credit card transaction. Common examples of frauds that make use of credit-push payments include: (1) business email compromise, typically when a cybercriminal impersonates a high-level executive or trusted individual within a company and manipulates employees into transferring money; (2) vendor impersonation, when a cybercriminal compromises a vendor’s email account and uses it to send fraudulent invoices or payment requests to the vendor’s clients; and (3) payroll impersonation, when a cybercriminal impersonates an employee to change their payroll information and redirect payments to the employee to fraudulent accounts. The rules become effective in three separate phases of rule amendments. The first phase of amendments becomes effective on October 1, 2024. It empowers originating deposit financial institutions (ODFIs) to request a return of a payment for any reason, and it empowers receiving deposit financial institutions (RDFIs) to unilaterally return any payments that they think may be fraudulent. The second phase of amendments becomes effective on March 20, 2026. It requires ODFIs and any nonconsumer originator, third-party service provider, and third-party sender with annual ACH originations exceeding $6 million to establish and implement processes and procedures to identify ACH payments initiated because of fraud. It also requires RDFIs with annual ACH receipts exceeding $10 million to do the same. Lastly, the third phase of amendments becomes effective on June 19, 2026. It extends the requirements of the second phase to all ODFIs and RDFIs, not simply those that met the respective $6 and $10 million thresholds. CFPB Receives Pushback on Proposed Rule Prohibiting Nonsufficient Funds Fees for Instantaneously Declined Transactions In January 2024, the CFPB issued notice of a proposed rule on the assessment of nonsufficient funds (NSF) fees on declined transactions. Specifically, the proposed rule would prohibit financial institutions from assessing NSF fees on transactions that are declined instantaneously or near-instantaneously—that is, those declined with no significant perceptible delay after the consumer initiates the transaction, such as ATM withdrawals or instant payment applications (e.g., Venmo, Cash App). Notably, however, the proposed rule would not apply to situations where a transaction is processed despite the insufficient funds, meaning that overdraft fees and related charges would generally be unaffected by the rule change. The CFPB received feedback from a number of stakeholders during the public comment period, including from banking groups opposed to the rule change. In one particularly assertive public opposition letter, the Independent Community Bankers of America rebuked the CFPB for “misusing its [unfair, deceptive, or abusive acts or practices (UDAAP)] authority to undermine the adequacy of federal disclosure rules.” Specifically, the ICBA argued that
ISSUE 5 | 7 the CFPB is improperly “painting with a broad brush” by “labeling all fees of a particular type as UDAAP violations rather than making fact-specific inquiries into individual banks’ acts or practices, taking into account the extent of disclosure provided, the consumer’s ability to avoid fees, and other relevant circumstances.”The ICBA also accused the CFPB of proposing “a solution in search of a problem,” arguing that the proposed rule is unnecessary because “currently covered financial institutions rarely charge NSF fees on covered transactions.”The public comment period closed on March 25, 2024. CFPB Proposes Rule to Target Regulatory Overdraft “Loophole” The CFPB proposed a rule in January 2024 that would significantly narrow the ability of very large financial institutions (banks and credit unions with more than $10 billion in assets) to rely on Regulation Z’s overdraft exemptions. Under the proposed rule, large financial institutions would need to treat overdraft loans like credit cards and other lending products, which involve disclosures to facilitate comparison shopping and other protections. The proposed rule would permit a very large financial institution to offer a courtesy overdraft service as long as it only charges customers a “breakeven” amount for the service, either its direct costs to provide the service or a benchmark fee (in an amount to be determined, either $3, $6, $7, or $14). CFPB Director Rohit Chopra said the rule is meant to close a regulatory “loophole” that exempts many overdraft services from key consumer credit protections. Notably, the White House has endorsed the proposed rule, claiming that the proposal will save families $3.5 billion every year, in perpetuity. The agency has said that October 2025 is likely the earliest any final rule could take effect due to certain truth-in-lending rulemaking requirements. Manhattan District Attorney Calls on Peer-to-Peer Payment Apps to Protect Consumers from Fraud Earlier this year, Manhattan District Attorney Alvin Bragg sent open letters to the owners of Cash App, Venmo, and Zelle asking the companies to provide better consumer protections against scammers. The letters from the district attorney note a growing number of incidents in the New York City region involving an unauthorized user gaining access to unlocked devices and draining bank accounts of significant sums of money, making purchases with