On April 29, the New York Department of Financial Services (NY DFS)—the state’s principal banking and insurance regulator—announced that it is creating a new Consumer Protection and Financial Enforcement (CPFE) division. The new division, described by commentators as a state-level version of the Consumer Financial Protection Bureau (CFPB), or “mini CFPB,” will have responsibility for consumer financial enforcement and have oversight over consumer financial services institutions within the state. The NY DFS’s announcement highlighted that the agency’s new CPFE division will be particularly focused on review and response to cybersecurity events and the development of supervisory, regulatory, and enforcement policy and direction in the area of financial crimes.

New York’s creation of the new CPFE division, which will combine prior divisions within the DFS, comes as New York’s and other states’ representatives have raised concerns about the direction of the CFPB in Washington, D.C. State-level regulatory agencies can be expected to be aggressive enforcers in light of perceived laxer enforcement at the federal level. NY DFS’s announcement that the CPFE division will focus on cybersecurity events also reflects the New York regulator’s continued focus on this space following its promulgation in 2017 of rules governing cybersecurity standards for financial institutions.

As we anticipated last week, today the CFPB issued its much anticipated proposal to adopt the first substantive regulations to govern the activity of debt collectors under the Fair Debt Collection Practices Act (FDCPA) since that law’s passage in 1977 (Proposal).

The Proposal, which runs over 530 pages, would among other things:

  1. set limits on the number of calls that debt collectors may place to reach consumers on a weekly basis;
  2. clarify how collectors may communicate lawfully using newer technologies, such as voicemails, emails and text messages; and
  3. require debt collectors to provide more information to consumers to assist consumers in identifying debts and responding to collection attempts.

In the coming days, McGuireWoods will be publishing additional analysis of key issues in the Proposal. An overview of the scope of the proposed rule is also available in a CFPB-published “Fast Facts” document.

As we explained in our Primer last week, the rules ultimately adopted under this Proposal likely will impact not only “debt collectors” as the FDCPA defines that term, but also others involved in collections activity. FDCPA rules may affect others by influencing not only how UDAAP and UDAP requirements apply to all collections activity, but also how state debt collection law is interpreted, because such laws often apply to collectors who are not covered by the FDCPA.

Written comments on the Proposal are due 90 days after its publication in the Federal Register, which will occur within the next few weeks. Under that timeline, comments would likely be due in August of this year.

On May 2, 2019, the U.S. District Court for the Southern District of New York denied the Office of the Comptroller of the Currency’s (OCC) motion to dismiss a complaint brought against it by the Maria T. Vullo, superintendent of the New York State Department of Financial Services (DFS).  The complaint had challenged the OCC’s authority to provide its special-purpose charter to fintech companies under the National Bank Act (NBA).  Click here and here for our prior coverage on this lawsuit.

In the long awaited ruling, the court focused on the dual-banking system, in which state and national banks are chartered and regulated at different levels, to find that DFS properly demonstrated a “substantial risk that harm will occur,” to establish Article III standing. The court reasoned that since New York already provides a comprehensive regulatory system for nearly 600 non-depository fintechs, those regulations “are all at risk of becoming null and void,” by the OCC’s special-purpose charter.  Judge Marrero noted that fintechs may leave New York altogether, which will force DFS to incur costs now to avoid such harm.  According the court, the OCC focused exclusively on constitutional ripeness and did not address some the arguments presented by DFS concerning harm to its sovereignty and state interests. On this basis, the court found that DFS established standing to pursue its statutory and constitutional challenges against the OCC.

The court also disagreed with the OCC’s arguments that the claims are untimely.  The court focused on the ‘reopening doctrine,’ a long-standing principle permitting a court to review recent regulatory action based on prior agency interpretations.  The court noted that this doctrine “likely defeats [the] OCC’s statute of limitations defense,” and focused on the OCC’s failure to respond to the DFS’s arguments about the application of the doctrine.  On this basis, the court held the OCC did not meet its burden proof to assert the affirmative defense of timeliness, but expressly noted that the OCC may re-raise this defense later in the proceedings.

