A fact of business today is that customers – both consumers and other businesses – and employees expect to transact digitally. To remain competitive, companies find themselves increasing their efforts to digitally transform their businesses.

Successfully implementing this transformation requires careful planning to ensure regulatory compliance, a smooth integration with existing business technology and a positive customer experience.

This is our seventh bulletin for 2019, again aiming to help companies identify important and significant news and legal developments impacting digital offerings. Each issue will feature in-depth insight on a timely and important current topic.

In this issue, we provide an analysis on recent developments to the ACH rules that affect the processing of ACH debit entries. In addition, we will cover recently enacted federal and state laws, federal and state regulatory activities, fresh judicial precedent and other important news.

For related information regarding blockchain and digital assets, please see our monthly bulletin Blockchain and Digital Assets News and Trends.

INSIGHT

ACH Debit Entries: NACHA rule change and guidance from CFPB consent order - takeaways on compliance

The National Automated Clearing House Association (NACHA) issues operating rules to govern, among other things, Automated Clearing House (ACH) Debit Entries. NACHA has announced upcoming rule changes regarding ACH Debit Entries, which will require implementation and planning to ensure timely compliance. Additionally, a recent consent order issued by the Consumer Finance Protection Bureau (CFPB) provides some insight into what the CFPB considers to be a reasonable investigation of an alleged erroneous or unauthorized ACH Debit Entry under Regulation E.

Without proper consideration of the NACHA rule changes and the consent order, banks processing ACH debits may be exposed to unnecessary risk. Read more.

REGULATORY DEVELOPMENTS

FEDERAL

Alternative scoring models

  • CFPB releases Fair Lending Report with emphasis on use of alternative credit scoring models: On June 28, 2019, the Bureau of Consumer Financial Protection (CFPB) issued its seventh Fair Lending Report, covering the year 2018. The report highlights how the CFPB used the following tools to increase the focus on fair lending: (1) hosting a symposium on credit invisibility; (2) establishing collaboration with the new Office of Innovation; (3) monitoring a No-Action Letter; and (4) prioritizing supervisory reviews of third-party credit scoring models to further the CFPB's interest in identifying potential benefits and risks associated with the use of alternative data and modeling techniques. Specifically regarding alternative credit scoring models:
    • The CFPB is exploring alternative credit scoring models as part of its priority to "continue to explore cutting-edge fair lending issues," such as "how consumer-friendly innovation can increase access to credit to all consumers," especially to "unbanked and underbanked consumers and their communities."
    • The CFPB announced the creation of its Office of Innovation, which "encourages responsible innovations that could be implemented in a consumer-friendly way to help serve populations currently underserved by the mainstream credit system."
    • In 2018, the Office of Fair Lending recommended supervisory reviews of third-party credit scoring models. Lenders often rely on third-party credit scoring models when making credit decisions, and the number of alternative credit scoring models with new technology (ie, models based on information beyond a consumer's credit history) has proliferated in recent years.
    • Another interest of the CFPB in alternative credit scoring models is to help expand access to credit for consumers who are credit invisible. Other potential benefits associated with the models include "enhanced creditworthiness predictions, more timely information about a consumer, lower costs, and operational improvements."
    • Additionally, the CFPB continued to monitor Upstart Network, Inc. pursuant to the no-action letter the Bureau issued to Upstart in 2017 (which stated that the Bureau did not intend to recommend supervisory or enforcement action against Upstart). Upstart is an online lending platform that uses machine learning to help making credit and pricing decisions for consumers. The platform uses credit score, income and alternative criteria, such as education and employment history, to make its decisions. The CFPB receives information from Upstart about the loan applications it receives, how it decides which loans to approve, and how it plans to mitigate risks to consumers in an effort to help learn how the technology expands access to credit for credit invisible consumers and how new technology complies with fair credit lending laws.

eMortgages

  • Duffy submits resolution recognizing the benefits of the digitization of the mortgage process: On July 17, 2019, Representative Sean Duffy (WI-7) submitted a resolution (H. Res. 500), which was referred to the Committee on Financial Services, recognizing the benefits of the digitization of the mortgage process. The resolution notes that FHA, Fannie Mae, Freddie Mac, and the VA allow for the use of electronic signatures on mortgage documents insured or guaranteed by their programs. Representative Duffy advocated that the House of Representatives urge the Secretary of Housing and Urban Development to continue to support Ginnie Mae's effort to accept eNotes and electronically signed mortgage documents. He also urged that the House of Representatives support adoption by the states of consistent standards for the digitization of the mortgage process.

