We are honored to present the ninth edition of the Consumer Financial Services Year in Review & A Look Ahead. Thank you for continuing to rely on us to assist you with your challenges and concerns. Please think of Troutman Pepper Locke as your trusted resource to help you understand and tackle today’s issues while preparing you for what lies ahead. 2024 has been a busy year for us. If you look at the roster on page 67 of this book, you may notice that our team has dramatically increased. On January 1, 2025, Troutman Pepper joined forces with Locke Lord to become Troutman Pepper Locke (see page 71). For the consumer financial services practice, this simply means that we are now stronger, deeper, and more robust than ever before. The firm is a true powerhouse in the industry. Our practice has grown to more than 170 professionals dedicated to consumer financial services. Our team represents 950+ financial industry clients, including 14 of the 15 largest banks in the country, and we have defended against more consumer protection class actions than nearly any other practice in the nation. CFS attorneys are located in 24 of our firm’s offices, are admitted in 42 states, and have litigation experience in all 50 states and the District of Columbia, at all levels of the court system and before state and federal regulators. We continued to help clients navigate large volumes of industry regulations, find successful resolutions, and stay ahead of the compliance curve. Our work informed this collection of reports, which we hope will be a helpful resource for you throughout the coming year. We hope you find the information in our report insightful and valuable for your business strategy, so you can focus less on the law and more on achieving your business goals. I would appreciate your feedback on this year’s publication. Please feel free to contact me at any time at [email protected] with any questions, comments, or suggestions. Michael Lacy, Practice Group Leader 2024 CFS Year in Review | 4 About Our Practice Troutman Pepper Locke’s Consumer Financial Services Practice Group provides comprehensive guidance to clients across the financial services sector. With more than 170 attorneys and professionals nationwide, our litigation, regulatory enforcement, and compliance teams bring industry-specific knowledge and practical advice throughout the business life cycle. Our results-oriented approach proactively mitigates risk, enabling our clients to focus on their business objectives. Our national litigation team handles leading-edge and groundbreaking issues that often have industry-wide implications. We have resolved thousands of individual and class-action lawsuits involving every federal and state consumer protection statute, including the: • Fair Credit Reporting Act (FCRA) • Fair Debt Collection Practices Act (FDCPA) • Telephone Consumer Protection Act (TCPA) • Truth in Lending Act (TILA) • Real Estate Settlement Procedures Act (RESPA) • West Virginia Consumer Credit Protection Act (WVCCPA) • Unfair and Deceptive Acts and Practices (UDAP) • Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) • Electronic Funds Transfer Act (EFTA) • Electronic Signatures in Global and National Commerce Act (E-SIGN) • Equal Credit Opportunity Act (ECOA) and state law equivalent statutes • Fair and Accurate Credit Transactions Act (FACTA) • Home Affordable Modification Program (HAMP) • Home Ownership and Equity Protection Act (HOEPA) • Servicemembers Civil Relief Act (SCRA) • Magnuson-Moss Warranty Act • Federal and state odometer acts • Federal Trade Commission (FTC) Holder Rule • Home warranties • Mortgage foreclosures • Mortgage lending and servicing • Cybersecurity and privacy • State law debt collection claims Our team’s litigation experience and insights contribute to our approach to compliance and regulatory services. Our regulatory enforcement team has a long track record of handling Consumer Financial Protection Bureau (CFPB) oversight inquiries, civil investigative demands (CIDs), audits, supervision, examinations, and enforcement actions, including requests for the production of privileged and highly confidential information routinely demanded by the CFPB to assess compliance and procedures. Our enforcement team has years of experience handling similar matters as well as CID, audit, supervision, examination, and enforcement proceedings. We also are well equipped to handle FTC investigations concerning a variety of matters, including consumer privacy and data security breaches. When necessary, our team moves seamlessly from negotiation to litigation, utilizing a team of highly skilled litigators with exceptional depth in regulatory enforcement litigation matters. Our approach to compliance helps clients avoid costly government audits, investigations, fines, litigation, and damage to their brands and reputations. Our clients rely on us to address a variety of matters, including facilitating compliance audits (both on-site and off-site), performing due diligence reviews, drafting training and compliance manuals and policies, and conducting multistate analyses of state and federal laws. We publish a variety of resources to help clients stay ahead of developments in consumer finance law. See pages 63 - 65 for information on our blog, The Consumer Financial Services Law Monitor; our weekly and monthly podcasts; and our webinar offerings. You will also find a link to sign up for notifications and the content you wish to receive. 2024 CFS Year in Review | 5 2024 CFS Year in Review | 6 Auto Finance Federal regulators continued to pursue major initiatives in 2024, including fair lending and so-called “junk fees.” The biggest development from auto finance in 2024 was a holdover from 2023 — the FTC’s CARS Rule. The rule, approved unanimously by the FTC, targets baitand-switch tactics and junk fees by requiring point-of-sale disclosures and prohibiting certain representations in the marketing of vehicles. The CARS Rule was slated to go into effect on July 30, 2024, but a legal challenge by the National Automobile Dealers Association and the Texas Automobile Dealers Association delayed its rollout. The litigation is ongoing, with oral argument heard before the U.S. Court of Appeals for the Fifth Circuit in October. Federal enforcement actions came quickly in 2024, with the FTC and Connecticut Attorney General William Tong announcing litigation in January against Manchester City Nissan, its owner, and its employees for allegedly deceiving consumers about certified used car prices, add-ons, and fees. The suit, brought under the FTC Act and Connecticut Unfair Trade Practices Act, claimed Manchester City advertised specific prices but added excessive fees, charged for uncertified vehicles, included unauthorized add-ons, and misled consumers about required products. The FTC was not the only federal regulator in action; the CFPB was hot on its heels. In 2024, the CFPB sought comments on its proposal to collect data from auto finance businesses that originate or acquire as few as 500 financing transactions annually. The proposed Auto Finance Data Project aimed to gather annual data from lenders with more than 20,000 auto loans, mirroring last year’s pilot involving major lenders. The data collection focused on lending channels, repossessions, and loan modifications. This initiative appeared to extend CFPB supervision to smaller auto finance businesses and may inform future enforcement actions. In March, the CFPB released its Consumer Response Annual Report, summarizing more than 1 million consumer complaints received in 2023. The top complaint categories were consumer reporting (79%), debt collection (7%), credit card (4%), checking or savings account (4%), and mortgage (2%). With regard to auto finance, the CFPB noted that it received more than 17,000 vehicle loan or lease complaints in 2023, of which the CFPB sent 73% to companies for review and response, referred 21% to other regulatory agencies, and found 6% to be not actionable. Most complaints (88%) centered on CONTRIBUTORS Brooke K. Conkle, Jon S. Hubbard, Christopher J. Capurso, Jonathan DeMars, Stephen J. Steinlight vehicle loans rather than leases. Complaints highlighted by the CFPB included delays in receiving refunds on guaranteed asset protection products, delays in lien releases, and wrongful credit denial. In June, the CFPB released a report on the state of negative equity in auto lending. Negative equity occurs when the trade-in value of a consumer’s vehicle is less than the outstanding loan balance, and the unpaid balance is rolled into a new loan. The CFPB indicated that in the fourth quarter of 2023, 20% of vehicles traded in were in a negative equity position, creating heightened risk for consumers. While it is unclear how the Trump administration will proceed, Biden regulators indicated plans to scrutinize negative equity. One month later, the CFPB released the summer edition of its Supervisory Highlights, focusing on regulatory exams of auto finance servicing companies completed between April and December 2023. Examiners highlighted instances of alleged unfair, deceptive, or abusive acts or practices (UDAAP) where certain auto loan services failed to provide adequate notification to borrowers enrolled in autopay that they must make their final payments manually, resulting in late fees when the final payments were not made on time, purportedly violating the “unfair” prong of UDAAP. In October, in the fall edition of the CFPB’s Supervisory Highlights, the agency focused on examinations of the auto finance market completed between November 2023 and August 2024. It highlighted a pattern of some servicers erroneously repossessing vehicles despite consumers making timely payments or obtaining approved deferments and other instances of repossessed vehicles without a recorded lien. Examiners also found that some servicers engaged in deceptive and unfair practices by applying payments to post-maturity loans in a different order than disclosed, resulting in late fees and failure to timely deliver vehicle titles after loan payoff. Finally, on the legislative front, New Hampshire significantly revised its Motor Vehicle Retail Installment Sales Act in August. Key provisions of the law include an expansive definition of “sales finance company” to include any person acting as a lender, holder, assignee, or servicer under retail installment contracts (RICs), not just motor vehicle retail installment sellers and sales finance companies. The new law also has a required notice component in all RICs, which must now detail a procedure that the consumer may use to file a complaint with the state’s motor vehicle commissioner. LOOKING AHEAD While 2025 may bring uncertainty under a new administration, we can reasonably predict some developments in the year ahead. We will most certainly learn the conclusion of the CARS Rule litigation, but the outcomes could be varied. The industry could see a wholesale victory — either through litigation at the Fifth Circuit or, potentially, through the FTC’s new decision not to prosecute the rule. Alternatively, the Fifth Circuit could uphold part of the rule, with potentially a new compliance date in 2025. We can also be reasonably sure that certain bipartisan issues, such as servicemember rights, will continue to be of interest to regulators. As it did back in 2017, the administration change will likely shake up current federal regulatory initiatives. The FTC will have a Republican-leaning commission, while the CFPB has a new acting director and an uncertain future. However, this does not mean regulatory scrutiny will dissipate entirely. Even if federal regulators dial back their activities, state regulators and attorneys general will step up their efforts. State regulators are already active in the auto finance space, notably in relation to ancillary products and alleged discriminatory pricing, but they may be more apt to increase their focus if they sense a gap at the federal level. For litigation, we anticipate additional attempts to expand the Holder Rule to recover attorneys’ fees from auto finance companies. Additionally, while federal regulation may taper, look for plaintiffs’ lawyers to try to implement federal regulators’ initiatives through state consumer protection statutes. 