In addressing whether DFS can state a claim, the court held that the term “business of banking,” contrary to the OCC’s interpretation, “unambiguously requires receiving deposits[.]” The OCC had argued that the term “business of banking” was ambiguous and a reasonable interpretation would provide the  OCC with chartering authority for nonbanks that do not accept deposits. The court held that the OCC’s reading is “not so much an ‘interpretation’ as ‘a fundamental revision’ of the NBA.” According to the court, the special-purpose charter would enable a “dramatic disruption of federal-state relationships” which “lends weight to the argument” that the OCC’s authority “exceeds what Congress may have contemplated in passing the NBA.” On this basis, the court held that “only depository institutions are eligible to receive national bank charters from [the] OCC,” and denied the OCC’s motion to dismiss with respect to Counts I and II, both of which challenged the OCC’s authority under the NBA.  The court, however, dismissed DFS’s claim for a violation of the Tenth Amendment.


As soon as next week, the Consumer Financial Protection Bureau (CFPB) is expected to propose the first substantive regulations under the Fair Debt Collection Practices Act (FDCPA) since the law’s enactment in 1977. This rulemaking has the potential to substantially clarify and modernize many of the FDCPA’s requirements, with important implications not only for debt collection agencies and others who fit the law’s narrow definitions of “debt collector,” but for any entity engaged in the collection or sale of consumer debts.

Interest among industry and consumer-group stakeholders likely will be intense: An earlier agency notice about possible subjects for FDCPA rulemaking drew over 23,000 written comments to the CFPB, and a concrete proposal like the one forthcoming could generate many more. That level of interest is not surprising, given that debt collection activities consistently have ranked either first or second on the list of areas generating the highest number of consumer complaints to the Bureau. According to some press reports, the proposal may be released Wednesday, May 8, in connection with a CFPB Town Hall hosted by Director Kraninger.

Given the likely implications and widespread interest in the proposal, this alert serves as a primer on the anticipated rulemaking, both by placing it in context through a brief summary of its background, and by focusing on topics that the proposal is likely to cover.

Continue Reading Primer on the CFPB’s Imminent Fair Debt Collection Practices Act Rule Proposal

On Wednesday, Consumer Financial Protection Bureau (CFPB) Director Kathy Kraninger delivered her first policy speech since succeeding Mick Mulvaney as head of the CFPB in December. Forecasting the Bureau’s agenda over the coming months, Kraninger promised that, among other things, the Bureau will publish within weeks proposed rules to implement the Fair Debt Collection Practices Act (FDCPA) and will convene a “symposium” on “clarifying the meaning of abusive acts or practices under Section 1031 of the Dodd-Frank Act.” Kraninger also focused her remarks on the four “tools” given by Congress to the Bureau to carry its mission – education, regulation, supervision, and enforcement.

Addressing education, Kraninger stated that “empowering consumers to help themselves, protect their own interests, and choose the financial products and services that best fit their needs is vital to preventing consumer harm and building financial well-being.” Focusing on improving consumer savings, Kraninger noted that in addition to the Bureau’s recently launched a “Start Small, Save Up” initiative, the Bureau will later this year launch a “savings boot camp” which will include a series of videos to educate consumers on good savings habits.

On regulation, Kraninger promised that the Bureau will focus on “articulating clear rules of the road for regulated entities that promote competition, increase transparency, and preserve fair markets for financial products and services.” Emphasizing that the “the best possible rules” come from the “the best possible process,” Kraninger promised that the Bureau will proceed “deliberately and transparently in its rulemakings.” Of particular, note, Kraninger stated that the Bureau will soon release proposed rules to implement the FDCPA, which was first enacted in 1977. Kraninger also promised that the Bureau would take seriously its “responsibility under the law to reduce unwarranted regulatory burden and to consider the impact of rulemaking on regulated entities and consumers.”

Turning to supervision, which she described as being “the heart of this agency,” Kraninger stated that the Bureau would be taking a “fresh look at the entire process” to ensure that the Bureau’s supervisory activities are used “as effectively and efficiently as possible to prevent consumer harm” and consistently across supervised entities. Kraninger emphasized the need for coordination among government entities that supervise financial institutions, noting that she recently assumed the chair of the Federal Financial Institutions Examination Council, a group of federal and state agencies that regulate financial institutions, and stated she planned to focus “on strengthening coordination and collaboration with our sister regulators who review the same or similar information at the same institutions, albeit for different reasons.”

Finally, Kraninger promised that the Bureau would continue to focus on enforcement in appropriate cases, stating her “emphatic” view that “enforcement is an essential tool Congress gave the Bureau – particularly because education, rulemaking, and supervision will not prevent every violation.” She spoke of the need to emphasize consumer education because enforcement actions cannot identify every bad actor. Ultimately, Kraninger said, “purposeful enforcement is about utilizing robust resources most effectively to focus on the right cases to reinforce clear rules of the road and prevent harm by making sure bad actors know they will be held to account.”