mobile financial applications, and using financial information from the applications to open new accounts. The letter proposed some solutions, including (1) adding a second and separate password for accessing the app on a smartphone as a default security option; (2) imposing default lower limits on the monetary amount of total daily transfers; (3) requiring wait times and secondary verification of up to a day for large monetary transactions; and (4) better monitoring accounts for unusual transfer activities and asking for confirmation when suspicious transactions occur. OCC Issues Guidance on Buy Now, Pay Later Lending On December 6, 2023, the OCC issued a bulletin aimed at assisting banks with effectively managing risks associated with “buy now, pay later” (BNPL) lending. BNPL is used to refer to various types of installment lending products. The OCC’s bulletin addresses BNPL loans that are payable in four or fewer installments and carry no finance charges. The OCC explained that while BNPL loans provide consumers with a convenient and relatively low-cost option compared with alternative financing, BNPL lending can result in credit, compliance, operational, strategic, and reputation risks to banks. According to the OCC, some of the risks to banks and consumers include: • Borrowers could overextend themselves or may not fully understand BNPL loan repayment obligations. • The lack of clear, standardized disclosure language could obscure the true nature of the loan, result in consumer harm, or present potential risks of violating prohibitions on unfair, deceptive, or abusive acts or practices. • Third-party relationships may increase a bank’s exposure to operational and compliance risks because the bank may not have direct control of the activity performed by the third party. The OCC advises banks engaging in BNPL lending to do so within a risk management system that is commensurate with the unique characteristics and risks of the BNPL loans. The OCC further advises banks to establish polices and procedures for BNPL lending that address loan terms, underwriting criteria, methodologies to assess repayment capacity, fees, charge-offs, and credit loss allowance considerations. The highly automated nature of BNPL lending may also present an elevated operational risk, and the OCC recommends that bank management assess fraud risk and implement controls to mitigate those risks. The OCC also expects a bank to have risk management processes to effectively manage third-party relationships. Lastly, the OCC advises bank management to give close attention to the delivery method, timing, and appropriateness of marketing, advertising, and consumer disclosures to ensure that they all clearly state a borrower’s contractual obligations and any fees that may apply. FDIC Issues Cease-and-Desist Letter to Fintech On March 18, 2024, the FDIC issued a cease-and-desist letter to PrizePool Inc., demanding it cease making allegedly false and misleading statements in its advertising about FDIC insurance. PrizePool is a fintech that partners with Evolve Bank & Trust—a bank that works with many fintechs—to offer high-yield savings accounts that allow consumers the possibility of winning large cash prizes. PrizePool allegedly advertised that its high-yield accounts were FDIC insured up to $500,000, even though the FDIC insurance maximum is $250,000 on most accounts. In its cease-and-desist letter, the FDIC demanded that PrizePool stop advertising FDIC insurance on products that were not so insured, and further demanded that PrizePool accurately state the coverage of FDIC insurance on customer accounts in its advertising.
ISSUE 5 | 9 Bank Agrees to Pay $6.2 Million to Resolve CFPB Overdraft Fee Allegations Atlantic Union Bank entered into a consent order with the CFPB related to the in-person and telephone overdraft opt-in sales practices it had in place from 2017 to 2020. The settlement requires Atlantic Union to refund affected consumers $5 million in overdraft fees and pay a $1.2 million civil money penalty to the CFPB. The Electronic Fund Transfer Act (EFTA) and its implementing regulation require banks to describe their overdraft service in writing before getting a consumer to opt in to overdraft coverage for ATM withdrawals and one-time debit card transactions. The CFPB took the position that Atlantic Union violated the EFTA because: (1) employees gave oral descriptions of the bank’s overdraft coverage to new customers who opened checking accounts; and (2) employees sought oral confirmation from customers to enroll in overdraft coverage before providing them with the required written disclosures describing the terms of service. The CFPA gives the CFPB broad authority to protect consumers from unfair, deceptive, or abusive acts and practices. The CFPB found that Atlantic Union violated the CFPA by (1) not providing its customer service representatives with a script to read to customers about the fees and features of opt-in overdraft privilege; (2) misleading customers about the terms and costs of overdraft coverage by not clearly explaining which transactions were covered by the service; and (3) omitting key information about the cost of the service and the fact that consumers could incur a hefty overdraft fee for each transaction covered by the service. In addition to refunding affected