2024 CFS Year in Review | 7 2024 CFS Year in Review | 8 Background Screening The background screening industry saw a busy 2024 in the litigation and regulatory arenas. Federal agencies remained active in issuing regulatory guidance on the industry’s obligations and litigation exposures under the Fair Credit Reporting Act (FCRA) and relevant fair housing laws. A notable example was the application of Fair Housing Act (FHA) liability to tenant screeners — a developing area of law that saw major regulatory and litigation activity last year, including major cases against tenant screeners under the FHA proceed through trial or reach settlement. The Consumer Financial Protection Bureau (CFPB) also issued a pair of advisory opinions in early 2024 that took an expansive view of “reasonable procedures” under the FCRA for background screening—with major implications for consumer reporting agencies (CRAs) and background screeners. The overturning of Chevron deference and the upcoming administration change raise interesting questions regarding the future authority and developments for these regulatory pronouncements. These developments also will have a significant effect on litigation, as litigants seeking to rely on past agency guidance and interpretations will no longer be able to rely on courts’ deference to those pronouncements. FAIR HOUSING ACT APPLICATION TO TENANT SCREENERS Several significant developments emerged in 2024 regarding the application of the FHA to tenant screening companies. In March 2024, the U.S. Department of Housing and Urban Development (HUD), along with the Federal Trade Commission (FTC), the Department of Justice (DOJ), and the CFPB, issued joint guidance titled “Tenant Background Checks and Your Rights.” This guidance emphasized the regulators’ view that tenant background checks can lead to illegal discrimination even if there is no factual error in the report, both through landlords’ pretextual use of screening reports or through tenant screening companies’ use of “irrelevant” information that causes a disparate impact on certain applicants. Then in April, HUD issued guidance detailing tenant screening companies’ responsibilities under the FHA and claiming these companies can be held liable for discriminatory practices even if the final housing decision is made by the housing provider. HUD recommended best practices for tenant screeners to avoid FHA violations, such as reviewing algorithmic inputs for biases, ensuring the use of accurate, up-to-date records, and providing opportunities for applicants to present mitigating evidence. Meanwhile, courts have grappled with the extent to which tenant screening companies may be subject to liability under the FHA and have reached differing conclusions. CONTRIBUTORS Cindy D. Hanson, H. Scott Kelly, Elizabeth H. Andrews, Noah J. DiPasquale One court recently found after trial that a company providing a criminal background screening software to rental property managers that allegedly had a disparate impact on minority applicants was not subject to the FHA because it did not “make unavailable” housing, one of the statutory bases for application of the FHA. 1 Conversely, a similar case asserting FHA violations against a tenant screening company based on the alleged disparate impact of a credit screening product reached a $1.175 million class settlement (plus an additional $1.07 million in awarded attorney’s fees) in November 2024. 2 These regulatory and litigation developments indicate a clear trend towards increased scrutiny of tenant screening practices through application of fair housing laws. CFPB ADVISORY OPINIONS ON THE FAIR CREDIT REPORTING ACT The CFPB has regulatory authority to interpret the FCRA, and in January 2024 it used that authority to take an aggressive new approach to the regulation of CRAs, subjecting their internal procedures to far more intense scrutiny than had previously been the case. On January 23, 2024, the CFPB issued an advisory opinion that adopted an expansive view of CRAs’ duties to put in place “reasonable procedures” to assure “maximum possible accuracy” under § 607(b) of the FCRA with respect to the reporting of public records. 3 In the CFPB’s view, these “reasonable procedures” must, at a minimum: (1) Identify information that is duplicative to ensure that a report does not give the impression that a single event occurred more than once. (2) Ensure that information regarding the stages of a court proceeding (such as an arrest followed by a conviction) is presented in a way that makes clear the stages all relate to the same proceeding or case. (3) Identify any available disposition information in criminal, civil, or bankruptcy proceedings, for example an arrest on criminal charges that were later dismissed without a conviction, or a bankruptcy filing that was voluntarily dismissed without a discharge. (4) Ensure that the consumer report contains no records of a conviction that has been sealed, expunged, or otherwise legally restricted from public access. An accompanying advisory opinion stated that, under § 609(a) of the FCRA, CRAs responding to file disclosure requests must also disclose to the consumer “the sources” of information, including both the original source and any intermediary or vendor sources—resulting in a significantly increased administrative burden in responding to § 609(a) requests. On January 11, 2024, the CFPB waded into the obsolescence arena with new guidance on § 1681c, which generally prohibits the reporting of “[a]ny . . . adverse item of information . . . which antedates the report by more than seven years.”4 The CFPB advised that, to comply with this provision, CRAs should consider each adverse item of information to be subject to its own seven-year reporting period. The CFPB also clarified that the reporting period is not restarted or reopened by the occurrence of subsequent events. While litigation over obsolescence and “reasonable procedures” has been proliferating for several years, these advisory opinions strengthen the hand of consumer advocates looking to file more lawsuits on these discrete issues. 1 Connecticut Fair Housing Center v. CoreLogic Rental Property Solutions, LLC, No. 3:18-cv-705-VLB, 2023 WL 4669582 (D. Conn. July 20, 2023). 2 Louis v. SafeRent Solutions, LLC, No. 1:22-cv-10800 (D. Mass.). 3 Fair Credit Reporting; Background Screening, CFPB (Jan. 23, 2024), https://www.consumerfinance.gov/rules-policy/final-rules/fair-creditreporting-background-screening/. 4 Fair Credit Reporting; File Disclosure, CFPB (Jan. 11, 2024), https://www.consumerfinance.gov/rules-policy/final-rules/fair-credit-reportingfile-disclosure/. 2024 CFS Year in Review | 9 A LOOK AHEAD: LOPER BRIGHT UNFOLDS, AND A NEW ADMINISTRATION ENTERS THE FRAY All of these regulatory activities in 2024, and their potential downstream impacts on litigation, happened in a changed landscape with implications only beginning to unfold. With the demise of Chevron deference in June 2024, agencies’ interpretations and guidance concerning federal statutes are no longer as deeply and automatically entrenched to the degree they used to be. The CFPB’s interpretations of the FCRA, and the joint agencies’ guidance on the FHA, discussed above, can no longer claim entitlement to agency deference. In a 6–2 ruling in Loper Bright v. Raimondo, the U.S. Supreme Court sharply curtailed the power of federal agencies to interpret the laws they administer and ruled that, instead, courts should rely on their own interpretation of laws that they conclude are ambiguous. 5 In other words, when a party to litigation (for example, a defendant company in a consumer lawsuit) disagrees with how an agency is interpreting an ambiguous law, the deck is no longer stacked against it. The court will simply analyze the application of the ambiguous statute, without affording any special deference to how an agency might have interpreted it. Justice Kagan, dissenting in Loper Bright, predicted that the ruling would “cause a massive shock to the legal system.”6 An equal or larger impact on the legal system and the regulatory state is likely to ensue from the change in administration in January 2025. The incoming President-elect may choose agency leaders that regulate the background screening industry. The result is significant uncertainty about what 2025 will hold for background screeners, CRAs, and the companies that rely on them. 5 Loper Bright Enterprises v. Raimondo, 144 S. Ct. 2244, 2273 (2024). 6 Id. at 2307 (Kagan, J., dissenting). 2024 CFS Year in Review | 10 2024 CFS Year in Review | 11 Bankruptcy Bankruptcy filings increased significantly in the past year, with notable increases in consumer filings. Alongside the increase in bankruptcy filings, we continue to see a steady flow of consumer lawsuits alleging FCRA or state law analogue violations regarding inaccurate reporting of debt discharged in bankruptcy. Additionally, consumer civil litigation regarding issues with servicing mortgage loans in bankruptcy remains common. The Supreme Court issued a number of decisions in its 2023-2024 term that interpreted various aspects of the U.S. Bankruptcy Code, and one case of note will be considered in the Supreme Court’s 2024-2025 term. Here is our brief review of key bankruptcy developments in 2024 and what we expect to see in 2025. BANKRUPTCY FILING TRENDS 2024 • Total bankruptcy filings increased 16.2% from 2023 to 2024. • Business filings saw the largest increase at 33.5%, while individual filings rose 15.5%. • Total filings continued to increase year over year from their decade-low in June 2022. • Chapter 13 filings in 2024 surpassed Chapter 13 filings for 2020, reflecting a post-pandemic normalization of mortgage distress. BANKRUPTCY CASES OF NOTE Case Regarding Differing Trustee Fees and Appropriate Remedy In Office of U.S. Trustee v. John Q. Hammons Fall 20902, LLC, 144 S. Ct. 1588 (2024), the Supreme Court tackled the issue of the differing trustee fees charged in Chapter 11 cases filed in U.S. trustee districts versus those filed in bankruptcy administrator districts stemming from Congress’ 2017 amendment of 28 U.S.C. § 1930, which significantly increased the quarterly fees payable to the U.S. trustee. The fees payable to the bankruptcy administrator program did not increase at the same time, however, and were not made equal to the increased U.S. trustee fees until 2021. CONTRIBUTORS Joseph M. DeFazio, Jared Bissell, Peter Yould In Siegel v. Fitzgerald, 596 U.S. 464 (2022), the Supreme Court held that the disparity between U.S. trustee and bankruptcy administrator fees violated the uniformity requirement of the bankruptcy clause. However, the Court did not decide the appropriate remedy, instead listing three potential options: (1) refund the higher fees charged during the nonuniform period; (2) retroactively extract higher fees from the debtors charged lower fees during the nonuniform period; or (3) require only prospective fee parity. After Siegel, lower courts generally held that a refund of the higher fees charged during the uniform period was the appropriate remedy. However, the U.S. trustee argued that the third course of action — prospective parity between the fees charged by the U.S. trustee and the bankruptcy administrator program — was sufficient to resolve the violation. In Hammons, the Supreme Court was asked to decide which of the three proposed options in Siegel was appropriate. The Court sided with the U.S. trustee and held that prospective parity was the appropriate remedy. The Court concluded that the constitutional violation was shortlived with a small disparity and that the violation itself was cured by the elimination of the disparity in 2021. Further, given that approximately 2% of Chapter 11 cases were filed in bankruptcy administrator districts between January 2018 and April 2021, the actual number of instances in which disparate fees were charged was de minimis. The Court also found that ordering refunds presented significant practical challenges and, further, that a refund of fees was not intended by Congress when it remedied the disparity. Case Involving Determination of Parties in Interest In another case, the Supreme Court took up the issue of whether insurers are parties in interest pursuant to Section 1109(b) and, as such, have standing to object to various matters in Chapter 11 cases, including objecting to confirmation of a Chapter 11 plan. Before this case, the Fourth Circuit held that insurers did not have standing pursuant to Section 1109(b) to object to plan confirmation where such plans were insurance neutral (i.e., the plan did not increase the insurer’s obligations or impair the insurance policy’s contractual obligations). The Supreme Court rejected the Fourth Circuit’s argument and exclusive reliance on the neutrality doctrine, finding that Chapter 11 plans must be analyzed on a case-by-case basis as to whether a prospective party would qualify as a “party in interest” under Section 1109(b) since Chapter 11 plans could affect insurers’ rights in myriad ways. The Supreme Court unanimously concluded that an insurer that has financial responsibility for a debtor’s claims qualifies as a “party in interest” and may object to confirmation of a Chapter 11 plan. This is important for future bankruptcies filed under Chapter 11, in which a debtor’s insurance assets make up a significant portion of the expected recoveries of potential creditors. Debtors will need to work hand in hand with the insurers — just as they would with creditors — to address potential objections to confirmation. The Supreme Court unanimously concluded that an insurer that has financial responsibility for a debtor’s claims qualifies as a “party in interest” and may object to confirmation of a Chapter 11 plan. 2024 CFS Year in Review | 12 Miller v. United States, 71 F.4th 1247 (10th Cir. 2023), cert. granted, No. 23-824, 2024 WL 3089529, 2024 U.S. LEXIS 2832 (U.S. June 24, 2024) In its 2024-2025 term, the Supreme Court will consider whether or not a bankruptcy trustee may avoid a debtor’s tax payment to the United States under § 544(b) when no actual creditor could have obtained relief under the applicable state fraudulent transfer law outside of bankruptcy given sovereign immunity and constitutional clauses. The Tenth Circuit held that a bankruptcy trustee is permitted to do so because § 106(a) abrogates sovereign immunity not only for the bankruptcy itself but for the underlying state law causes of action (in this case, the Utah Uniform Fraudulent Transfer Act). The Tenth Circuit’s decision is in conflict with the Seventh Circuit ruling in, In re Equip. Acquisition Res., Inc., 742 F.3d 743 (7th Cir. 2014), but conforms with decisions from the Fourth and Ninth Circuits, Cook v. United States (In re Yahweh Ctr., Inc.), 27 F.4th 960 (4th Cir. 2022); Zazzali v. United States (In re DBSI, Inc.), 869 F.3d 1004 (9th Cir. 2017). We expect the Supreme Court to issue its ruling in June 2025. LOOKING FORWARD TO 2025 We expect that consumer bankruptcy filings will continue to increase in 2025 as interest rates are expected to remain higher for longer. We also expect the election outcome to inhibit any momentum toward passing the Consumer Bankruptcy Reform Act (CBRA). The CBRA was originally proposed by Senator Elizabeth Warren (D-MA) and Representative Jerrold Nadler (D-NY) in December 2020 with the hope of consolidating frequently used consumer bankruptcy Chapters 7 and 13 into a new, simplified Chapter 10. The CBRA also seeks to reform the process for bankruptcy discharge of student loan debt. Given the new Republican governing trifecta, we predict little appetite to pass the CBRA or any bankruptcy code reforms regarding the discharge of student loan debt. 2024 CFS Year in Review | 13 2024 CFS Year in Review | 14 Consumer Class Actions 2024 was a busy year in the class action space, with notable decisions, both procedurally and substantively. Courts continued to scrutinize fee awards, including notices that must be provided to class members in connection with fee awards. In In re T-Mobile Customer Data Sec. Breach Litig., 111 F.4th 849 (8th Cir. 2024), the Eighth Circuit was the most recent circuit to vacate an excessive fee award. The court held that the district court erred in overruling an objection to a class-action settlement, finding the objection to the fee award of $78.75 million to be meritorious. While the court declined to adopt a bright-line rule for fee awards in cases with settlement funds exceeding $100 million — the fund in this case was $350 million — the court found that the fee award was not proportional to the work actually done by counsel at the time the case settled. The Third, Sixth, Seventh, and Ninth Circuits have also recently reversed what they concluded to be excessive fee awards. See In re Wawa, Inc. Data Sec. Litig. 