Spring is officially upon us, Ohio. We can transition from running on the treadmill to running outside. Most importantly, we can begin preparing for barbecue season. Please invite me to your cook out!
Miriah’s Take: TCPA Litigation Is Making Waves
Recently, I have been looking at data related to the Americans with Disability Act (ADA) website accessibility litigation, but I would like to analyze litigation data and trends of the Telephone Consumer Protection Act (TCPA). In our February post, we covered TCPA, specifically the 2015 Omnibus Order, which has led to significant court cases where multiple U.S. District Courts have analyzed the definition of an auto-dialer. In March, we briefly covered Marks v. Crunch San Diego, another prominent TCPA case in which the defendant recently abandoned its appeal to the U.S. Supreme Court.
Since the last post, the U.S. District Court for the Northern District of Illinois issued an opinion dismissing a class-action lawsuit against AT&T. Let’s dive into it!
In Gadelhak v. AT&T Services, Inc, the court examined the proper definition of the statutory term “automated telephone dialing system” (ATDS) and whether or not AT&T utilized an ATDS when it sent text messages to the plaintiff. This examination is informed by the underlining question addressed to the court: “whether the D.C. Circuit’s opinion in ACA International v. FCC nullified previous FCC orders defining the term ATDS, and if so, what is the proper definition of that statutory term under the plain language of the TCPA.”
As a refresher, the FCC under the 2015 Omnibus Order encapsulated two readings of an ATDS: (1) A device that itself has the ability to generate random or sequential numbers to be dialed, and (2) A device that can call from a database of telephone numbers generated elsewhere. In ACA International, the D.C. Circuit invalidated the 2015 Omnibus Order because the FCC “cannot, consistent with reasoned decision making, espouse both competing interpretations in the same order.”
AT&T argued that the D.C. Circuit in ACA International actually invalidated the FCC’s prior rulings defining an ATDS. Here, in the Gadelhak, the court agrees with AT&T, stating that a close read of ACA International supports AT&T’s position. Specifically, the definition of an ATDS as articulated in the 2008 Declaratory Ruling and the 2003 Order are invalidated under Gadelhak, as well.
Because ACA International did not define an ATDS, the court in Gadelhak defines an ATDS “unburdened by the Commission’s definitions.” In an attempt to define an ATDS, Gadelhak asks whether “predictive-dialing devices that lack the capacity to generate numbers either randomly or sequentially, and instead only dial numbers from a predetermined list, meet the statutory definition of an ATDS.” Gadelhak answers this question by determining that “numbers stored by an ATDS must have been generated using a random or sequential number generator.” This is in contrast with the decision in Marks v. Crunch San Diego, which this blog previously covered.
Plaintiff concedes that AT&T’s dialing system “generates a list of telephone numbers to be called via automated computer processes,” which is significant as the court finds that the dialing system does not use a random number generator to produce telephone numbers to be called.
While the outcome in Gadelhak is favorable to the financial services industry, and while the court opinion articulates what many in the industry have been saying (that the current TCPA rules are irreconcilable), the Gadelhak opinion exits alongside Marks. Thus, as some things change, some remain the same: there is still contrasting court opinions as to how the TCPA rules should be interpreted in light of ACA International. We need the FCC to focus on developing a clear regulatory scheme that recognizes that consumers seek to be contacted by their financial institutions, as well as with whom the consumer has an existing business relationship, regardless of whether the technology utilized for contact is predictive or generates numbers randomly.
Miriah’s Hot Topic: What’s Going on at the FTC
When the financial services industry-particularly credit unions-discuss how federal agencies impact the day-to-day operations, often the Federal Trade Commission (FTC) is overlooked in the discussion. In 1914, Congress passed the Federal Trade Commission Act, creating the FTC, in addition to outlawing unfair methods of competition and unfair acts or practices that affect commerce. The agency places a high priority on consumer protection, as the FTC is “the nation’s consumer protection agency,” according to their website. (This is interesting, as I would argue many believe the Consumer Financial Protection Bureau to be the nation’s consumer protection agency.)