consumers and paying a civil penalty, Atlantic Union agreed to create and implement a comprehensive compliance plan designed to ensure that its policies and practices related to enrolling consumers in opt-in overdraft coverage comply with all applicable laws. California Regulators Fine Fintech Company $2.5 Million for Customer Service Mishaps In February 2024, the California Department of Financial Protection and Innovation announced that it had fined fintech startup Chime $2.5 million as part of a broader consent decree aimed at addressing what the state referred to as “occasional mistakes” in Chime’s interactions with its customers. In the consent decree, the state accused Chime of violating California’s consumer protection laws by failing to timely and adequately address customer complaints during a three-month period in 2021. In addition to paying the $2.5 million fine within 30 days of the entry of the consent decree, Chime also agreed to offer 24/7 customer service and to ensure sufficient customer service staffing and training. Chime also agreed to provide the state with periodic updates on its compliance progress for the next two years. Additionally, on May 4, 2024, the CFPB took action against Chime for failing to give consumers timely refunds when their accounts were closed. According to the CFPB, “thousands of consumers waited for weeks or even months for balance refunds after closing their accounts—a failure that inflicted significant financial harm on consumers who did not have access to critical funds to help make ends meet.”The CFPB’s order requires Chime to provide at least $1.3 million in redress to consumers it harmed and pay a $3.25 million penalty into the CFPB’s victims relief fund. Department of Justice Announces $37 Million Settlement with Data Company The Department of Justice (DOJ) obtained a $37 million settlement with Argus Information & Advisory Services—a TransUnion-owned consumer credit data analyst—arising out of Argus’s alleged violations of the False Claims Act. In the settlement agreement made public in March 2024, Argus agreed to settle claims that it improperly used anonymized credit card data it obtained from banks under contracts with federal regulators to bolster certain products and services it sold to its customers. The alleged misconduct occurred from 2010 to 2020, and the DOJ alleged that Argus failed to disclose its alleged misconduct during the entirety of that period. The $37 million settlement includes a $13.5 million restitution payment under the False Claims Act. NEW LAWSUITS Justice Department Sues for Allegedly Monopolizing Smartphone Markets, Shutting Out Alternative Digital Wallets U.S., et al. v. Apple Inc., No. 2:24-cv-04055 (D.N.J.). On March 21, 2024, the U.S. Department of Justice and several state attorneys general filed a civil antitrust lawsuit against Apple for monopolization or attempted monopolization of smartphone markets in violation of Section 2 of the Sherman Act. The complaint alleges that Apple illegally maintains a monopoly over smartphones by selectively imposing contractual restrictions on, and withholding critical access points from, developers. The lawsuit asserts that Apple undermines apps, products, and services that would otherwise make users less reliant on the iPhone, promote interoperability, and lower costs for consumers and developers. Among other things, the complaint states that Apple has blocked third-party developers from creating digital wallets on the iPhone with tapto-pay functionality. Digital wallets are apps that allow a user to store and use passes and credentials, including credit cards, personal identification, movie tickets, and car keys, in a single app. Apple Wallet is Apple’s proprietary digital wallet on the iPhone that incorporates Apple’s proprietary payment system Apple Pay, which processes digital payments on the web, in apps, and at merchant points of sale. According to the DOJ, Apple uses its control over app creation to selectively prohibit developers from accessing the near-field communication (NFC) hardware needed to provide tap-to-pay through a digital wallet app. Apple Wallet is the only app on the iPhone that can
ISSUE 5 | 11 use NFC to facilitate tap-to-pay. The complaint alleges that while Apple actively encourages banks, merchants, and other parties to participate in Apple Wallet, Apple simultaneously exerts its smartphone monopoly to block these partners from developing payment products and services for iPhone users. Apple denies that it ever imposed restrictions to block perceived competitive threats from rivals. It contends that the suit threatens its ability to create the high-quality technologies that its customers expect, and if the DOJ prevails, the iPhone will be less private, less secure, and plagued with more malware and apps with inappropriate content. The complaint’s requested relief includes injunctions preventing Apple from engaging in “further anticompetitive practices.” Bank Hit with Consumer Class Action over Return of Deposited Item Fees Spencer v. PNC Bank NA, No. 2:24-cv-00357 (W.D. Penn.). On March 18, 2024, a putative class of individual consumers sued PNC Bank NA over PNC’s return of deposited item fees. According to the allegations in the complaint, these fees are levied by PNC against PNC’s accountholders when they