85 F.4th 712 (3d Cir. 2023) (vacating $3.2 million fee and remanding with instructions); Linneman v. Vita-Mix Corp., 970 F.3d 621 (6th Cir. 2020) (vacating $3.9 million fee as unreasonable); In re Broiler Chicken Antitrust Litig., 80 F.4th 797 (7th Cir. 2023) (vacating $57.4 million fee award and remanding with instructions); Lowrey v. Rhapsody Int’l, Inc., 75 F.4th 985 (9th Cir. 2023) (reversing $1.7 million fee and remanding). In Chieftain Royalty Co. v. SM Energy Co., 100 F.4th 1147 (10th Cir. 2024), the court held that if a fee award is reversed and the district court must recalculate fees, class counsel must send a new class notice. After the parties reached a class settlement, the Tenth Circuit vacated the district court’s fee award and instructed the lower court to recalculate fees. However, class counsel did not send a new class notice related to the new fee motion. The Tenth Circuit held that the district court erred again in not requiring a new motion. The vacated $52 million fee award was one-third of the settlement, requiring a second do-over because counsel failed to send a separate class notice about the second fee award. The second award of $17.3 million was based on a lodestar calculation of reasonable hours and a CONTRIBUTORS Timothy J. St. George, Carter R. Nichols, Sarah T. Reise, Eli Kaplan reasonable hourly rate, backed by extensive fee records. Given the different calculation methods, the earlier notice could not be said to have provided the class with notice of the new motion. In the wake of Facebook, TCPA class actions have generally shifted away from whether an ATDS was used, to focus on other more creative and novel approaches. In Van Elzen v. Advisors Ignite USA LLC, No. 22-c-859 (E.D. Wis. Jan. 18, 2024), David Van Elzen was an insurance agent who attempted to bring claims on behalf of potential plaintiffs who received a “ringless voicemail” from Advisors Ignite — a marketing company seeking to grow its network that worked specifically with insurance agents and that had purchased lists of insurance agents for that purpose. The Eastern District of Wisconsin found that Van Elzen’s proposed class was based on an unfounded assumption that every other insurance agent suffered the same harms as he claimed to have suffered. Because there were potentially other insurance agents who would have been receptive to Advisor Ignite’s message or not felt that they had been harmed as Van Elzen had, the court denied certification of his proposed class. In Thompson v. Vintage Stock, Inc., No. 4:23-cv-00042- SRC (E.D. Mo. Feb. 8, 2024), the Thompsons claimed that Vintage Stock sent them and other potential plaintiffs dozens of unwanted text messages in violation of the TCPA federal and state Do-Not-Call List regulations. The Thompsons proposed a national class for each of their three claims along with multiple alternative class definitions, some of which Vintage Stock challenged as “fail safe” classes. The court agreed with Vintage Stock to the extent that multiple classes concerned whether a potential plaintiff had received a “telephone solicitation” under the Missouri statute at issue, which the court found would require it to address a contested element of liability under the statute. As reflected by these cases, the inability to rely on the use of an ATDS alone has presented new challenges for TCPA class-action plaintiffs attempting to find workable class definitions. Questions of when plaintiffs have standing continue to be hotly contested in putative class actions. For instance, putative FDCPA class actions continue to be stymied by precedent holding that potential class members must show more than a mere procedural violation to ensure class-wide Article III standing consistent with the requirements of Rule 23. In Tavor v. Andrew F. Troia, Esq. d/b/a Troia & Assocs., No. 23-cv-7724 (ARR) (CLP) (E.D.N.Y. Jan. 31, 2024), Troia & Associates sent two letters to Tavor regarding an overdue debt. Tavor claimed that these letters included sensitive personal information and failed to include required FDCPA disclosures, and that one of the letters was sent to his girlfriend. Tavor asserted that these letters caused him emotional distress due to their effect on his relationship and because he was confused on how to respond to the letters due to their failure to include required disclosures. The Eastern District of New York focused its analysis on whether these harms had a common-law analogue; it found that they did not and therefore that Tavor could not demonstrate Article III standing. The District of New Jersey reached a similar result for similar reasons in Algranati v. Midland Credit Mgmt., Inc., No. 22-4818 (ES) (AME) (D.N.J. Jul. 15, 2024). In that case, Algranati claimed that his private information had been disclosed by Midland to a third-party vendor in violation of the FDCPA, but failed to allege any other concrete harm. The court found that the disclosure to a third-party vendor was not sufficiently close enough to the commonlaw injury of unreasonable publicity and that Algranati therefore lacked Article III standing. These cases suggest that potential FDCPA class definitions asserting only bare procedural violations will continue to be looked at with skepticism by courts. There were also notable decisions regarding class communications. In Wayside Church v. Van Buren County, No. 23- 1471 (6th Cir. 2024), the Sixth Circuit upheld a ban on communications with putative class members by a law firm that was not putative class counsel. The Sixth Circuit decision endorsed three notable principles. First, an order limiting communications to class members “should be based on a clear record and specific findings that reflect a weighing of the need for a limitation and the potential interference with the rights of the parties.” Second, a 2024 CFS Year in Review | 15 Rule 23(e)(1) order granting preliminary approval of a class settlement and directing notice to the class does not certify a class and thus does not create an attorneyclient relationship between putative class members and putative class counsel. Because putative class members remain merely putative class members even after entry of a preliminary approval order, communications with them by lawyers other than putative class counsel are not communications with represented parties. Third, “a lawyer’s truthful, non-misleading criticisms of a proposed settlement are not a valid reason to proscribe his communications with members of a proposed (or actual) class.” Despite endorsing those principles, the Sixth Circuit affirmed the protective order on the ground that the law firm knowingly communicated with named plaintiffs (not just putative class members) and made misrepresentations to the district court. As the Sixth Circuit put it, that “a district court must narrowly tailor its restrictions on speech to members of a proposed class does not mean it must allow a demonstrably untrustworthy speaker to keep speaking to them.” Looking ahead to 2025, we anticipate that courts will continue to scrutinize standing in class actions, as they have for the past several years. As a result, class counsel will likely continue to look for creative solutions to either avoid or establish standing in federal courts to suit their needs. Similarly, we also expect that TCPA class counsel will continue to grapple with the post-Facebook landscape. 2024 CFS Year in Review | 16 2024 CFS Year in Review | 17 Consumer Credit Reporting The consumer reporting ecosystem saw several important developments in 2024. Consumer reporting agencies (CRAs), furnishers, and end users should monitor continuously these developments to remain compliant with their obligations under the Fair Credit Reporting Act (FCRA). FCRA RULEMAKING The Consumer Financial Protection Bureau (CFPB), the primary federal agency with jurisdiction over the FCRA, remained highly active in 2024. On January 11, 2024, the CFPB issued an advisory opinion on inaccuracies in background check reports as well as file disclosure obligations. On June 11 the CFPB issued a proposed rule addressing the inclusion and use of medical debt information in consumer reports that was finalized in early 2025, but which now may be on hold under the Trump administration. On December 3, the CFPB issued a proposed rule to expand the reach of the FCRA to data brokers by expanding the definitions of “consumer report” and “consumer reporting agency”, but this rulemaking’s future is also in question under the new CFPB leadership. This proposed rule would also have addressed how users could obtain consumer reports by restricting the “legitimate business need” permissible purpose and imposing new requirements on the “written instructions” permissible purpose. CONSUMER REPORTING AGENCIES Judicial activity in 2024 relating to CRAs included some significant federal appellate court opinions addressing FCRA compliance. In Lloyd v. FedLoan Servicing, the Eighth Circuit rejected a plaintiff’s argument that a CRA should have found a furnisher unreliable after a consumer’s dispute because the plaintiff failed to identify any specific step in the CRA’s procedures that were deficient. In Santos v. Healthcare Rev. Recovery Grp., the Eleventh Circuit held that consumers could recover statutory damages under the FCRA without showing any actual damages. In so holding, the Eleventh Circuit noted that its reading of the FCRA was consistent with that of other circuits, citing the Seventh, Eighth, Ninth, and Tenth Circuits. The Sixth Circuit also joined other judicial circuits in finding that inaccuracy is required for a claim under the FCRA’s reasonable investigation CONTRIBUTORS Kim Phan, Alan D. Wingfield, Megan E. Burns, Peter S. Cox, Kathleen M. Hutchenreuther requirement. The court further clarified that “accuracy” for purposes of the FCRA encompasses both “truthfulness and completeness.” FURNISHERS The Supreme Court weighed in on a FCRA furnisher case in 2024, Dep’t of Agric. Rural Dev. Rural Hous. Serv. v. Kirz. In this case, the Court resolved a circuit split, holding that the plain language of the statute subjecting “persons” to liability under the FCRA can include a government agency. Lower courts continue to grapple with whether a furnisher is required to investigate and resolve legal disputes as opposed to merely factual disputes relating to an underlying debt as well as the contours of any required reinvestigation of such disputes. In Ritz v. Nissan-Infiniti LT, the Third Circuit is considering whether to hold a furnisher liable when it reported that plaintiffs had failed to make payments under their auto lease agreement. The district court had previously held that the furnisher was not required to resolve the plaintiffs’ dispute on whether the underlying agreement permitted the reported charges. On appeal, the plaintiffs, the CFPB, and the Federal Trade Commission contend that furnishers have an obligation to investigate and resolve legal disputes. The same issue is pending before the Fourth Circuit in Roberts v. Carter-Young, Inc., which involves a plaintiff’s dispute that she was improperly charged for certain repair damages under her lease agreement. The lower court had previously held that the plaintiff’s legal dispute about the underlying debt was not actionable under the FCRA. In Holden v. Holiday Inn Club Vacations Inc., the Eleventh Circuit held that whether an alleged inaccuracy is factual or legal is not the issue, rather the issue is whether the alleged inaccuracy was objectively and readily verifiable. Here, the court held that the information was not readily verifiable because it stemmed from a contractual dispute without a straightforward answer. With regard to the sufficiency of furnisher reinvestigations, in Lloyd v. FedLoan Servicing, the Eighth Circuit held that the mere fact that a plaintiff was required to file multiple disputes before removal of the negative information from her credit report did not demonstrate willful or negligent violations by the furnisher conducting a reinvestigation. Similarly, in Holden v. Broker Solutions, Inc., the Ninth Circuit held that updating the payment history profile to report a loan as current for the disputed months proved that the defendant furnisher’s investigation into the plaintiff’s disputes was reasonable. END USERS Courts also grappled with FCRA permissible purpose issues. For example, a pair of cases out of the Northern District of Georgia highlight the uncertain nature of “permissible purpose” litigation. In one of these cases, a Lower courts continue to grapple with whether a furnisher is required to investigate and resolve legal disputes as opposed to merely factual disputes relating to an underlying debt as well as the contours of any required reinvestigation of such disputes. 