Blockchain and digital identity

  • NIST publishes white paper on blockchain digital management approaches:On July 9, 2019, the National Institute of Standards and Technology published a draft white paper titled "A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems." NIST notes that blockchain technology has the potential to support novel data ownership and governance models with built-in control and consent mechanisms, which may benefit both users and businesses by alleviating concerns over single points of failure, lack of interoperability, and privacy issues such as encouraging mass data collection and user tracking. This paper categorizes these systems based on differences in architecture, governance models, and other salient features. The white paper describes emerging standards and use cases. Comments are due by August 9, 2019.

ePayments

  • FTC settles charges against payment processor and its affiliates: The FTC settled charges against Allied Wallet, its CEO, and two other officers related to knowingly processing fraudulent transactions to consumers' accounts. The FTC had alleged that Allied Wallet knowingly processed payments for merchants that engaged in fraud, such as merchants engaged in phantom debt collection schemes, pyramid schemes, and business coaching schemes. The defendants, the FTC said, helped the merchants hide their fraud from the banks and credit card networks, and the deceptive practices included creating fake foreign shell companies to open accounts in their names, submitting false information to merchant banks, and working to evade card network rules designed to prevent fraud. The order against Allied Wallet and its CEO imposed a $110 million equitable monetary judgment; the order against one officer imposed a $320,429.82 equitable monetary judgment, and the order against the other officer permanently banned him from payment processing and ordered him to pay $1 million in equitable monetary relief.

Virtual currency

  • IRS sending letters to virtual currency owners advising them to pay back taxes. On July 26, 2019, the IRS announced that it "has begun sending letters to taxpayers with virtual currency transactions that potentially failed to report income and pay the resulting tax from virtual currency transactions or did not report their transactions properly."

STATE

Fintech

  • NYDFS announces newly created Research and Innovation Division: On July 23, 2019, the NYDFS announced the creation of the new Research and Innovation Division. The new division will house the NYDFS's division responsible for licensing and supervising virtual currencies, and it will assess new efforts to use technology to address financial exclusion; identify and protect consumer data rights; and encourage innovations in the financial services marketplace to preserve New York's competitiveness as a financial innovation hub.
  • Utah regulatory sandbox launched. On July 2, the second US fintech regulatory sandbox launched, this time in Utah. The sandbox was created under HB378 – see DLA Piper's coverage of this development here. The sandbox enables money transmission, blockchain, cryptocurrency, and peer-to-peer lending companies in the state to seek regulatory relief as they work on innovative financial projects. No applications for the Utah sandbox have yet been received. Arizona was the first state to launch a fintech sandbox in July 2018, which we reviewed in the September issue.

Virtual currency

  • NYDFS grants two new bitlicenses: On July 15, 2019, NYDFS announced that it had granted virtual currency licenses to Seed Digital Commodities Market LLC (SCXM) and Zero Hash LLC, and that it approved Zero Hash for a money transmitter license.SCXM and Zero Hash are both subsidiaries of Seed CX Ltd.

LEGISLATIVE DEVELOPMENTS

FEDERAL

  • FDIC finalizes rule regarding allowing signature cards to be signed electronically: On July 16, 2019, the FDIC finalized its proposed rule (covered here) that would provide an alternative method to satisfy the "signature card" requirement for determining co-ownership of an account, as well as add a conforming amendment that would allow the signature card to be signed electronically. In the commentary to the final rule, the FDIC noted, "The final rule does not include any particular requirements with respect to electronic signatures, and is merely intended to clarify for IDIs [insured depository institutions] and depositors that the signature card requirement may be satisfied electronically. If an IDI's records and processes establish an electronic signature with respect to a joint account for purposes of the E-Sign Act, the FDIC's signature requirement would be satisfied." The final rule takes effect 30 days after its publication in the Federal Register.

STATE

Blockchain

  • Florida creates Blockchain Task Force:On June 25, 2019, the Florida governor approved a bill (HB 1393) that establishes within the Department of Financial Services a Blockchain Task Force to foster the expansion of the blockchain industry in Florida, to recommend policies and state investments, and to issue a report to the governor and the legislature. The task force shall study if and how state, county, and municipal governments can benefit from a transition to a blockchain-based system for recordkeeping, data security, financial transactions, and service delivery and identify ways to improve government interaction with businesses and the public. Note that this bill appears substantially similar to SB 1024, which the governor approved on May 23, 2019, and was previously covered here.