attempt to deposit a check that does not clear. PNC charges these fees every time a check bounces or is returned unpaid, regardless of the culpability of the accountholder. As a result, accountholders who believe the checks to be legitimate will still be charged the fee. The plaintiffs make up a putative class of all individual accountholders charged a return of deposited item fee by PNC within the applicable statute of limitations. The plaintiffs also seek to represent subclasses of Illinois and Pennsylvania PNC accountholders. The plaintiffs allege claims for breach of the implied covenant of good faith and fair dealing, unjust enrichment, and violations of Illinois and Pennsylvania consumer protection laws. Bank Faces Consumer Suit for Allegedly Aiding and Abetting Fraud Through AML Failures Van Horn, Metz & Co. Inc. v. PNC Financial Services Group Inc., No. 2:23-cv-03596 (E.D. Penn.). On April 12, 2024, specialty raw materials distributor Van Horn, Metz filed an amended complaint against PNC Financial Services Group Inc. for allegedly aiding and abetting a fraud scheme perpetrated against Van Horn, Metz. Van Horn, Metz alleges that its former employee fraudulently transferred more than $3.5 million to his personal checking account from Van Horn, Metz’s business checking account at PNC. Van Horn, Metz further alleges that PNC should be held liable for aiding and abetting the fraudulent transfers because it failed to detect and stop them. Van Horn, Metz alleges that PNC’s AML policies and procedures should have, but did not, cause PNC to detect and stop the transfers. The amended complaint alleges a single count of aiding and abetting fraud. The original complaint was filed in Pennsylvania state court, but PNC removed it to federal court. PNC successfully dismissed the first complaint in its entirety and has moved to dismiss the amended complaint. Payment Processor Facing Class Action over Excessive Chargeback Fees Print Your Plaques LLC v. Esquire Bank N.A., et al., No. 2:24-cv-01077 (E.D.N.Y.). An aggrieved merchant filed a class action against its payment processor and sponsor bank over alleged unauthorized and undisclosed monthly chargeback violation fees. In the complaint, the plaintiff alleges that the defendants violated the terms of the relevant merchant agreement by charging fees for allegedly “excessive” chargebacks in frequency and amounts that exceeded the permissible amount under the parties’ contract, including by assessing such fees on a “per chargeback” rather than “per month” basis. The plaintiff asserts claims for breach of contract, breach of the implied covenant of good faith and fair dealing, and unjust enrichment. The plaintiff filed the class action on behalf of all merchants who were charged any monthly chargeback violation fee by the defendants, seeking certification of a nationwide class under New York law and asking the court to award compensatory damages, pre- and post-judgment interest, and a prohibitory injunction to prevent the defendants from engaging in similar conduct in the future. The defendants have not responded to the complaint. Lawsuit Filed over Merchant Agreements Sabol, et al. v. PayPal Holdings Inc. and PayPal Inc., No. 4:23-cv-05100 (N.D. Cal.). On January 19, 2024, PayPal filed a motion to dismiss a class action complaint filed against it. The consumers challenge merchant agreements with online retailers that accept PayPal or Venmo as a method of payment, claiming that PayPal’s merchant agreements prohibit merchants from offering customers a discount if they use a non-PayPal, lower-fee payment method. For example, if a PayPal-accepting merchant sells a product for $25 when a consumer pays with PayPal, that merchant cannot offer a penny less than $25 to consumers who select an alternative payment method to complete the same transaction. The plaintiffs also allege that PayPal’s merchant agreements prohibit merchants from expressing any preference for other payment options. The plaintiffs allege these “anti-steering rules” effectively protect PayPal’s fees from downward competitive pressure, reduce the incentive for rival payment platforms to lower their own fees, and result in higher overall prices for consumers when retailers pass these fees along. The plaintiffs seek to represent a nationwide class of every person who has used a payment method other than PayPal to make a purchase from a U.S.-based internet merchant that accepted PayPal as one means of payment since October 2019. The plaintiffs assert a claim under Section 1 of the Sherman Act, as well as claims under California’s Cartwright Act and Unfair Competition Law.