2024 CFS Year in Review | 18 pro se plaintiff alleged the defendant, a national debt buyer and collection agency, did not have a legitimate business need when it purchased his consumer report. The court granted the defendant’s motion to dismiss, in part because its status as a debt collector raised “the distinct possibility” that the credit information was accessed “in an effort to collect on a debt.” However, in Marion v. Mercantile Adjustment Bureau, LLC, Civil Action No. 1:23-CV-05919- MLB-JCF, 2024 U.S. Dist. LEXIS 169278 (N.D. Ga. Sep. 19, 2024), decided just six days later, the court found that the defendant’s status as a debt collector was not, in this case, dispositive. The court gave significant weight to an allegation that the defendant “was neither retained by a creditor with whom Plaintiff has initiated a transaction nor involved in any collection activities pertaining to a debt initiated by Plaintiff.” Thus, the court denied the defendant’s motion to dismiss even though the defendant asserted it was actively attempting to collect a debt owed by the plaintiff. End users must also be mindful of their adverse action notice obligations under the FCRA. For example, in Helwig v. Concentrix Corp., 345 F.R.D. 608, 613 (N.D. Ohio 2024), a federal district court in Ohio certified a class of up to 50 job applicants who received communications from the defendant end user notifying them that they were no longer being considered for a position on the same day that those same members received their pre-adverse action notices. The court concluded that the class members had adequately alleged that they had no meaningful opportunity to respond and/or dispute the information in their consumer reports prior to adverse action being taken against them. LOOKING AHEAD In 2025, we expect that the impact of a new CFPB director on FCRA rulemaking, supervision, and enforcement will draw a great deal of attention, but the prospects for any prior initiatives moving forward seems unlikely. However, we can expect that FCRA litigation will continue at a steady pace for all the various entities in the consumer reporting ecosystem. 2024 CFS Year in Review | 19 2024 CFS Year in Review | 20 Debt Collection Total consumer debt balances continued to grow in 2024, and Americans owed a record high $1.17 trillion in credit card debt as of the third quarter of 2024. Reversing course from last year, federal lawsuits brought under the Fair Debt Collection Practices Act (FDCPA) rebounded, with filings through October 2024 up by approximately 6.3% compared with the same period in 2023. See WebRecon Oct 2024 Stats: Everything Up in Oct and YTD – WebRecon LLC. Below we outline some of the major takeaways from debt collection in 2024. CFPB FUNDING DEEMED CONSTITUTIONAL In May, the U.S. Supreme Court issued a long-awaited decision holding that the CFPB’s special funding structure does not violate the appropriations clause of the Constitution. The 7-2 majority held the DoddFrank Act, which provides the CFPB’s funding structure, satisfies the appropriations clause because it “authorizes the Bureau to draw public funds from a particular source — ‘the combined earnings of the Federal Reserve System’ — in an amount not exceeding an inflationadjusted cap.” Although its efforts to regulate the debt collection industry remain broad, the CFPB continued to focus substantial attention on issues relating to medical and rental-housing debt in 2024. The increased financialization of these markets continues to introduce new financial product and service offerings to consumers. The CFPB continues to focus on ensuring such new products and services comply with all applicable legal requirements, in particular with a focus on credit reporting and loss mitigation. Regarding medical debt, the CFPB released a notice of proposed rulemaking in June to remove a regulatory exception that broadly permits lenders to obtain and use information about medical debt for credit eligibility determinations. In its 2024 Annual Report on the FDCPA, the CFPB highlighted consumer complaints regarding the collection of allegedly owed medical bills that consumers claimed were satisfied by the financial assistance programs that nonprofit hospitals must have under federal law. Regarding rental-housing debt, the CFPB is particularly concerned with allegations that rapid increases in rent are the result of alleged illegal pricefixing by revenue cycle management companies. CONTRIBUTORS Stefanie H. Jackman, James K. Trefil, Kristen T. Eastman, Jonathan P. Floyd, Joshua D. Howell, Stephen D. Lozler, Jake A. Rodon Although the litigation concerning the constitutionality of the CFPB slowed some enforcement actions dramatically, following the Supreme Court’s ruling, the CFPB filed more than a dozen enforcement actions and resolved nearly as many previously filed lawsuits. Under Director Chopra, the CFPB continued its strategy of acting against large companies because they have a big market impact and result in larger fines and restitution for consumers. However, the CFPB’s enforcement activities will clearly be curtailed significantly during President Donald Trump’s second term. For example, 2015 was the CFPB’s most active year during President Obama’s term, with 56 enforcement actions. During that time, the CFPB returned to consumers nearly $6 billion from settlements with businesses it oversaw. In contrast, during 2019, its most active year of President Trump’s first term of office, total settlement cash returned to consumers was significantly lower, at around $783 million. Also, while the CFPB remained active overall during President Trump’s first term, the tone and tenor of its public consent orders and other statements were more measured. STATE LAW IS DRIVING LITIGATION GROWTH In 2024, we noted continued upticks in claims alleging violations of state-specific statutes prohibiting collection communications at certain hours or at times known by the collecting entity to be inconvenient for a given consumer. These time-of-day restrictions are increasingly being applied broadly to forms of communication such as emails and text messages. It remains to be seen whether courts will endorse the expansion of these statutes to encompass other forms of communication. The potential exposure could be significant given the automated systems many collections firms use to simultaneously email hundreds, or even thousands, of consumers. One thing remained constant in 2024: the continued overall increase in consumer claims generally. Credit reporting-related claims constituted the bulk of the increase in 2024, with BridgeForce Data Solutions noting a 58% increase in credit reporting-related complaints through Q3 2024 over the previous year. We attribute the steady increase in these claims to several factors, including the CFPB’s continued scrutiny of credit reporting practices, litigation demands relating to the failure to add compliance condition codes on tradelines, and heightened consumer awareness driven, at least in part, by social media. Further, though not a new tactic, consumers are increasingly using credit repair organizations to lodge both direct-to-debt-collector and indirect, consumer-reportingbureau disputes of debts. While these disputes frequently consist of simple form letters that target numerous accounts and debt collectors, they are increasingly forming the basis of lawsuits. Some “enterprising” plaintiffs’ firms also appear to have joined forces with credit repair organizations arguably to manufacture lawsuits. Defendants, however, are fighting back. For example, on June 3, 2024, a civil Racketeer Influenced and Corrupt Organizations Act lawsuit was filed in the United States District Court for the Central District of California against well-known plaintiffs’ firm Stein Saks, PLLC. The suit alleges Stein Saks and certain of its attorneys engaged in a scheme with Florida-based Zieg Law Firm, LLC, a New Jersey credit repair operator, and New Jersey and Florida credit repair operators to create fraudulent credit denial letters to use to obtain settlements in sham lawsuits brought under the FCRA. Stein Saks has filed motions to dismiss, to strike, for joinder, and to stay the action. The court heard oral arguments on these motions on November 14, 2024, and granted, in part, several motions to dismiss. However, the plaintiff was allowed leave to further amend its complaint. LOOKING FORWARD Electronic communications will remain a focal point for both litigants and regulators. The Federal Communications 2024 CFS Year in Review | 21 Commission’s (FCC) new rules on consent revocation are anticipated to take effect on April 11, 2025. These rules allow consumers to opt out of robocalls and robotexts through any reasonable means, with revocation requests to be honored “as soon as practicable” but no later than within 10 business days after the opt out. In addition, a revocation as to a cellular telephone number is required to be applied as an opt- out for both calls and texts to that number under the new FCC rules. Additionally, the industry is expected to face continued state-level regulation of electronic communications. For example, New York City has proposed in its collection rule making efforts a number of new requirements when communicating with consumers electronically. In parallel, artificial intelligence (AI) also is likely to be a focal point in the coming year, with many courts issuing standing orders that require disclosure when AI is used or prohibiting its use altogether. In the collection and servicing industry, AI can help predict payment likelihood, negotiate payments, and segment customers, potentially making debt collection smarter and less intrusive. However, concerns remain about the potential for AI to exacerbate inherent bias, increase harassment, and overwhelm the court system. Regulators continue to monitor AI’s use in collections to ensure compliance with consumer protection laws. Despite these potential risks, AI tools are expected to become essential for debt collection agencies, much like automation has in other industries. Adding to the evolving regulatory landscape, in 2024 the U.S. Supreme Court issued a landmark decision in Loper Bright Enters. v. Raimondo, overruling the Chevron doctrine. The Chevron doctrine mandated that courts defer to an agency’s reasonable interpretation of an ambiguous statute. This deference often gave agencies broad leeway to define the limits of their statutory authority, making it challenging for businesses, organizations, and individuals to successfully challenge agency actions in court. Now, courts will independently interpret statutes without necessarily deferring to agencies’ interpretations. This change is expected to increase the likelihood of successful challenges to agency actions under the Administrative Procedure Act. In the debt collections and servicing context, this means that the CFPB and FTC, which primarily oversee and enforce rules within this sector, will likely face significant challenges to the scope of their authority and actions that they take in enforcing the FDCPA and other statutes. 2024 CFS Year in Review | 22 2024 CFS Year in Review | 23 Digital Assets The year 2024 witnessed heightened regulatory scrutiny of the digital assets sector, with federal agencies actively leveraging their existing powers in enforcement actions. However, recent developments indicate a growing recognition that existing regulations developed for traditional finance may not be best suited to address the complexities of the evolving digital asset realm. Additionally, federal and state developments exemplify the shift of digital assets into the mainstream. FEDERAL LEGISLATION DEVELOPMENTS In 2024, the House of Representatives approved significant legislation, including the McHenry-Thompson Financial Innovation and Technology for the 21st Century Act (FIT21 Act) and the Emmer-Central Bank Digital Currency Anti-Surveillance Act, aiming to create clearer regulatory guidelines and enhance the role of digital assets in the federal government. • McHenry-Thompson FIT21 Act: In May 2024, the U.S. House of Representatives approved this wide-reaching bill to establish regulations for digital asset markets. The bill creates a regulatory framework for digital assets, distinguishing between those regulated by the Commodity Futures Trading Commission (CFTC) and the Securities Exchange Commission (SEC). • Emmer-Central Bank Digital Currency AntiSurveillance Act: Also in May 2024, the House approved this bill, which would limit the Federal Reserve’s ability to issue and manage central bank digital currencies (CBDCs). Proponents argue that CBDCs enable excessive government oversight of individuals’ financial activities. Additionally, new legislation was introduced in both houses of Congress, including the Lummis-Boosting Innovation, Technology, and Competitiveness through Optimized Investment Nationwide (BITCOIN) Act and the Rose-Bridging Regulation and Innovation for Digital Global and Electronic Digital Assets Act (BRIDGE Digital Assets Act). • Lummis-BITCOIN Act: This act seeks to introduce a strategic Bitcoin reserve, mandating the management and secure storage of Bitcoin holdings by the federal government. This is a significant step toward integrating digital assets into mainstream financial systems while providing necessary regulatory oversight. • Rose-BRIDGE Digital Assets Act: This act aims to establish the Joint Advisory Committee on Digital Assets, co-managed by the CFTC and SEC. Similar to CONTRIBUTORS Ethan G. Ostroff; Julian A. Miller the McHenry-Thompson FIT21 Act, it seeks to create more consistent and transparent regulatory oversight by advising the SEC and CFTC on rules and regulations. FEDERAL REGULATORY DEVELOPMENTS IN 2024 In 2024, federal regulators maintained that innovation