Virtual currency

  • Rhode Island enacts law requiring licensure for virtual currency transmission: On July 15, 2019, the governor of Rhode Island signed two bills into law (HB 5847 and SB 753) that require virtual currency businesses that provide currency transmission to be licensed and bonded in the state. Such businesses must also to provide specified disclosures to their users. The law excludes from the definition of "virtual currency" (1) value given in a merchant rewards program which value cannot be exchanged for legal tender, bank credit or virtual currency; (2) value issued by a publisher and used exclusively within an online gaming platform; and (3) "native digital token used in a proprietary blockchain service platform."

CASE LAW

FEDERAL

Online contract formation

  • Court finds plaintiff did not agree to terms and conditions despite clicking "Continue" with hyperlinks to terms immediately above: In Anand v. Heath, et al., No. 19-0016, 2019 WL 2716213 (N.D. Ill. June 28, 2019), the court denied the defendant's motion to compel arbitration because it concluded that the plaintiff "was not placed on reasonable notice that she was manifesting assent to the terms and conditions by clicking the 'Continue' button." Even though directly above the Continue button was the language "I understand and agree to the Terms & Conditions," the court stated that courts typically "will give effect to hybridwrap terms where the button required to perform the action manifesting assent ... is located directly next to a hyperlink to the terms and a notice informing the user that, by clicking the button, the user is agreeing to those terms" (emphasis added). Here, the court concluded that the agreement was unforceable because nothing expressly linked the "I understand and agree" language to the "Continue" button. The court stated that the "mere proximity of a terms and conditions hyperlink to a button that the user must click to proceed does not equate to an affirmative manifestation of assent to the terms and conditions."
  • In insurance dispute, court concludes that question of fact exists regarding whether email was sent and received: In Markel Insurance Co. v. United Emergency Medical Services v. Insurance Service Center, 2019 WL 2716199 (N.D. Ind. June 27, 2019), the court found that there are issues of fact surrounding an email sent by United Emergency Medical Services (United) to Insurance Service Center (ISC), which operated as a "producer" for the plaintiff Markel, whereby United sought to re-add a vehicle to its insurance policy with the plaintiff. United brought ISC into the litigation when United filed a third-party complaint alleging that if the court determined that the plaintiff did not provide coverage to United for an accident, that lack of coverage was due to ISCs acts or omissions. The case arose because a vehicle operated by United was involved in an accident, and that vehicle was not listed on the insurance policy issued by plaintiff (the vehicle had been removed from the issued insurance policy). United argued that its employee sent an email to an ISC employee, cc'ing another United employee, requesting that the vehicle at issue be added back to the insurance policy. The ISC employee did not confirm the request. Eight months later, the accident occurred involving that vehicle. The plaintiff denied insurance for the accident. ISC argued that its employee did not receive the email. The United employee did not receive a delivery failure message. However, in past dealings between these two employees, the United employee had known that the ISC employee had not received some of his emails, even though the United employee had never received a delivery failure message for those emails. United produced two copies of the email requesting that the vehicle be re-added during discovery – one was a post-accident email that the United employee sent the ISC employee, which contained the original email showing that the other United employee was cc'ed; the other was a copy that only appeared to show that it was sent to the second United employee later. United argued that under Indiana's Uniform Electronic Transactions Act, the email should be considered sent and received. The court noted that while United presented some evidence that the email was sent, the evidence does not conclusively establish that it was sent as defined by UETA. Further, the court noted that ISC has evidence that even if the email was sent as defined by UETA, it was not received. For example, just because another United employee received the email does not mean that the email "entered an information processing system that the recipient has designated or uses for the purpose of receiving" emails. Therefore, the court found that a question of fact remains whether United sent the email and whether ISC received it. Therefore, those issues of fact preclude a summary judgment on the third-party claims.
  • Court upholds online arbitration agreement: In GC Service Limited Partnership v. Little, 2019 WL 2647690 (S.D. Tex., June 27, 2019), the court upheld an arbitration agreement entered into online even though the defendant denied ever signing the arbitration agreement. The court concluded that a time-stamped checkmark by a box for "Individual Signature" in a password protected application portal is sufficient to establish that the defendant signed the arbitration agreement.
  • Court upholds arbitration agreement that was agreed to electronically via text message: In Starace v. Lexington Law Firm, 2019 WL 2642555 (E.D. Ca. June 27, 2019), the court held that the defendant, a debt collection company, met its burden to prove mutual assent and the enforceability of the engagement agreement because the defendant provided the plaintiff with the full engagement agreement via text message, and the plaintiff replied to the defendant's text message containing the agreement by typing the word "Agree" on the same day. Additionally, the court ruled that sending the engagement agreement via text was sufficient to put the plaintiff on notice of the terms of the agreement.
  • Court upholds arbitration agreement entered into electronically: In Smith v. Rent-A-Center, Inc., 2019 WL 3004160 (E.D. Cal. July 10, 2019), the court concluded that a valid agreement to arbitrate existed between the plaintiff and defendant. The court analyzed how the electronic application process and subsequent onboarding process worked to reach this conclusion. The defendant's system required that each applicant create a unique password that is inaccessible to others and supply a personal email to retrieve a lost password. After login, the applicant was required to complete the employment application screens in succession and the application could not be submitted until all screens had been reviewed, and, with respect to the included arbitration agreement, checking the signature box. If the applicant is offered employment, the same information is used for onboarding, and when a document is completed and submitted electronically, the date and time of submission and the IP address is recorded. The court concluded that the defendant was able to demonstrate that the plaintiff completed both the application and the employment onboarding and thus agreed to the arbitration provision at issue.