ISSUE 5 | 13 In moving to dismiss the complaint, PayPal argues that there is nothing anti-competitive or illegal about its merchant agreements. PayPal also argues that the provisions at issue are intended to provide—and have the effect of providing—consumers with the ability to use PayPal to make purchases by leveling the playing field for PayPal in the online payments space that includes players that are far larger than PayPal. PayPal also argues that the plaintiffs failed to define a relevant antitrust market because the e-commerce market encompasses a near limitless array of consumer goods and services offered by merchants. PayPal further argues that the plaintiffs lack standing to bring antirust claims because their theory of injury—that they pay inflated prices because of PayPal—relies upon implausibly and highly speculative assumptions about the independent pricing decisions of tens of millions of e-commerce merchants. The parties are awaiting a decision on the motion to dismiss. Trade Groups Challenge Colorado’s Rate Exportation Opt-Out Law National Association of Industrial Bankers, et al. v. Weiser, No. 1:24-cv-00812 (D. Colo). In 2023, Colorado passed legislation opting the state out of the federal interest exportation right provided to federally insured, state-chartered banks. Under the Depository Institutions Deregulation and Monetary Control Act of 1980 (DIDMCA), state-chartered banks may lend nationwide at either their home state’s interest-rate caps or a federal interest-rate cap, depending on which is higher. Colorado’s opt-out law, scheduled to become effective July 1, 2024, specifically aims to restrict federal interest rate preemption for consumer credit transactions only within the state. On March 25, 2024, the National Association of Industrial Bankers, American Financial Services Association, and American Fintech Council sued to enjoin Colorado from enforcing the optout law. The plaintiffs argue that it violates the Supremacy Clause and Dormant Commerce Clause and that the National Bank Act preempts the opt-out law. The plaintiffs argue that while Congress authorized states to opt out of DIDMCA, that right was limited to loans“made in”the opting-out state. They continue that Colorado far exceeded its authority under DIDMCA, ignoring the federal definition of where a loan is deemed to be “made” and instead imposing its state interest-rate caps on any consumer credit transaction in Colorado (even if not made in the state). This, they argue, violates the Supremacy Clause. Further, the plaintiffs argue that the opt-out law violates the Dormant Commerce Clause because Colorado’s view of where a loan is made creates varying obligations for out-of-state banks, disrupting interstate commerce. Lastly, the plaintiffs argue that the National Bank Act shields national banks from state interest-rate caps (like the opt-out law), but unlike DIDMCA, it does not permit states to opt out. The state law is preempted and does not apply to any national bank not chartered in Colorado, even if it makes a loan in the state. Briefing on these issues has not yet concluded. NOTEWORTHY CASE DEVELOPMENTS Bank Seeks to Dodge “Misguided”Lawsuit Alleging Failure to Protect Customers from Fraud The People of the State of New York v. Citibank N.A., No. 1:24-cv-00659 (S.D.N.Y.). Citibank filed a motion to dismiss all counts of a complaint filed by the New York attorney general accusing Citibank of failing to deploy sufficiently robust data security measures to protect consumer financial accounts, respond appropriately to red flags, or limit theft by scam. New York alleges that Citibank permits scammers to defraud its customers, and when customers later raise the alleged fraud with their bank, Citibank “mislead[s] consumers about their rights, … trick[s] consumers into executing unnecessary affidavits, inflat[es]the likelihood of recovery of stolen funds, and blam[es] the victims.” Notably, the state has taken the position that online consumer wires are subject to the EFTA and alleges that Citibank has violated the EFTA by denying consumers rights and protections under that statute by treating fraudulent online consumer wires as subject to Article 4 of the Uniform Commercial Code (UCC) instead, which permits banks to deny reimbursement for fraudulent wires when the bank executes such transfers in “good faith” and employs “reasonable security procedures.” New York also contends that fraudulent intrabank transfers are unauthorized EFTs as defined under the EFTA and alleges that Citibank has violated the EFTA by not treating such transfers as unauthorized on grounds that the consumer somehow benefits from them. The state also accuses Citibank of violating the SHIELD Act—New York’s data security law—by failing to take reasonable steps to protect its customers’ data such as requiring multi-factor authentication or deploying mechanisms to identify markers of fraudulent transactions. In its motion, Citibank accuses the attorney general of engaging in a “misguided” attempt to “rewrite” the EFTA by applying it to wire transaction fraud when, Citibank alleges, such transactions are governed exclusively by the UCC. In addition to arguing that the EFTA does not apply, Citibank claims that the state’s claims under the SHIELD Act are wholly inapplicable because they do not address the fraudulent wire transfers but rather is designed to combat data breaches, and also contends that the state fails to plead its fraud-related claims with the requisite specificity. Citibank asks the court to dismiss the state’s claims in their entirety, arguing that “[t]he solution to the problem of online wire fraud and scams is not a lawsuit, especially one that improperly seeks to rewrite a federal statute and that would abruptly and dramatically upset how banks have organized their policies and practices for decades.” On May 2, 2024, the American Bankers Association and other trade organizations filed an amicus brief in support of Citibank’s fight against the New York attorney general’s lawsuit.