does not exempt entities from financial laws, yet signs emerged of a need for a nuanced approach to digital assets, emphasizing the need for understanding before imposing traditional regulations. • CFPB Rule on Digital Wallets and Payment Apps: On November 21, the CFPB finalized a rule to supervise larger technology companies offering digital wallets and payment apps, targeting nonbank companies that facilitate more than 50 million consumer payment transactions annually. These companies will now be subject to the CFPB’s supervisory authority, similar to large banks and credit unions, with requirements on data collection, transaction dispute protocols, and consumer access issues. Notably, the CFPB excluded certain digital asset transactions from the rule, opting not to include them in the definition of “consumer payment transaction.” This exclusion reflects the agency’s intent to gather more data on the impact of digital asset transactions on consumers and consider future actions. The rule was set to take effect January 9, 2025; however, implementation is uncertain in the new administration. • Withdrawal of Know Your Customer Proposal for Non-Custodial Wallets: On August 19, the U.S. Treasury Department officially withdrew a contentious proposal by the Financial Crimes Enforcement Network (FinCEN) from 2020 that aimed to impose know-your-customer requirements on non-custodial cryptocurrency wallets. While the key provisions were aimed at strengthening anti-money laundering (AML) regulations related to digital currencies, this rule would have required banks and money service businesses to submit reports and verify the identity of customers in transactions involving convertible virtual currency or digital assets held by cryptocurrency wallet software. • IRS and Treasury Regulations on Crypto Transactions: On June 29, the IRS and U.S. Department of Treasury finalized new regulations requiring crypto platforms to report transactions starting in 2026. These rules, part of the Biden administration’s Infrastructure Investment and Jobs Act, mandate custodial platforms to provide a standard 1099 form for transactions to simplify tax payments and combat tax evasion. Decentralized platforms that do not hold assets are exempt from these requirements The IRS commissioner emphasized the importance of these regulations in preventing the use of digital assets to hide taxable income. Additionally, on December 30, the IRS issued a final rule requiring many crypto entities, including decentralized finance entities, to conduct know-your-customer (KYC) data collection on users. This rule, which targets “digital assets middlemen,” mandates that any entity facilitating crypto transactions must gather information about the participants. STATE DEVELOPMENTS • California: On September 29, 2024, California Governor Gavin Newsom signed Assembly Bill (AB) 1934 into law, amending the California Digital Financial Assets Law (DFAL). The legislation extends the compliance deadline for businesses operating under DFAL from July 1, 2025, to July 1, 2026. It also strengthens recordkeeping requirements, introduces specific stablecoin regulations, and requires kiosk operators to ensure that entities conducting digital financial asset activities via their kiosks are appropriately licensed. Earlier in September, the California Department of Financial Protection and Innovation (DFPI) successfully defended the DFAL’s consumer protection measures, including a $1,000 daily withdrawal limit for Bitcoin ATMs, against a legal challenge. • Additionally, California is leveraging blockchain technology to digitize car titles. The state is implementing a pilot program to streamline vehicle title management, enabling the secure transfer of car titles via blockchain. • New Jersey: On June 10, 2024, New Jersey introduced a groundbreaking bill to classify cryptocurrencies sold to institutional investors as securities under the state’s 2024 CFS Year in Review | 24 Uniform Securities Law (1967). This proposal seeks to provide greater regulatory clarity while empowering the New Jersey Bureau of Securities to adopt rules ensuring compliance. New Jersey’s proactive approach reflects its position as a hub for digital asset integration and could serve as a model for other states considering similar measures. • Florida: On May 22, 2024, the Florida First District Court of Appeal ruled that the Office of Financial Regulation’s (OFR) suspension of Binance.US’s money services business license was procedurally improper. The court determined that the OFR failed to specify reasons supporting the fairness of its suspension decision, marking an important procedural win for Binance.US as it navigates regulatory scrutiny. LOOKING AHEAD As the digital asset industry continues to evolve in 2025 and beyond, we expect stakeholders will see a growing emphasis on state-level regulatory frameworks, with states like California, Florida, Texas, and New Jersey leading efforts to integrate blockchain technology and redefine asset classification. At the federal level, developments reflect both the challenges and opportunities facing the industry. The IRS’s new broker reporting rule, set to take effect in 2027, imposes KYC obligations on digital assets middlemen, signaling a push for stricter oversight and raising significant questions about compliance feasibility and privacy concerns for decentralized finance developers. Conversely, key developments, including Senator Cynthia Lummis’s proposal for a strategic Bitcoin reserve, a fundamental leadership shift at the SEC favoring digital assets, and the CFPB’s cautious approach to regulating certain digital transactions while continuing to study their impact, demonstrate a growing recognition of the transformative potential of digital assets and suggest that further developments are on the horizon. As legal challenges and regulatory efforts unfold, the industry is likely to see heightened scrutiny balanced with initiatives aimed at fostering innovation. These changes underscore the ongoing tension between advancing regulatory clarity and supporting the growth of digital assets, with transparency and consumer protection remaining critical pillars in the ever-expanding digital financial ecosystem. 2024 CFS Year in Review | 25 2024 CFS Year in Review | 26 Fair Lending and UDAAP During 2024, federal financial institution regulators continued to aggressively enforce the federal fair lending laws (the Equal Credit Opportunity Act (ECOA) and the Fair Housing Act). Several additional settlements were announced under the government-wide Combatting Redlining Initiative, led by the U.S. Department of Justice (DOJ), which was the Biden administration’s signature issue. The CFPB continued its war on so-called ‘junk fees’ of all types, asserting UDAAP violations and issuing guidance, and pursuing enforcement actions against financial institutions. Federal and state regulators also increasingly focused on potential discrimination in the use of artificial intelligence in consumer lending, with key federal agencies issuing guidance and the state of Colorado enacting legislation. Highlights from the past year are described below. FAIR LENDING • Redlining: First announced in October 2021, the Combatting Redlining Initiative continued unabated. The DOJ and other federal regulators have now entered into 15 consent orders with financial institutions, including five in 2024 alone. In addition, in July, the CFPB won the Townstone case in the Seventh Circuit, in which the court determined that ECOA permits liability for discouraging a prospective applicant. While state attorneys general have not been as active in redlining enforcement as federal agencies, the New Jersey attorney general released a report in October alleging redlining practices by Republic First Bank after a multiyear investigation. Since the bank closed in early 2024, the state took the unusual approach of filing a report outlining its findings and filing a claim with the FDIC instead of bringing litigation against the bank. This case demonstrates that the risk of redlining cases exists with state regulators and attorneys general, and this risk will likely increase as federal agencies shift their fair lending enforcement priorities under a new administration. • Appraisal Bias: Federal regulators continued to focus on appraisal bias through the Interagency Taskforce on Property Appraisal & Valuation (PAVE Taskforce) and the Federal Financial Institutions Examination Council (FFIEC). In February, the FFIEC issued its Statement on Examination Principles Related to Valuation Discrimination and Bias in Residential Lending, and the CFPB and federal banking agencies issued final guidance on reconsiderations of value in July. CONTRIBUTORS Lori J. Sommerfield, Christopher J. Willis, Christine R. Emello, Sarah E. Pruett • Artificial Intelligence (AI) and Models: Federal and state regulators are increasingly focused on the use of AI in consumer markets. In May, Colorado enacted the Colorado AI Act, effective February 2026, to protect consumers from discrimination by AI-based systems and require annual impact assessments. In May, the U.S. Department of Housing & Urban Development (HUD) released guidance recommending that AI in tenant screening be monitored to prevent discriminatory outcomes. In August, the CFPB issued a comment emphasizing that all technologies, including AI, must comply with consumer protection laws. The CFPB noted that it is actively monitoring the use of advanced technologies, such as automated customer service and fraud screening, to ensure they comply with federal law, and highlighted the need for fair lending practices and regular testing for discrimination in AI technologies used for lending and underwriting decisioning. The Bureau also warned creditors that they should engage in fair lending testing of their credit models, including assessments of whether a less discriminatory alternative version of the models could be implemented, and noted that it would be performing its own analyses of creditors’ models. In September, the FTC launched Operation AI Comply to ensure AI use complies with consumer protection laws, announcing five actions against companies for deceptive or unfair AI practices. • Targeted Advertising: In May, HUD issued guidance related to targeted advertising of housing, credit, and other real estate-related transactions through digital platforms. HUD stated that targeted advertising systems utilizing algorithms or AI may result in discrimination based on protected characteristics in violation of the Fair Housing Act, such as by denying consumers information about housing opportunities, targeting vulnerable consumers, or steering home-seekers to particular neighborhoods. The guidance advises caution when using categorization tools available on digital marketing platforms and to not use such tools to segment audiences based on protected characteristics or their proxies. • Section 1071 Final Rule: In 2023, the CFPB issued a final rule implementing Section 1071 of the Dodd-Frank Act concerning small business loan data collection and reporting requirements, but implementation of the final rule has been delayed due to ongoing litigation. Currently, an APA challenge filed by several banking trade groups is pending in the Fifth Circuit, with a decision expected in spring 2025. Nonetheless, the CFPB is proceeding as though the final rule will be implemented. In June, the CFPB issued an interim final rule extending the compliance dates by 290 days to compensate for the period the rule was stayed in litigation, providing new compliance dates for lenders based on their volume (highest volume — July 18, 2025; moderate volume — January 16, 2026; and smallest volume — October 18, 2026). In August, the Bureau unveiled its beta platform for filing small business lending data for testing purposes. • Community Reinvestment Act Final Rule: In March, a Texas federal district court granted a preliminary injunction enjoining the FRB, FDIC, and OCC from implementing their final rule modernizing how lenders’ compliance under the Community Reinvestment Act consumer reporting agency is assessed. The effective date, April 1, 2024, is extended day by day for each day the injunction remains in place. Although the litigation remains pending, the federal banking agencies are proceeding as if it is going into effect. • Serving Limited English Proficiency (LEP) Borrowers: In recent years, the CFPB has shifted from permissive guidance to mandating that financial institutions accommodate and serve LEP consumers. This mandate is apparent in the proposed rule to amend Regulation X regarding responsibilities of mortgage servicers, which the CFPB issued in July. Specifically, the proposed rule requires mortgage servicers to provide translation of key documents in a borrower’s preferred non-English language. We expect regulators will increasingly demand services in non-English languages in the future. UDAAP • War on Junk Fees: The CFPB continued its focus on junk fees by alleging UDAAP violation and issuing 2024 CFS Year in Review | 27 guidance and pursuing enforcement actions. In January, the Bureau proposed rules to prohibit NSF fees on declined real-time transactions, such as debit card purchases and ATM withdrawals, and to close a loophole exempting large financial institutions’ overdraft lending from TILA, requiring compliance with lending laws and disclosure of interest rates, or a fee based on a benchmark or calculated cost. In March, the CFPB issued a credit card late fee final rule dramatically restricting the amount of late fees by capping them at only $8 (from a prior average of $32). In April, the Bureau addressed mortgage servicer fees it deemed unlawful in its Supervisory Highlights publication, and in May it launched a public inquiry into mortgage closing costs. In September, the CFPB released a circular stating that banks and credit