ADA

  • Court denies standing in ADA website accessibility case: In Tucker v. FirstLight Home Care Franchising, LLC, 2019 WL 2996694 (S.D.N.Y. June 10, 2019), the court dismissed for lack of personal jurisdiction a case claiming a website violated a user's accessibility rights under the Americans with Disabilities Act (ADA). The defendant was an in-home care franchising entity incorporated in Delaware with its principal office in Ohio. The website at issue was created and maintained in that office in Ohio. The issue arose because some of the content on the defendant's page was incompatible with the plaintiff's screen-reading software. In response to this allegation, the defendant moved to dismiss the claim for want of personal jurisdiction because it has no property in New York and the website, which was accessed from there, was passive and purely informational. Because the plaintiff did not submit any affidavits or supporting evidentiary material – as required by law to counter a motion to dismiss – and only submitted a memorandum in law, which is not evidence, the court granted the defendant's motion and dismissed the case.

STATE

Online contract formation

  • Court upholds arbitration agreement entered into electronically because party seeking to enforce agreement not required to sign it: In Czerwinski v. Pinnacle Property Management, 2019 WL 2750183 (Wash. Ct. App. July 1, 2019), the court overturned the trial court's decision and enforced the arbitration agreement against the plaintiff. The trial court had denied the motion to compel arbitration, concluding that the agreement lacked mutual assent because the defendant did not countersign and agree to be bound by its terms. The court reversed the trial court's decision and stated that Washington courts have rejected the argument that a written agreement lacked mutual assent if it is not signed by the party seeking to enforce it. The court also ruled that the defendant met its burden to prove the plaintiff electronically signed the agreement because she voluntarily typed in her full name and authenticated it with her social security number. Additionally, the court found that the plaintiff failed to meet her burden to prove a defense to enforcement because she failed to present any evidence of fraud. Finally, even though the plaintiff failed to check the "Agreed" checkbox, the defendant has a policy that does not require applicants to check the agree box for the arbitration agreement to be enforceable, and that signing the agreement – which the plaintiff did – was sufficient for a person to agree to the arbitration agreement and proceed with the application process.
  • Court finds that decedent electronically executed waiver and release: In Gordon II v. 28th District Agricultural Association, 2019 WL 3295637 (Cal. Ct. App., 4th Div. July 23, 2019), the court affirmed the trial court's grant of summary judgment in favor of the defendant because the court concluded that under California's Uniform Electronic Transactions Act, an electronic signature has the same legal effect as a handwritten signature, and the defendant provided sufficient evidence to authenticate the decedent's electronic signature. The court stated that such authentication establishes the electronic signature is attributable to a person if it was the act of the person, and the act of the person may be shown in "any manner." The defendant produced evidence showing the existence of a procedure requiring a participant to electronically sign a waiver and release prior to purchasing a ticket and participating in the attraction. Because the plaintiff failed to produce any evidence disputing the procedure or to show that it was not followed by the decedent, the court concluded that the plaintiff failed to raise a triable issue that decedent did not execute the waiver.