ISSUE 5 | 15 FTC Settles with Company and Two Former Executives for Allegedly Processing Payments for Known Scammer Federal Trade Commission v. BlueSnap Inc., et al., No. 1:24-cv-01898 (N.D. Ga.). On May 1, 2024, the Federal Trade Commission (FTC) settled a suit against global payment facilitator BlueSnap and its former chief executive officer and senior vice president of global acquiring and payments alleging that, at the direction of these executives, BlueSnap knowingly processed payments for deceptive and fraudulent merchants. According to the FTC, BlueSnap opened and maintained multiple merchant accounts for a deceptive debt relief telemarketing merchant that bilked consumers out of tens of millions of dollars. Allegedly, BlueSnap continued to process consumers’ payments for this telemarketing merchant despite repeated warnings and direct evidence that the operation was engaged in fraud. According to the FTC, one of these warnings was a payment processor telling BlueSnap that it should look to close one of the telemarketing merchant’s accounts due to excessively high chargebacks, but BlueSnap ignored this warning and kept the account open. The telemarking merchant was eventually fined by Visa due to excessive levels of fraud on the account. About two months after the fine, American Express apparently instructed Global Acquiring and Payments to stop processing American Express transactions on the account due to high fraud rates and consumers reporting they were being scammed by the merchant. The FTC asserts that the defendants not only continued to facilitate payment processing for the telemarketing merchant, but they also actively helped the scam conceal its illegal activity and evade industry fraud monitoring programs. The order asserts claims for violation of the FTC Act and the telemarketing sales rule, as well as assisting and facilitating violations of the telemarketing sales rule and credit card laundering. The defendants are required to turn over $10 million for consumers and stop processing payments for debt collection or debt relief companies, as well as companies listed through an industry fraud monitoring program. In addition, the company is required to closely screen and monitor other high-risk clients and be prohibited from helping any client take steps to evade fraud monitoring. BaaS Bankruptcy Purchase Deal Falls Apart On April 22, 2024, banking-as-a-service (BaaS) startup Synapse filed for Chapter 11 bankruptcy and entered an asset purchase agreement with payment processor TabaPay. According to Synapse CEO Sankaet Pathak, Synapse signed a deal with TabaPay and then filed Chapter 11 bankruptcy due to TabaPay’s preference to be able to do the deal “free and clear.” Under the agreement, TabaPay would pay $9.7 million and additional consideration to buy substantially all the assets of Synapse, including its non-bankrupt wholly-owned subsidiaries Synapse Credit LLC, which holds state lending licenses, and Synapse Brokerage LLC, which holds a broker-dealer license. It was revealed during a bankruptcy hearing on May 9, 2024 that the deal between Synapse and TabaPay has fallen apart. The deal for TabaPay to acquire Synapse’s assets hinged on at least three key preconditions: (1) Synapse filing for Chapter 11 bankruptcy so that TabaPay could acquire Synapse’s assets free and clear, without exposure to potential liability; (2) Evolve Bank & Trust agreeing to fully fund “FBOs,” or accounts holding pooled end-user funds; and (3) the court approving a settlement between Synapse and Evolve, which arose from disagreements about who was responsible for possible shortfalls in FBO accounts, among other issues. During the hearing, Synapse shared that Evolve claims it has funded the FBO account, but Synapse has not seen any additional funds added since the signing of the settlement agreement between Synapse and Evolve. Synapse argued that it would never have agreed to the settlement agreement nor filed the bankruptcy proceeding had that been Evolve’s position at the time the settlement agreement was signed. Synapse alleged that it is not sure who is harmed by the FBO accounts not being funded, but speculated that it is probably Evolve’s end users, not Synapse’s end users. Evolve’s position is that accounts at Evolve related to Synapse are fully funded and there “are no end user issues whatsoever.” Importantly, it was revealed during the hearing that TabaPay sent Synapse an email on May 8 stating it is electing not to proceed with the sale closing. Supreme Court Denies Request to Review Class Certification Order Against Credit Cards National ATM Council Inc., et al. v. Visa Inc., et al., No. 21-7109 (U.S.). On April 15, 2024, the U.S. Supreme Court declined to review a decision from an appellate court affirming class certification against Visa and Mastercard in an action brought by consumers and ATM operator plaintiffs. In October 2011, the plaintiffs filed a class action in federal court in the District of Columbia against Visa and Mastercard alleging that the companies conspired to develop anti-competitive rules prohibiting ATM operators from charging customers different access fees for using different networks. The customer plaintiffs allege the rules have caused them to pay artificially inflated transaction fees, and the operator plaintiffs allege they have been forced to pay surcharges that limit their revenue. The plaintiffs allege that Visa and Mastercard want to prevent other companies from poaching customers with the promise of lower transaction fees. In August 2021, the district court certified two classes of consumers and a class of ATM operators. Visa and Mastercard appealed that decision to the D.C. Circuit Court of Appeals, arguing that the certification order swept in at least tens of thousands of uninjured plaintiffs. In July 2023, the circuit court rejected Visa’s and Mastercard’s challenge, ruling that the plaintiffs are only required to show that questions common to the class predominate at the certification stage. According to the circuit court, contentions by the companies that the classes include uninjured plaintiffs can be addressed later on by a fact finder. Visa and Mastercard asked the Supreme Court to review the decision, but that request was denied.