unions must maintain proof that they obtained affirmative consent from consumers to enroll in overdraft services before levying overdraft fees for ATM and debit card transactions. In November, the CFPB announced a consent order ordering a major credit union to pay $95 million for engaging in UDAAPs related to overdraft fees. The CFPB is not alone in attacking fees charged by financial institutions. At the state level, California implemented a new law in July requiring all mandatory fees to be included in advertised prices, excluding government-imposed taxes or fees. The FTC finalized its “junk fee” rule in December but limited it to live event tickets and short-term accommodations, which it should not impact the financial services industry. • CFPB’s Revised UDAAP Examination Manual: In September 2022, the U.S. Chamber of Commerce and several trade associations sued the CFPB, claiming its March 2022 UDAAP Examination Manual exceeded its authority and lacked proper public notice and comment under the APA. In September 2023, a Texas federal district court vacated the CFPB’s manual changes, and the Bureau subsequently removed the manual changes regarding discriminatory conduct as an unfair practice. The CFPB appealed to the Fifth Circuit, and a decision is expected in the spring. • Comparison Shopping: In February, the CFPB issued a circular stating that operators of digital comparisonshopping tools and lead generators can violate UDAAP if they show a preference for products based on financial benefits to themselves rather than consumer interests. This occurs when operators steer consumers toward certain products due to their own compensation advantages, taking unreasonable advantage of consumers’ trust. The CFPB considers such practices abusive, especially if consumers are misled to believe the recommendations are objective. The CFPB emphasized protecting consumers’ ability to compare and choose financial products without undue influence from operators’ financial incentives. WHAT TO EXPECT IN 2025 While we anticipate that the federal fair lending laws will not be as aggressively enforced by the CFPB and federal banking agencies under the new Trump administration in terms of new investigations and public enforcement actions, we expect that such laws will continue to be actively enforced through the examination and supervision process. We also anticipate that the CFPB will be less assertive in its rulemaking efforts that implicate fair lending and UDAAP concepts, and several newer rules could be either moderated by the Bureau or rolled back — potentially through use of the Congressional Review Act. We also expect less aggressive interpretations of UDAAP by the CFPB under the new administration, with a focus on more mainstream applications of the concept. 2024 CFS Year in Review | 28 2024 CFS Year in Review | 29 Fintech REGULATION OF EARNED WAGE ACCESS CFPB Proposal The CFPB issued a proposed interpretive rule opining that earned wage access (EWA) products are subject to Truth in Lending Act (TILA) and Regulation Z (Reg Z) requirements. The interpretation reversed a November 2020 advisory opinion, which stated that EWA products did not constitute “credit” under Reg Z and TILA if they meet certain conditions. The new interpretation broadly defines EWA products as consumer credit, applying to any product that provides funds based on accrued wages and involves automatic repayment methods. The CFPB’s broad interpretation of “credit” includes any obligation to pay money at a future date, even if the obligation is contingent on future events. The proposal also classified optional tips and expedited funds fees as “finance charges” that must be disclosed. The proposal outlined several factors to determine whether a tip is imposed by the creditor, such as soliciting tips at the time of credit extension, setting default tip amounts, and suggesting tip amounts. State Regulations Multiple states also took action to regulate EWA products in 2024. For example, the California Department of Financial Protection and Innovation’s (DFPI) new regulations for direct-to-consumer EWA products were approved and taking effect on February 15, 2025. The regulations classify income-based advances, such as no-finance charges and, non-recourse EWA products, as loans under the California Financing Law (CFL), although providers may register rather than obtain a CFL license. The approval of these regulations signified a significant regulatory shift for EWA providers and reflects the DFPI’s ongoing efforts to increase oversight of EWA providers and other nontraditional finance companies operating outside the CFL. CONTRIBUTORS James Kim, Jeremy T. Rosenblum, Caleb N. Rosenburg, Jess B. Silverman Additionally, in February, Wisconsin enacted a law requiring EWA providers to obtain a license and to comply with various substantive and disclosure requirements. Under that law, EWA providers must develop consumer response policies, offer at least one no-cost option for obtaining funds, disclose all fees, inform consumers of material changes, allow service cancellation without fees, disclose the voluntary nature of tips, provide proceeds by mutually agreed means, comply with the federal Electronic Fund Transfer Act, and reimburse consumers for overdraft or nonsufficient funds fees caused by provider errors. The law also prohibits providers from compelling repayment through lawsuits, using third-party collection agencies (except in cases of fraud), sharing fees with employers, using credit reports for eligibility, reporting nonpayment, imposing late fees or interest, accepting credit card payments, misleading consumers about tips, and making false or deceptive advertisements. Kansas and South Carolina similarly enacted laws requiring registration of EWA providers and imposing substantive and disclosure requirements. These state actions follow legislative and regulatory steps taken by other states in 2023. Given the continued interest in EWA from state regulators, we expect additional state legislatures and regulators to take action in 2025. BUY NOW PAY LATER (BNPL) CFPB Proposal The CFPB proposed an interpretive rule purporting to subject BNPL transactions to the provisions of Reg Z applicable to credit cards. In October, an industry trade group filed a suit seeking to enjoin enforcement of the rule. In the proposal, the CFPB stated that a BNPL “digital user account” is an “other credit device” within the TILA/Reg Z definition of “credit card,” although this interpretation seems to conflict with existing commentary and definitions that contemplate a physical device. If the interpretive rule is effective, BNPL providers offering digital user accounts (DUAs) would be required to investigate consumer disputes, pause payment requirements during investigations, credit funds for returned products or canceled services, and provide periodic billing statements, as required by Reg Z. This interpretive rule would represent a significant shift for the BNPL industry, requiring rapid and burdensome changes for compliance. The CFPB’s rationale for applying these protections to BNPL products, which typically involve secure, personal profiles, does not align with the original intent of the Fair Credit Billing Act protections designed for physical credit cards. The CFPB also issued a set of FAQs providing guidance on applying Reg Z requirements to BNPL products accessed through DUAs. Although intended to clarify, the FAQs added complexity, including by stating that DUAs are both credit cards and charge cards under Reg Z. Overall, if the industry challenge fails and the CFPB enforces the interpretive rule, BNPL providers would need to contend with an increasingly complex regulatory environment. The new interpretation broadly defines EWA products as consumer credit, applying to any product that provides funds based on accrued wages and involves automatic repayment methods. 2024 CFS Year in Review | 30 OVERSIGHT OF BANKING-AS-A-SERVICE (BAAS) AND FINTECH-BANK PARTNERSHIPS In June 2023 Colorado passed H.B. 1229, which limits certain charges on consumer loans and opts Colorado out of Sections 521-523 of DIDMCA. These sections allow state banks to charge interest rates permitted by their home state, regardless of the borrower’s location. However, Section 525 of DIDMCA allows states to opt out of these provisions for loans “made in” the opt-out state. In March 2024, three trade organizations filed a complaint challenging H.B. 1229, arguing that a loan is made where the lender is located or where it performs its loan-making functions, not where the borrower is located. In June 2024, a Colorado federal court granted a preliminary injunction, halting the enforcement of H.B. 1229 with respect to loans made by out-of-state chartered banks. The court agreed with the plaintiffs that the determination of where a loan is made depends on the lender’s location and actions, not the borrower’s location. Colorado appealed that decision to the Tenth Circuit. Additional states passed legislation in 2024 designed to regulate certain bank partnerships by, for example, targeting bank model lending programs. Among other provisions, the law provides that a person is deemed the lender for purposes of Washington’s Consumer Loan Act either if the totality of the circumstances show that the person is the lender and the transaction is “structured to evade” the requirements of the CLA or if such person holds, acquires, or maintains (directly or indirectly) the predominant economic interest in the loan. Based on last year’s legislative activity, we expect additional action by states in 2025. If Colorado succeeds in its appeal, this will likely include additional states opting out of DIDMCA. 2024 CFS Year in Review | 31 2024 CFS Year in Review | 32 Mass Arbitration For decades, businesses fought to safeguard the enforceability of consumer arbitration provisions. In addition to the efficiency and lower expense, one reason companies prefer to invoke their right to arbitrate businessto-consumer disputes is that arbitration agreements commonly include class action waivers, requiring consumers to litigate claims on an individual basis. Although courts continue to uphold clauses banning collective actions in arbitration agreements, in recent years, the plaintiffs’ bar has deployed a new tool for undermining class action waivers: mass arbitration. Plaintiffs’ firms are now recruiting claimants through social media advertising and more traditional methods in order to file hundreds — or thousands — of arbitrations at once. Although time-consuming and expensive for plaintiffs’ firms, this tactic requires businesses to pay massive filing and arbitrator fees to ADR providers. Targeted companies soon realize they are at risk for millions of dollars in arbitration costs, even if they have strong defenses on the merits, which provides plaintiffs’ lawyers with immense leverage to extort early settlements. In recognition of this continuing trend, both JAMS and the American Arbitration Association (AAA) issued rule changes in 2024 to address mass arbitrations. Although this is a step in the right direction, the best course for companies facing the threat of mass arbitrations is to ensure that their arbitration provisions offer the best safeguards possible to head off this risk before its commencement. Businesses are continuing to modify their consumerfacing contracts to better address and control mass arbitration with either direct or institutional mass arbitration clauses. In a direct clause, the consumer contract addresses the possibility of mass arbitration and imposes certain rules and processes. In an institutional clause, the contract simply refers to a particular ADR provider organization’s rules, which then apply. This year, courts have scrutinized both direct clauses and institutional arbitration rules addressing mass arbitration. These decisions support the view that merely invoking an arbitration institution’s rules is no substitute for predispute arbitration agreements providing for well-crafted bellwether and/or group arbitrations. Additionally, there are many other provisions that companies can and should promptly incorporate into arbitration agreements to reduce the mass arbitration risk and provide additional certainty regarding the arbitration process. CONTRIBUTORS Massie P. Cooper, Kalama M. Lui-Kwan, Jacob Kozaczuk, Ryan Lewis RECENT DEVELOPMENTS AAA and JAMS Mass Arbitration Rule Changes AAA released revisions to its Mass Arbitration Supplementary Rules in two phases last year: the first on January 15, 2024, and the second on April 1, 2024. The changes include an updated fee schedule, adjustments to the process arbitrator’s authority, and a new requirement of an affirmation in each individual case that the information provided is true and correct to the best of the representative’s knowledge. Previously, JAMS had declined to implement protocols specific to mass arbitration. However, on May 1, 2024, JAMS joined other ADR providers by releasing its Mass Arbitration Procedures and Guidelines and an accompanying Mass Arbitration Procedures Fee Schedule. As with AAA, JAMS’s mass arbitration procedures provide for a process arbitrator to hear preliminary and administrative matters, impose an affirmation requirement, and adopt a fee schedule that mitigates some of the more significant costs that businesses must incur in mass arbitrations. There are several notable differences between the mass arbitration procedures adopted by AAA and JAMS. JAMS defines mass arbitration as 75 or more similar demands, while AAA sets the threshold at 25 or more. AAA’s rules apply automatically if the threshold is met, whereas JAMS requires both parties to opt in through a written agreement, which decreases the effectiveness of the JAMS procedures as a tool for defendants hedging risk. AAA charges a flat $8,125 initiation fee and varying percase fees, while JAMS charges