Kraninger also shared her thoughts on how the CFPB’s effectiveness should be measured – not by “outputs” such as the number of complaints handled, but instead by “how well we use all of our tools to prevent consumer harm.” To that end, she announced that the Bureau will convene a symposia series over the next year on a variety of topics relating to the Bureau’s mission, beginning with “clarifying the meaning of abusive acts or practices under Section 1031 of the Dodd-Frank Act” – clarity that financial institutions will welcome.


On Thursday, March 28, California Governor Gavin Newsom announced that Manuel “Manny” Alvarez, 38, has been appointed Commissioner of the California Department of Business Oversight (DBO). Alvarez is currently general counsel, chief compliance officer and corporate secretary at Affirm Inc., the point-of-sale lending platform founded by PayPal’s Max Levchin in 2012. Alvarez’s appointment requires California State Senate confirmation. See the Governor’s press release here.

The Supreme Court and the Third Circuit decided three cases in the last week relating to the interpretation and enforceability of arbitration agreements. We discuss them below.

Third Circuit Compels Arbitration of an E-Signed Enrollment Agreement

The Third Circuit compelled arbitration of an agreement signed electronically by a student taking online courses. In Dicent v. Kaplan University, Maria Dicent, who represented herself in the case, filed a complaint against Kaplan University for various causes of action. Kaplan moved to compel arbitration on the basis that Dicent electronically signed a packet containing both an enrollment agreement and an arbitration agreement. Dicent claimed that she was not aware of the arbitration agreement and that Kaplan “tricked” her by including it within the enrollment packet.

According to the lower court, Kaplan supported its motion to compel with an affidavit explaining its e-signature verification process. To enroll in courses, students must log into an enrollment portal website. After clicking the “Electronically Sign” button, students enter personal identifying information on a verification page. An e-signature verification company compares the information with that in a confidential database. Upon positive verification of the student’s identity, the student and Kaplan receive a confirmation that the e-signature was successful. Kaplan’s records showed that Dicent’s enrollment packet, including the arbitration agreement, was accepted.

The Third Circuit explained that the first step in deciding whether to compel arbitration is to ask whether the parties have a valid agreement to arbitrate. In this case, the issue was whether Dicent assented to the agreement. Assent, the court explained, turns on ordinary state-law contract principles. The court observed that Pennsylvania, which the parties agreed governed the contract, recognizes e-signatures as a valid means to register legal assent.

The court held that there was no genuine issue of material fact as to whether Dicent assented to the arbitration agreement. Kaplan had presented evidence of her e-signature and Dicent conceded that she e-signed the enrollment packet. It concluded that the “most reasonable inference we can draw from the evidence presented is that Dicent simply did not read or review the Enrollment Packet PDF closely before she e-signed it, which will not save her from her obligation to arbitrate.”

A link to the opinion is here.

Justices Reject Judicially-Created Exception Limiting Enforcement of Arbitrability

 In Schein, Inc. v. Archer & White Sales, Inc., Justice Kavanaugh, writing for a unanimous Court, rejected the judicially-created “wholly groundless” exception to arbitrability.

Archer & White filed a complaint against Henry Schein, Inc. for various causes of action. Schein moved to compel arbitration on the basis that the parties’ contract required arbitration of “[a]ny dispute arising under or related to this Agreement.” Archer & White opposed the motion, arguing that it was “wholly groundless.” It pointed to the arbitration clause’s exception for “actions seeking injunctive relief” and argued that Schein sought injunctive relief in addition to damages.

The Court considered this question: does a court or an arbitrator decide whether a dispute falls within an exception to the parties’ arbitration clause? The arbitrator decides, the Court held; a court has no power to decide the arbitrability issue if the parties’ contract delegates that issue to an arbitrator. The Court concluded that the “wholly groundless” exception, adopted by some lower courts, was inconsistent with the Federal Arbitration Act’s text, which contains no such exception. It also contravened earlier cases, the Court said, that held courts cannot screen from arbitration cases that appear frivolous on the merits and that arbitrators may decide “gateway” questions of arbitrability.

A link to the opinion is here.

