Maryland Legal Alert for Financial Services

In This Issue:

MARIJUANA BUSINESS CANNOT BE BANKRUPTCY DEBTOR

DATA-SECURITY PRACTICES FOR FINANCIAL INSTITUTIONS

DOES YOUR TYPESTYLE COMPLY WITH REG. Z?

UPDATE ON MARYLAND MORTGAGE SERVICING REGULATIONS

CREDIT CARD AGREEMENT SUBMISSIONS TO CFPB

FOURTH CIRCUIT INTERPRETS 'DEBT COLLECTOR' UNDER FDCPA

MARIJUANA BUSINESS CANNOT BE BANKRUPTCY DEBTOR

In Maryland and many other states, laws have been enacted permitting the operation of a marijuana or medical marijuana business even though the business remains illegal under the federal Controlled Substances Act (CSA). As the success of any new business is never a certainty, courts are beginning to consider whether a marijuana business that is not paying its creditors may file for bankruptcy protection, or be forced into bankruptcy, under the federal Bankruptcy Code.

Recently, the U.S. Bankruptcy Appellate Panel for the Tenth Circuit affirmed a Colorado Bankruptcy Court ruling that a medical marijuana debtor may not voluntarily initiate a Chapter 7 proceeding, or convert to a Chapter 13 proceeding, because the business was illegal under the federal CSA even though it was lawful under Colorado law (case available here).

In an unrelated case, the Arizona Bankruptcy Court extended the Colorado decision to an involuntary filing, and dismissed an involuntary Chapter 7 petition filed by creditors of a medical marijuana dispensary which was a legal business under Arizona law (case available here). The Arizona Court reasoned that "[t]he Court has neither the authority nor the will to enter an order for relief or endanger a trustee who might be assigned to administer drug tainted assets for the benefit of creditors who assumed the risk of doing business with an enterprise engaged in violation of federal law."

Although there have been only a few decisions to date, and the U.S. Supreme Court has not ruled on this issue, there is growing judicial recognition that unless a marijuana business is operating legally under federal law, relief under the Bankruptcy Code is not available to a marijuana business that fails to pay its debts, or as a vehicle for creditors to be paid. Instead, available state law remedies will need to be applied.

Please contact Christopher Rahl with questions concerning this topic. 

DATA-SECURITY PRACTICES FOR FINANCIAL INSTITUTIONS

On February 27, 2016, the Consumer Financial Protection Bureau (CFPB) entered into a consent order with a payment network provider concerning the provider's allegedly false representations about its data-security practices.

In connection with the provision of its services, the provider collected sensitive personal information from consumers (including name, address, date of birth, telephone number, Social Security number, bank account/routing numbers, etc.). The CFPB found that the provider "represented or caused to be represented, expressly or by implication, to consumers that [it] employ[ed] reasonable and appropriate measures to protect data obtained from consumers from unauthorized access." The CFPB found that the provider falsely represented to consumers, among other things, that its network and transactions were "safe" and "secure," that its data-security practices met or exceeded industry standards, that consumers' personal information was encrypted and that its transactions, servers, and data centers were PCI compliant.

These representations were allegedly false because, according to the CFPB, the provider failed to:

• Adopt and implement reasonable and appropriate data-security policies and procedures,
• Use appropriate measures to identify reasonable foreseeable security risks,
• Provide adequate training to employees about security risks,
• Use appropriate encryption technologies, and
• Practice secure software development.

The CFPB found that the representations by the provider concerning its data-security practices were likely to mislead consumers and, therefore, constituted deceptive acts or practices in violation of the Consumer Financial Protection Act. This consent order can serve as a helpful resource to other financial institutions in evaluating their own data-security practices.

In that regard, we commend your attention to the conduct provisions outlined on pages 12-13 of the order, where the CFPB provides a high-level outline for data-security measures. Additionally, as with all aspects of compliance management programs, data-security compliance must be vertically integrated within an institution and include involvement and oversight by senior management and the board of directors (if reasonable and appropriate for the size of the institution).

Please contact Christopher Rahl with questions concerning this topic. 

DOES YOUR TYPESTYLE COMPLY WITH REG. Z?