a flat filing fee between $5,000 and $7,500, plus additional fees. JAMS does not mandate mediation, whereas AAA requires mediation within 120 days. Businesses should consider these distinctions when identifying specific ADR providers and procedures in their arbitration agreements. New Scrutiny of ADR Provider Procedures ADR providers’ mass arbitration procedures have been tested in recent litigation. For instance, in Heckman v. Live Nation Entm’t, Inc., 120 F.4th 670 (9th Cir. 2024), the Ninth Circuit recently found that mass arbitration rules from an institution called New Era ADR were both procedurally and substantively unconscionable. New Era ADR’s rules provided for an initial selection of three bellwethers, one each from the parties and one by a neutral, but made the application of the bellwether “precedent” discretionary. The Ninth Circuit found that the failure to apply the bellwether precedent would defeat the purpose of the mass arbitration protocol, create uncertainty, and lead to potentially inconsistent outcomes. Other recent cases have analyzed bellwether provisions, which typically create a bellwether class of cases that must be heard before other cases progress in arbitration. For example, in Silva v. WhaleCo, Inc., 2024 WL 4487421 (N.D. Cal. Oct. 10, 2024), the district court found that an arbitration clause providing for the concurrent administration of different groups of cases was not unconscionable because concurrent batching eliminated the concern that litigants’ claims would be stalled until prior batches of claims were resolved. In reaching this conclusion, the court considered other recent decisions finding bellwether provisions were unconscionable because they created undue delay and caused a chilling effect. See, e.g., Pandolfi v. AviaGames, Inc., 2024 WL 3558853 (N.D. Cal. July 26, 2024). WHAT CAN CLIENTS DO? Potential targets of mass arbitration should act proactively to address these threats in their arbitration provisions. With proper drafting and implementation of revised arbitration agreements, businesses can defeat class actions, protect against mass arbitration threats, and minimize costs in the event of a mass arbitration. Our attorneys have invested extensive time in developing state-of-the-art arbitration agreements featuring key protections against the risk of mass arbitration. These include: • Required claim notices and good faith efforts to resolve claims on an individual basis; • Invocation of mass arbitration provisions if more than a specified number of arbitrations (e.g., 25) are filed by common counsel within a specified period; • A limited number of individual arbitrations followed by required participation in a mediation before most claimants can initiate arbitration and trigger costs; • Cost-shifting if settlement demands are unreasonable or generous settlement offers are rejected; 2024 CFS Year in Review | 33 • Group arbitration of common issues of law or fact; • Use of a process arbitrator as contemplated by ADR provider procedures and other cost-saving measures; and • An election to arbitrate without (costly) assistance from certain ADR providers. These arbitration agreements create a fair balance between the needs of companies concerned about possible mass arbitration and consumers who may have meritorious causes of action. LOOKING AHEAD Court consideration of contractual clauses and ADR provider rules addressing mass arbitration is still in the early stages. These clauses and rules continue to be revised and refined in response to recent district court and circuit court decisions, and issues including timeliness of claim resolution and claimants’ right to counsel will no doubt be tested further in court in the coming year. Nevertheless, given the long line of U.S. Supreme Court precedent upholding party choice in arbitration clauses, we expect mass arbitration clauses and procedures will continue to be upheld in some form. While the courts continue to iron out issues relating to mass arbitration clauses and procedures, companies facing the risk of mass arbitration should review their arbitration provisions and adopt appropriate measures likely to head off this threat. 2024 CFS Year in Review | 34 2024 CFS Year in Review | 35 Mortgage Lending & Servicing In 2024, the mortgage industry faced significant legal and regulatory challenges, with key court decisions and evolving state and federal regulations shaping the landscape. This section provides an overview of the most impactful developments, including federal preemption standards, False Claims Act (FCA) litigation, and statespecific legislative updates, offering valuable insights for mortgage lenders and servicers navigating these complex issues. MORTGAGE ISSUES BEFORE FEDERAL COURTS The U.S. Supreme Court unanimously decided Cantero, 144 S. Ct. 1290 (2024), reaffirming the Barnett Bank preemption standard and remanding the case to the Second Circuit. The Court held that the Second Circuit erred in not applying the Barnett Bank standard to determine if a New York law requiring 2% interest on mortgage escrow deposits was preempted by federal law. The decision clarifies that federal law preempts state laws significantly interfering with national banks’ powers, rejecting both overly broad and overly narrow preemption interpretations. This ruling mandates a nuanced assessment of state laws’ impact on federal banking powers. In conjunction with the Cantero decision, the Court also remanded to the Ninth Circuit a case against Flagstar Bank concerning a California law on mortgage escrow interest. In Heron, the Tenth Circuit affirmed the dismissal of a plaintiff’s False Claims Act (FCA) lawsuit against his mortgage servicer. The plaintiff alleged the servicer and its predecessor engaged in fraudulent foreclosure practices and submitted false claims for federal funds. The court held the plaintiff’s claims were barred by the FCA’s public disclosure bar, which requires dismissal if the allegations are substantially similar to publicly disclosed information unless the plaintiff is an original source. The court found the plaintiff’s allegations were indeed publicly disclosed through various sources, including resolved consent decrees and criminal prosecutions against other mortgage servicers, and that the plaintiff did not qualify as an original source because his knowledge was not independent and did not materially add to publicly disclosed information. The District of New Jersey denied a defendant mortgage servicers’ motion to dismiss a putative class action alleging violations of the Fair Debt Collection Practices Act (FDCPA). The plaintiff claimed that mortgage statements sent by the defendants after a foreclosure judgment but before the property sale violated the CONTRIBUTORS Justin D. Balser, D. Kyle Deak, Jason E. Manning, Joseph Reilly, Thomas N. Abbott, Erin E. Edwards, Ahmed H. Khattab, Rachelle Pointdujour, Mark J. Windham FDCPA by listing the original mortgage interest rate instead of the statutory judgment interest rate. The court found these statements constituted attempts to collect a debt and had to comply with the FDCPA. The court also emphasized that under New Jersey’s merger doctrine, the mortgage merges into the judgment, and therefore the original mortgage interest rate no longer applied. The court denied defendants’ motion to certify the order for interlocutory appeal, and thus, the defendants will need to wait until the conclusion of the case to appeal the issue. Consumers also continue to file complaints across the country involving convenience fees and payoff statement fees (sometimes termed “pay-to-pay” fees) as well as nonsufficient funds fees. For example, a putative class action was recently filed in the Southern District of Texas, alleging a loan servicer’s $7.50 pay by phone convenience fee violated the Texas Fair Debt Collection Act and similar laws in six other states. We have not seen any notable decisions yet, but government-sponsored enterprises (GSEs) and the Consumer Financial Protection Bureau (CFPB) have submitted amicus briefs in some of these matters. STATE REGULATORY AND LITIGATION UPDATES The U.S. Court of Appeals for the Second Circuit asked the New York Court of Appeals to decide whether the Foreclosure Abuse Prevention Act (FAPA) can be applied retroactively. In East Fork Funding v. U.S. Bank, 2024 WL 4351792 (2d Cir. Oct. 1, 2024), the plaintiff filed a quiet title action against a mortgage lender relating to a mortgage recorded against the plaintiff’s property. The mortgage had already been the subject of three foreclosure actions, the first of which was filed in 2010, prior to FAPA’s enactment in December 2022, and was voluntarily discontinued in 2011. However, in the quiet title action, the Eastern District of New York granted summary judgment in favor of the plaintiff and applied FAPA retroactively, finding the statute of limitations continued to run from the commencement of the first foreclosure action in 2010 and expired six years later. The lender appealed and the Second Circuit certified to the New York Court of Appeals the question of FAPA’s retroactive application. However, the New York Court of Appeals, in a rare one-line order, respectfully declined the novel certified question by the Second Circuit, leaving the issue undecided. California enacted legislation requiring conventional mortgage loans secured by dwellings with multiple borrowers to include provisions allowing existing borrowers to assume another borrower’s portion of the mortgage in certain circumstances. Georgia amended its banking and finance code to end registration requirements for mortgage lenders and brokers that are wholly owned subsidiaries of any bank holding company, as well as to alter restrictions on time periods and licensing requirements for certain entities that are involved in securitization but not servicing of mortgage loans. The Georgia Department of Banking and Finance adopted corresponding regulations and further amended recordkeeping requirements related to entities claiming licensing exemptions related to securitization, including a fine of $1,000 per loan for any licensee’s failure to maintain required documentation. Illinois adopted regulations applicable to certain mortgage lender licensees to carry out the purposes of the Illinois Community Reinvestment Act (ILCRA). For those licensed mortgage lenders meeting certain criteria, the regulations establish: (1) standards for assessing a mortgage licensee’s performance in meeting the financial services needs of the community, including low- and moderate-income neighborhoods and individuals; (2) recordkeeping, reporting, and disclosure requirements; and (3) specifics on examinations under ILCRA, such as frequency and fees. Similar regulations were also adopted to apply to statechartered banks and credit unions. The Ohio Division of Financial Institutions amended its regulations to eliminate the requirement that registered mortgage companies maintain an in-state office and to ease certain recordkeeping requirements for originated loans and certain reporting requirements for adverse actions. AGENCY OPINIONS AND ADJUDICATIONS In August, the CFPB issued an advisory opinion and research report addressing contract-for-deed home financing, concluding that seller financing where the seller retains the deed until the buyer makes all payments generally is “consumer credit” under the Truth in Lending Act (TILA) and Regulation Z and, therefore, many providers of the financing must comply with the Ability to Repay 2024 CFS Year in Review | 36 and other rules under Regulation Z. The CFPB concluded that contracts for deed have much higher failure rates than traditional mortgage loans, as lenders using contracts for deed sell homes at inflated prices, with higher interest rates and balloon payments. In addition, according to the CFPB, the homes often do not have the benefit of inspections, and sellers have no stake in whether borrowers can afford the loan over the long term, as the sellers have the ability to evict a buyer for missing a single payment. Moreover, the CFPB’s research focused on how some lenders target lowincome and religious communities. On August 29, the CFPB announced it entered a consent order with NewDay USA, a Florida-based non bank direct mortgage lender, over allegations NewDay provided misleading and incomplete cost comparisons to veterans and military family borrowers, making its loans appear less expensive relative to the borrowers’ existing mortgages. The consent order required NewDay to pay a $2.25 million fine and cease misrepresentations about its mortgage loan products. On October 10, the Department of Justice (DOJ) announced a historic redlining settlement with Citadel Federal Credit Union, over allegations that Citadel engaged in discriminatory lending practices by redlining predominantly Black and Hispanic neighborhoods in and around Philadelphia. Under the proposed settlement order, Citadel will pay over $6.5 million in order to increase credit opportunities for communities of color in and around Philadelphia, which will include (1) investments in a loan subsidy fund to increase access to home mortgage, improvement, and refinance loans for residents; (2) community partnerships to provide services related to credit, consumer financial education, homeownership, and foreclosure prevention; (3) advertising, outreach, and credit counseling; (4) opening new branches; and (5) the hiring of a community lending officer. On October 15, the CFPB and DOJ announced a consent order with Fairway Independent Mortgage Corporation addressing allegations of redlining in majority-Black areas in Birmingham, Alabama, including allegations related to Fairway’s failure to establish any offices in majority-Black neighborhoods, disproportionate advertising in majoritywhite areas, and disparities between applications for properties in majority-Black areas compared to its