 Justices Uphold Statutory Exemption for Independent Contractor

In New Prime Inc. v. Oliveira, a unanimous opinion penned by Justice Gorsuch, the Supreme Court affirmed the First Circuit’s judgment that it lacked authority under the Federal Arbitration Act to enforce an arbitration agreement between an interstate trucking company and one of its drivers. The driver, purportedly an independent contractor, had argued that an exception to the Act for “contracts of employment” for transportation workers removed his agreement from the Act’s coverage.

The Supreme Court first considered whether a court or an arbitrator should decide whether the statutory exception applies. The court should decide, it held. The Court reasoned that the provisions of the Act empowering courts to stay litigation and compel obligation apply only if the Act applies, which requires an initial determination of whether the contract falls within the Act’s “contracts of employment” exception.

 The Court then turned to the term “contracts of employment.” Looking to its meaning in 1925, the year the Act was adopted, the Court concluded the term “meant nothing more than an agreement to perform work.” Dictionaries of that era, the Court said, did not distinguish between employees and independent contractors.

Although New Prime did not distinguish Schein, discussed above and decided only a week earlier, the key difference appears to be that Schein involved interpreting a contract whereas New Prime involved interpreting the statute, the source of the court’s authority to compel arbitration in the first place.

A link to the opinion is here.

With the SEC prioritizing protection of retail investors, investment advisers are facing increased scrutiny for misappropriation offenses. Adviser representatives are becoming more creative, making it harder for investment advisers to detect misappropriation. It may be easy for investment advisers to rely on software and automated-alerts to safeguard client assets, but the days of solely relying on software or even traditional confirmation letters are gone.

On Sept. 25, 2018, the Security and Exchange Commission (SEC) charged a former adviser representative for misappropriating more than $1.6 million from primarily elderly clients over the span of 14 years. This comes after the SEC announced on Aug.15, 2018 that an investment adviser agreed to pay $4.5 million to settle charges that it failed to safeguard retail investors’ assets from theft after four adviser representatives misappropriated, in aggregate, $1 million. This Alert discusses the significance of the Order and what investment advisers can do to avoid similar offenses.

 Key Considerations

Under Section 206(4) of the Investment Advisers Act of 1940 (the Act), investment advisers are required to exercise the duty of undivided loyalty and utmost care to their clients. Specifically, Rule 206(4)-2, commonly referred to as the “custody rule,” requires investment advisers who have custody of its clients’ funds or securities to adopt and implement policies and procedures reasonably designed to prevent violations by the investment adviser and its supervised persons.

In the Order, the SEC’s primary concern with the investment adviser’s supervisory systems was whether the system effectively detected misappropriation and the breadth of its detection. According to the SEC, the investment adviser had a hybrid supervisory system with manual and automated reviews which combined a geographical field-based supervisory model and a centralized supervisory model. However, because of the volume of transactions processed daily, a technical error, and limitations in the supervisory system, the investment adviser was unable to detect misappropriation that the SEC believed it was capable of discovering. For example, one adviser transferred funds from his client’s account to an account he effectively controlled for his personal business. The investment adviser’s supervisory system did not account for “controlled accounts” because the investment adviser’s system used a “hot list” of addresses, which, at the time, did not include the adviser representative’s business addresses. Further, the investment adviser’s system was limited only to flagging “exact addresses” so variations as subtle as using avenue instead of ave. would not have identified fraudulent transfers from a client’s account.

Moreover, the SEC highlighted the importance of investment advisers ensuring that its heightened supervision unit adequately monitors recidivist adviser representatives. An adviser representative under heightened supervision for prior unauthorized trading was one of the five representatives that misappropriated $1 million between 2011 to 2014. With the lowest offender misappropriating $21,000 in funds, the SEC sent a clear message; it will not tolerate misappropriation of any retail investors’ funds, no matter how small. Despite reimbursing clients for the misappropriated funds, the investment adviser was still penalized.

This Order comes weeks after another investment adviser faced a multi-million dollar fine for failing to reasonably design policies and procedures to prevent its adviser representatives from misappropriating client funds. One adviser representative’s misappropriation of $7 million led the SEC to uncover that the investment adviser’s policies and procedures, while appearing robust, failed to detect or prevent the adviser representatives from misusing or misappropriating client funds through use of internal electronic forms. The investment adviser allowed for its clients to place verbal requests by phone or in-person for outgoing wire transfers and journals of up to $100,000 per day per account. Based on the adviser representative’s attestation on an electronic form and providing certain details, the requests were completed. However, the investment adviser failed to account for fabricated request made by the adviser representatives. The SEC suggested the investment adviser could have routinely called clients to verify the authenticity of the transfer request or require oral requests be followed-up with a letter of authorization from the client or any writing with the client’s signature.