ISSUE 5 | 17 Minnesota Federal Court Dismisses Challenge to FDIC Financial Institution Letter 32 Minnesota Bankers Association, et al. v. Federal Deposit Insurance Corporation, et al., No. 0:23-cv-02177 (D. Minn.). On April 8, 2024, the District of Minnesota dismissed a challenge by the Minnesota Bankers Association and Lake Central Bank of a financial institution letter (FIL) issued by the FDIC in June 2023. FILs are letters issued by the FDIC to provide guidance and information to financial institutions. These letters typically address new policies, regulations, or guidelines affecting the banking industry, as well as updates on FDIC programs and initiatives. FIL 32 addressed the practice of charging multiple insufficient funds fees for the same transaction. Specifically, it encouraged institutions to review their practices and disclosures for the charging of NSF fees for re-presented transactions and provided options for riskmitigation practices. The plaintiffs argued that FIL 32 constituted a legislative rule that was promulgated without adhering to essential administrative procedures. Specifically, the plaintiffs argued that it required them to make changes to their policies on charging multiple NSF fees, and because it was issued without the Administrative Procedure Act’s required notice and comment period, it was improper. The district court rejected this argument, instead holding that FIL 32 was not the result of final agency action, so the Administrative Procedure Act’s requirements did not apply. According to the court, FIL 32 provided only supervisory guidance without the force and effect of law. That is, FIL 32 merely outlined the FDIC’s supervisory expectations or priorities and articulated the FDIC’s general views on appropriate practices. As a result, no legal consequences flowed from FIL 32, and it was not a final agency action. The district court dismissed the case without prejudice. Second Circuit Rules in Class Action Against Cryptocurrency Exchange Underwood v. Coinbase Global Inc., No. 23-184 (2nd Cir.). In April 2024, the Second Circuit issued a comprehensive ruling in a class action against crypto exchange Coinbase. The plaintiffs alleged that the trading of specific cryptocurrencies on Coinbase violated federal and state securities laws. The lawsuit encompassed federal claims under the Securities Act of 1933 and the Securities Exchange Act of 1934, as well as state-law claims under the securities laws of California, Florida, and New Jersey, on behalf of a nationwide class. The dispute revolved around whether cryptocurrencies traded on Coinbase constituted securities under federal and state laws. The plaintiffs claimed that Coinbase’s actions amounted to offering and selling unregistered securities and violating various securities laws. In contrast, Coinbase argued that secondary sales of crypto-assets did not qualify as securities transactions, disputing the applicability of securities regulations. The court of appeals held that Coinbase could be liable under Section 12(a)(1) of the Securities Act for the offer and sale of unregistered securities. But significantly, this ruling was based on the district court’s improper reliance on Coinbase’s December 2021 user agreement, which was not mentioned or attached to the plaintiffs’ amended complaint. According to the court of appeals, because other versions of Coinbase’s user agreements were in effect during the class period, including other agreements with materially different language, the district court could not treat the December 2021 version as conclusive to evaluate the legal sufficiency of the amended complaint. Dismissal of the Securities Act claims was improper at the pleading stage but possibly will be proper at the summary judgment stage. The court of appeals affirmed the dismissal of claims under the Exchange Act, citing insufficient allegations of transaction-specific contracts required for rescission, and reversed the dismissal of the state-law claims, which the district court dismissed for lack of supplemental jurisdiction following its dismissal of the plaintiffs’ claims under the Securities and Exchange Acts. The case has been remanded to the trial court for further proceedings. INTERCHANGE FEE LITIGATION Credit Card Transaction Fee Types When a customer uses a credit card to make a payment to a merchant, the merchant initiates a transaction and relays information (e.g., the amount of the purchase and the type of card used) to the acquirer (the merchant’s bank). The acquirer then transmits this information to the credit card network (Visa, Mastercard, Discover, American Express, etc.), which in turn relays it to the issuer (the customer/cardholder’s bank that issued the credit card). If the issuer approves the transaction, the approval is relayed to the acquirer and then back to the merchant. At several stages of the transaction, fees are assessed for facilitating the transaction: • Between the cardholder and the issuer, the transaction fee might be negligible or zero, as is often the case for debit cards, or may even be negative, in the case of rewards credit cards that provide points, airline miles, or cash back to the cardholder. • Between the issuer and the network, the issuer pays the network a network fee, some of which may be returned to the issuer in the form of incentive payments. • Between the issuer and the acquirer, the issuer remits payment to the acquirer minus an interchange fee, which is sometimes called a swipe fee. These fees vary in cost for each card brand. Interchange fees, in theory, may be set by negotiation between acquirers and issuers; in the absence of an agreement, however, interchange fees are set by schedules established by the credit card networks. In practice, the default interchange fee schedules almost always prevail.