At the end of March, the FTC released its report, Annual Highlights of 2018, which provides a high-level overview of issues that the FTC deems significant and concerning. We should pay significant attention to the FTC, because if it is noticing these items, other federal agencies are taking note, as well. The agency notes its focus on the areas that have the greatest consumer impact: (1) health care; (2) technology; and (3) consumer products and services. Credit unions, as small businesses and community employers, touch each of these three areas.
The FTC is primarily an enforcement agency, bringing cases through the court or administrative process; it appears 2018 was a busy year. The agency received almost 3 million consumer reports in 2018, with the top three areas of reports related to imposter scams, debt collection, and identity theft. Approximately 140,000 consumer reports dealt with banks and lenders. Last year, the agency filed 18 administrative actions and 40 lawsuits in federal court. Top enforcement actions from 2018 include:
- Robocalls: The FTC filed a complaint in federal court against Alliance Security, alleging that the company called millions of consumers whose numbers are listed on the National Do Not Call Registry.
- Online Lending: The agency filed charges against Lending Club, an online lending company. The FTC alleged the company deceived consumers by falsely promising loans with no hidden fees and taking money from borrowers’ bank accounts without authorization.
- Student Loans: Online student loan refinancer, SoFI, and the FTC settled charges that commission brought against SoFI. The FTC alleged it misrepresented how much money student loan borrowers saved or will save from refinancing with SoFi.
- EU GDPR: The FTC settled with four companies after the agency alleged that the companies falsely claimed to be certified under the EU-U.S. Privacy Shield framework (as a reminder, the European Union General Data Protection Regulation is a comprehensive data protection regulation that may extend its jurisdictional reach to the U.S. entities). The EU-U.S. Privacy Shield is a process under the EU GDPR which allows companies to transfer consumer data from the EU to the U.S. in compliance with the EU GDPR.
- Wire Fraud: One of the more prominent FTC actions involved MoneyGram, an international money transfer service. At the end of 2018, the company agreed to pay $125 million to settle allegations. The FTC alleged the company failed to take necessary steps to stifle fraudulent money transfers. A previous 2009 order required MoneyGram to protect consumers from fraud. The FTC alleged MoneyGram did not implement key provisions of the 2009 order which allowed bad actors to continue to perpetrate fraud.
Miriah’s Tip : CECL Guidance
New Current Expected Credit Loss (CECL) guidance has been issued. Be sure to peruse the 40+ pages of Frequently Asked Questions when you have a free moment.
In addition, be sure to join us at the League’s CECL roundtables, in conjunction with Visible Equity, on June 25 in Dayton, and June 26 in Toledo. During an extended lunch hour, we will cover how to prepare for CECL, collect historical data, and overcome common challenges.
In our March post, we took an in-depth look at elder fraud reporting by the numbers. Winner, winner; chicken dinner: we received reader feedback!
Brandon, a compliance officer, expressed that a significant tension point of the Ohio elder abuse reporting scheme is reputational risk. Under the state reporting structure, the credit union makes a report of suspected elder abuse to the local Adult Protective Services (APS) unit. Whereas, when filing a Suspicious Activity Report, with FINCen, the credit union is far removed from the federal government and federal law enforcement agencies.
Why does that matter? While the local APS is tasked to retain confidentiality and anonymity of the financial institution who made the report, Brandon (and other credit unions, anecdotally) have stated that it is pretty easy for the member to determine if the credit union reported potential elder abuse, because folks are more connected to their locality. In contrast, Brandon states that filing a SAR is “less directly combative.”
Because of the less combative nature of filing SARs, it is plausible that financial institutions will file a elder financial exploitation SAR when it is grey area. However, because members tend to view the credit union negatively when the member is reported to APS, credit unions may air on the side of protecting reputational risk by only reporting elder abuse to APS when the credit union observes more than just red flags. Do you agree? We would love to receive your reader feedback for May posting. Send your funny regulatory stories, reader feedback, and future topics ideas to firstname.lastname@example.org.