Bottom Line

 Investment advisers should reevaluate their supervisory policies and procedures to ensure their systems are performing as intended. Accordingly, investment advisers should:

  1. Ensure if they are handling large volumes of transactions daily, their systems are capable of processing and reviewing the mass number of transactions;
  2. Increase personal client-contact, not merely sending a letter, but rather client callbacks, at random and based on risk, to verify fund transfers are approved; and
  3. Increase anti-fraud expenditures to guarantee that automated-fraud software systems can account for third-party transfers for “controlled accounts” of persons associated with the advisers.

Investment advisers should consider retaining a compliance consultant to access the reasonableness of their policies. As the recent SEC Orders illustrate, the cost of noncompliance is greater than the cost for failing to comply.

The CFPB is proposing revisions to its 2016 no-action letter (“NAL”) policy and is planning to establish “BCFP Product Sandbox,” a regulatory sandbox that would encourage financial institutions to explore innovative products. The revamped policy would address the shortcomings in the 2016 version and streamline the application submission and review process, thus providing banks with increased incentives to seek NALs. Specifically, the revised policy proposes the following key changes:

  • Including language in NALs that the CFPB would not make supervisory findings or bring a supervisory or enforcement action under its UDAAP authority or other authority within its jurisdiction, so long as the NAL recipient acts in good faith and substantially complies with the conditions of the letter;
  • Decreasing the number of required items of information from 15 to seven;
  • Inviting applications from trade associations, service providers, and other third-parties;
  • Including language on coordination between the CFPB and other regulators to provide alternate means of obtaining a NAL;
  • Removing any temporal limitations on NALs;
  • Removing the requirement to share data with the CFPB; and
  • Broadening the categories of information to be considered in reviewing NALs.

The “sandbox” concept would presumably allow an innovator to market a new product in a limited way without fear of penalization. To that end, “sandbox” would offer relief similar to a NAL. Additionally, participants would receive “approval relief” that protects actions or omissions made in conformity with approvals pursuant to TILA, ECOA, and EFTA, or “exemptive relief” that creates an exemption from statutory or regulatory provisions such as ECOA, HOEPA, and FDIA. The CFPB expects that relief pursuant to the sandbox concept will be limited in time—in most cases, to two years. The sandbox proposal differs from the new NAL policy in the following important ways: (1) sandbox applicants would describe the data regarding the impact of the proposed product or service and share that data with CFPB if the application is granted; (2) participants would share information about how their product or service would affect complaint patterns and default rates; (3) participants would commit to compensate consumers for material economic harm caused by the product or service; and (4) the CFPB would publish information about application denials on its website.

Comments on the proposal are due 60 days after it is published in the Federal Register.

We expect the U.S. Senate to confirm, as soon as this afternoon, President Trump’s nominee to lead the CFPB as its Director, Kathy Kraninger. A positive, though razor-thin and highly contested, outcome for Kraninger appears inevitable based on the Senate’s vote just a few days ago, strictly along party lines, to invoke “cloture” on the nomination by a margin of 50-49 (with one Republican absent), thereby prohibiting a Democratic filibuster on the confirmation. If Kraninger is not confirmed today to be the next CFPB Director, we expect confirmation to occur at least by December 21, when the current Senate session will end.

Kraninger has served in the Trump administration at the Office of Management and Budget under Mick Mulvaney, who of course has also occupied the position of Acting Director at the CFPB for the past year. She has been promoted by supporters as a highly competent government manager, but has had very little experience in consumer financial services. The extent to which she will deviate from how Mulvaney has directed the Bureau is yet to be determined but will be closely watched.

Once confirmed by the Senate, Kraninger’s term as Director would be for 5 years if she serves out the full term. This could create conflict down the line, in the event that President Trump is not re-elected. In that case, unless Kraninger resigns voluntarily (as presidential appointees at some other independent agencies have done on occasion when a new President is elected), the new President would only be able to remove her “for cause.”

While numerous litigants have challenged the constitutionality of this “for cause” limitation on the President’s authority to remove the Director, no final appellate decision has endorsed that view to date. (See our prior post, here.) However, briefing recently closed on the issue in a case now before the U.S. Court of Appeals for the Fifth Circuit, so a new decision may be near.