ISSUE 5 | 19 • Between the acquirer and the network, the acquirer pays a fee to the network, which may include a fixed acquirer network fee (FANF). • Between the acquirer and the merchant, the acquirer credits the merchant’s account for the amount of the purchase minus what is known as the merchant discount fee. This is the sum of all fees deducted from the purchase amount and includes the interchange fee, network fees, chargebacks (or some portions of those fees), and acquirer fees. Interchange Fee Class Action Settlements and Opt-Outs In re Payment Card Interchange Fee and Merchant Discount Litigation, No. 1:05-md-01720 (E.D.N.Y.). in the Eastern District of New York alleging the defendants violated federal and state antitrust laws by adopting interchange fees and rules that supposedly constitute unlawful price fixing, unreasonable restraints of trade, and monopolization. And in 2006, the court approved two separate classes of plaintiffs based on the type of damages sought by the classes: one seeking damages and the other seeking equitable relief from card network rules. Over the past several months, there have been notable developments for both classes, including motions and court decisions on the most “direct purchaser” of interchange fees. Damages settlement class In December 2019, the district court approved a $5.54 billion class settlement for the damages class. The Second Circuit affirmed that decision on appeal. The damages settlement class is defined as all persons, businesses, and other entities that have accepted any Visabranded cards or Mastercard-branded cards in the United States from January 1, 2004 to January 25, 2019, subject to certain exceptions, including financial institutions that have issued or acquired Visa-branded cards or Mastercard-branded cards during the class period. The deadline to opt out of the settlement class was July 23, 2019, and some merchants opted out of the settlement so that they could pursue their own claims against the defendants. For those entities that are in the damages settlement class and have not opted out, the deadline to submit a claim for part of the settlement fund is August 30, 2024. On May 1, 2024, the district court held that certain class members that initially objected to the $5.54 billion class settlement cannot recover the $983,605 in attorneys’ fees expended on objecting to the settlement. The district court concluded that they have not showed that their objections substantially benefited the class or the ultimate class settlement. Merchant opt-out litigation Three large merchants opted out of the damages settlement class and filed their own complaints, all of which were ultimately transferred to and consolidated in multidistrict litigation pending in the Eastern District of New York. In February 2024, the district court rejected Visa’s and Mastercard’s motions for summary judgment arguments that these merchants lack antitrust standing to bring the antitrust claims against them because the merchants are not direct purchasers (as required for antitrust standing) of the interchange fees. According to Visa and Mastercard, the acquirers, rather than merchants, are the most direct purchasers because they actually pay the interchange fees. In response, the merchants argued that they pay the interchange fees because fees are deducted by the issuers and card networks from the funds owed to the merchants; acquirers do not pay interchange or network fees and instead receive the funds from issuers’ net of fees. The district court found that there was evidence to establish a dispute of material fact whether the merchants are in fact direct purchasers of card-acceptance services. The court specifically held that there was evidence to rebut Visa’s and Mastercard’s positions that the acquirers are the most direct purchasers, including evidence tending to show that, unlike merchants, acquirers do not treat the fees as expenses and that the issuers deduct the fees directly from the amounts owed to merchants, such that the acquirers simply facilitate the provision of card-acceptance services. In April 2024, the district court issued a separate order on Visa’s and the issuing banks’ motion for summary judgment on various merchants’ debit monopolization, attempted monopolization, and conspiracy to monopolize claims. The judge held that the merchants adequately pled their debit monopolization and attempted monopolization claims, but granted summary judgment to Visa and the issuing banks on the conspiracy to monopolize claim. Payment facilitators opt-out litigation In 2021, Intuit brought an antitrust suit against Visa and Mastercard. In 2022, Block, which owns Square, brought its own. The companies allege similar antitrust violations against the card networks as those asserted in the multidistrict litigation, challenging the card networks’ alleged illegal fixing of interchange rates and their “Honor All Cards” policy, which dictates that in order to accept any card in Visa and Mastercard networks, merchants must accept them all, regardless of their issuing banks. In February 2024, Visa and Mastercard asked the Eastern District of New York to enforce the damages settlement agreement against Intuit and Block and dismiss their separate claims, arguing that their claims were released by their merchants as part of the $5.54 billion class action settlement. According to Visa and Mastercard, merchants that didn’t opt out of the settlement agreed to release not only their claims, but also those of their “agents,” and that the payment facilitators should be considered among those agents. Among other things, the card networks pointed to language in Intuit’s and Block’s publicly available contracts stating that Intuit and Square are the merchants’ agents. In response, Intuit and Block argued that the merchants had no authority to release their claims because they never expressly assigned their antitrust claims to the merchants. Intuit and Block cross-moved for summary judgment. Specifically, Intuit cross-moved for summary judgment on whether it has antitrust standing, and Block joined its merchants’ cross-motion for summary judgment arguing that the merchants are not members of the damages settlement class. In support of their motions, Intuit and Block primarily argue that they are the most direct payors of the interchange fees. In response, the card networks primarily argue that Intuit and Square do not directly pay the interchange fees, and thus lack antitrust standing, because the acquirers instead pay those fees. This same argument was raised by the card networks in the merchant opt-out litigation. Both motions are fully briefed and pending decision before the court.
RkJQdWJsaXNoZXIy MTc0OTA5