A recent case from the U.S. District Court for the Southern District of New York held that a type or font style other than Arial can be "clear and conspicuous" under the Truth-in-Lending Act (TILA) and its implementing regulation, Regulation Z (Reg. Z).

The case involved a class action brought against a large credit card issuer and whether the card issuer's credit card application disclosures were in an acceptable 10-point font. Reg. Z requires that credit card application disclosures be "clear and conspicuous" and the related Reg. Z official commentary provides that "clear and conspicuous" means the disclosures are "readily noticeable" and in no smaller than 10-point font size. Reg. Z includes model forms and provides a safe harbor for creditors that use the model forms or forms that are substantially similar to the model forms.

The official commentary includes a discussion concerning how the model forms were created including the use of "a readable font style and font size (10-point Arial font style, except for the purchase annual percentage rate which is shown in 16-point type)."

The plaintiff argued that this reference to the Arial font style required creditors to use an Arial 10-point font or a font that uses spacing that is no smaller than the Arial font style. The card issuer used a 10-point Garamond Light Condensed BT font, rather than an Arial typeface.

The Court agreed with the card issuer that the Reg. Z official commentary's reference to the Arial typestyle was merely instructive of the typestyle used to create the model forms, not the exclusive typestyle that must be used by creditors (decision available here). The Court concluded that when using a typestyle other than Arial for credit card application disclosures, a determination must be made concerning whether the typestyle used meets the "readily noticeable" Reg. Z standard. In this case, the Court found that the Garamond Light Condensed BT typestyle was "readily noticeable" and ruled in favor of the card issuer.

Please contact Christopher Rahl for more information concerning this topic.

UPDATE ON MARYLAND MORTGAGE SERVICING REGULATIONS

In January 2015, the Maryland Commissioner of Financial Regulation published proposed regulations addressing residential mortgage loan servicing. In the April 1, 2016, Maryland Register (Volume 43, Issue 7, page 454), those proposed mortgage servicing regulations were withdrawn by operation of law. Specifically, under Maryland law, failure to adopt a proposed regulation within one year after its last publication in the Maryland Register constitutes withdrawal. Based on conversations with senior personnel at the Commissioner's office, we expect new proposed mortgage lender regulations to be published sometime this year. These new proposed regulations are expected to address many subjects, including mortgage servicing.

Please contact Christopher Rahl with questions concerning this topic. 

CREDIT CARD AGREEMENT SUBMISSIONS TO CFPB

Federal Regulation Z requires credit card issuers to make quarterly submissions to the Consumer Financial Protection Bureau (CFPB) of credit card agreements. Last year, the CFPB suspended this requirement while it updated the submission process and its submission website. The CFPB has now completed the updates and is ready to start having credit card issuers submit their credit card agreements again starting on May 2, 2016 (and then on August 1, 2016 and October 31, 2016 and each following quarter unless there are no changes to the credit card issuer's previously submitted credit card agreements). Recent CFPB guidance is available here.

Please contact Christopher Rahl with any questions concerning this topic.

FOURTH CIRCUIT INTERPRETS 'DEBT COLLECTOR' UNDER FDCPA

On March 23, 2016, the U.S. Court of Appeals for the Fourth Circuit (case available here) held that a consumer finance company that purchased defaulted automobile loans as part of an investment bundle of receivables was collecting debts on its own behalf and, as a result, was not liable for alleged violations of the Fair Debt Collection Practices Act (FDCPA).

The plaintiff argued that the consumer finance company had misrepresented the amount of the debt and was a "debt collector" under the FDCPA because it had acted as a servicer of the debt when it was owned by another party. Because the consumer finance company "purchased the loans before engaging in the challenged practices" it was found to be a "creditor," not a "debt collector" and the FDCPA did not apply to the consumer finance company's conduct.

The Court held that a creditor is not a "debt collector" under the FDCPA "simply because one of its several activities involves the collection of debts for others." Rather, the Court noted that one becomes a "debt collector" only when one is attempting to collect on a debt which is, at the time of the collection activity, actually owned by another party.

Please contact Robert Gaumont for more information related to this topic.