peer lenders. The CFPB imposed a $1.9 million civil money penalty, to be paid into the CFPB’s victims relief fund, and required that $7 million be provided for a loan subsidy program to offer affordable home purchase, refinance, and improvement loans in majority-Black neighborhoods in Birmingham. Moreover, the proposed order requires that Fairway open or acquire a new loan production office or full-service retail office in a majority-Black neighborhood, and spend at least $500,000 in advertising and outreach, at least $250,000 in consumer financial education, and at least $250,000 on partnerships with one or more community-based or governmental organizations to service neighborhoods previously redlined by Fairway. FEDERAL REGULATORY COMPLIANCE TRENDS The CFPB’s semi annual regulatory agenda identified several rules in the final rule stage, including the Registry of Supervised Nonbank Covered Persons that will require supervised nonbank entities to provide information about their use of certain terms, a separate rule requiring supervised nonbank entities to register with the CFPB when they have become subject to certain final public orders imposing obligations on them based on alleged violations of specific consumer-protection laws, and the automated valuation model (AVM) rule, which mandates that mortgage originators and secondary market issuers that use AVMs to determine the value of mortgage collateral adhere to certain quality control standards. The CFPB is proposing a rule to amend regulations regarding the responsibilities of mortgage servicers to streamline existing requirements when borrowers seek payment assistance in times of distress, to add safeguards when borrowers seek help, and to revise existing requirements with respect to borrower assistance. The CFPB is also considering proposals to regulate the activity of data brokers under the Fair Credit Reporting Act and to revive Regulation AA to enforce certain provisions in contracts for consumer financial products or services. The CFPB also launched a public inquiry into whether fees charged in loan closings are causing steeply rising costs. The CFPB estimates a 36% increase in the median total 2024 CFS Year in Review | 37 closing costs for home mortgages from 2021 to 2023. The CFPB’s special edition of its Supervisory Highlights report issued in April 2024 noted instances of mortgage servicers charging illegal fees, sending deceptive notices to homeowners, and violating Regulation X loss mitigation rules. The Spring 2024 Regulatory Agenda and Supervisory Highlights signal a busy and potentially transformative period for the financial services industry. The finalization of the Registry of Supervised Nonbank Covered Persons and the modernization of overdraft program regulations are likely to be contentious and closely watched. The proposed revival of Regulation AA adds an element of uncertainty, as it could lead to significant changes in how consumer financial contracts are regulated. Of course, all these initiatives could go in a different direction during the Trump administration. Recent judicial decisions, such as the U.S. Supreme Court’s rulings in Loper Bright Enters. v. Raimondo, 603 U.S. 369 (2024), and Relentless v. Dep’t of Com., 144 S. Ct. 2244 (2024), could also impact the CFPB’s rulemaking efforts. The end of Chevron deference means courts will scrutinize the CFPB’s rules and interpretations more rigorously, potentially leading to more legal challenges. LOOKING FORWARD TO 2025 Lenders continue to patiently wait for a clear response on whether FAPA can be applied retroactively, which could result in the dismissal of many existing foreclosure cases with prejudice. Until this issue is decided, lenders should review their loan portfolios to identify mortgages that were the subject of pre-FAPA enforcement actions and assess whether future acceleration and foreclosure will be time-barred. Lenders would also be wise to consider including language in their mortgage contracts that addresses deacceleration of the mortgage and a reset of the statute of limitations, rather than a unilateral voluntary discontinuance, which could run afoul of FAPA. With respect to litigation, we expect more complaints and additional arguments in state and federal courts across the country on the matters of convenience fees and payoff statement fees, with GSEs and federal regulators weighing in. However, the landscape could change with the new administration. We expect to see lawsuits and appeals related to mortgage interest rate requirements following foreclosure judgment in judicial foreclosure states that implement a merger doctrine. We will continue to monitor and provide regular updates on these federal and state litigation trends. Under the Justice Department’s 2021 Combatting Redlining Initiative, federal regulators continued to crack down on discriminatory lending practices in 2024, resulting in a significant number of redlining cases brought by the DOJ, signaling to mortgage industry stakeholders they must be vigilant in assessing and mitigating redlining risks. However, it is unclear if this unprecedented federal initiative will continue to the same extent. We will continue to monitor and provide regular updates on the federal regulators’ oversight of redlining practices and what lenders should do to mitigate risks. 2024 CFS Year in Review | 38 2024 CFS Year in Review | 39 Payment Processing and Cards CFPB’S CREDIT CARD LATE FEE RULE The Consumer Financial Protection Bureau (CFPB) published its final credit card late fee rule (Final Rule) in March 2024. The Final Rule restrictions only apply to large credit card issuers, defined as issuers, together with their affiliates, that have 1 million or more open accounts. Thus, whether an issuer is considered a large credit card issuer is measured at the issuer level across all of the issuer’s programs rather than at the individual card program level. For large credit card issuers, the Final Rule sets a safe harbor amount for late fees at $8, eliminates an increased safe harbor amount for subsequent violations, and eliminates the annual inflation adjustments to the safe harbor amount. Under the Final Rule, these larger credit card issuers will be able to charge late fees above the $8 threshold so long as they can prove, to the CFPB’s satisfaction, that the higher fee is necessary to cover their actual collection costs. The Final Rule also updated Regulation Z’s commentary related to calculating a cost-based late fee amount to prohibit larger credit card issuers from including in their analysis any collection costs incurred after an account is charged off. Smaller credit card issuers, as defined under the Final Rule, are not affected by these requirements. The Final Rule also increased the annual inflation adjustment safe harbor amounts for violating the terms, or other requirements, of an account to $32 for the first violation and $43 for subsequent violations. Large credit card issuers may not use these increased safe harbor amounts for late fees but may use them for other penalties, such as returned payment fees. Small credit card issuers may use the increased safe harbor amounts for all penalties, including late fees. The Final Rule triggered immediate backlash from the industry. Just days after the Final Rule was published, the U.S. Chamber of Commerce and multiple bank trade groups sued the CFPB in the U.S. District Court for the CONTRIBUTORS Jason M. Cover, Mark J. Furletti, Joshua McBeain, Jeremy C. Sairsingh Northern District of Texas, in the Fifth Circuit, to challenge the Final Rule’s legality. No. 4:2024cv00213 (N.D. Tex. 2024). The judge issued a preliminary injunction staying the effective date of the Final Rule on May 10, 2024, four days before the Final Rule’s effective date. The case has had a complicated and unusual procedural history. The CFPB has sought, multiple times, to dissolve the preliminary injunction and transfer the case from the U.S. District Court for the Northern District of Texas to the U.S. District Court for the District of Columbia. On December 6, 2024, the court denied the CFPB’s motions to transfer the case to the District of Columbia and dissolve the preliminary injunction. In support of denying the CFPB’s motion to dissolve the preliminary injunction, the court stated: “Given the court’s finding that the Final Rule violates the statutory authority granted to the CFPB under the CARD Act, the plaintiffs maintain a strong likelihood of success on the merits, and this factor weighs against dissolution of the court’s preliminary injunction.” No. 4:2024cv00213, Doc. 128, at 12. The court highlighted that the CARD Act allows for “penalty fees” that are “reasonable and proportional” to the violation, and the CFPB’s Final Rule, which focused on covering costs rather than imposing penalties, was inconsistent with this statutory mandate. NEW YORK CREDIT CARD REWARDS On December 10, 2023, New York General Business Law Section 520-e, requiring a grace period for the use of credit card rewards points, went into effect. The law provides that if any credit card rewards program is modified, cancelled, closed, or terminated, the cardholder must be provided notice of such change “as soon as possible,” and shall have 90 days from the date on which notice was sent to “redeem, exchange, or otherwise use any credit cards points that the holder accumulated at the time of such” modification, cancellation, or termination, subject to the availability of the rewards. Section 520-e also prohibits any separate agreement between the card issuer and holder to waive or limit the grace period. The law defines points as “units that can be accumulated in an account in connection with a credit card reward, loyalty, or other incentive program, often referred to as points or for certain travel-related rewards as miles, which are redeemable, fungible, or otherwise exchangeable, in whole or in part, for rewards.” Importantly, “modified,” in relation to a rewards program, is broadly defined as “a change that has the effect of eliminating points, reducing the value of points, affecting the ability of a holder to accumulate points, limiting or reducing rewards availability, limiting a holder’s use of points or the credit card account, otherwise diminishing the value of the rewards program or the credit card account to the holder, or changing the obligations of the holder with respect to the rewards program or credit card account.” Notably, the last three circumstances seem to extend beyond the rewards program to changes in the credit card account itself. Section 520-e’s protections do not apply in the case of fraud or misuse by the holder of the credit card account or related rewards program. “Fraud” and “misuse” are not defined. Our take on Section 520-e is that it is geared toward preventing card issuers from forfeiting or diminishing the value of a cardholder’s preexisting credit card points. Unfortunately, Section 520-e is rife with ambiguities. For The court highlighted that the CARD Act allows for “penalty fees” that are “reasonable and proportional” to the violation, and the CFPB’s Final Rule, which focused on covering costs rather than imposing penalties, was inconsistent with this statutory mandate. 2024 CFS Year in Review | 40 example, the definition of “points” includes points earned from credit card spend. The definition can also be read to include other non-card spend activities (flights, hotel stays, car rentals, etc.) because the definition lacks a requirement to earn in connection with spending on a card and specifically includes “certain travel-related rewards as miles, which are redeemable, fungible, or otherwise exchangeable, in whole or in part, for rewards.” This ambiguity could impact the rewards terms in the card agreement and any applicable separate rewards program terms. Also, because “fraud” and “misuse” are not defined, it is not clear what cardholder activities would constitute fraud or misuse and thus exempt a card issuer or rewards program manager from compliance with the law. Because of these ambiguities, there is an elevated risk of regulation by enforcement from the attorney general and claims from private litigants. As a result, rewards program agreements should be reviewed and potentially restructured to mitigate potential issues. FTC’S RECURRING SUBSCRIPTIONS RULE On October 16, 2024, the FTC issued final amendments to the Rule Concerning Recurring Subscriptions and Other Negative Option Programs, aimed at making it easier for consumers to cancel recurring subscriptions and memberships. The FTC’s final rule introduces several key provisions, including: • Prohibition of Misrepresentations: The rule prohibits misrepresentations of any material fact made while marketing goods and services using negative option features. • Required Disclosures: Sellers must provide clear and conspicuous disclosures of recurring payments, deadlines to stop charges, costs, billing dates, and cancellation methods before obtaining consumers’ billing information. • Affirmative Consent: Sellers must obtain consumers’ unambiguously affirmative consent to the negative option feature before charging them. • Simple Cancellation Mechanisms: Sellers must provide consumers with simple mechanisms to immediately halt all recurring charges. The final rule applies to all subscription programs in any media, covering a wide range of industries from gym memberships to internet services. Two separate lawsuits have been filed challenging the FTC’s final rule. Petitioners in these cases seek to vacate the FTC’s final rule. Unless implementation is stayed by the courts, the FTC’s final rule will take effect 180 days after its publication. Businesses offering recurring subscriptions and memberships must prepare to comply with the new requirements or risk facing legal and regulatory consequences. 2024 CFS Year in Review | 41 2024 CFS Year in Review | 42 Small-Dollar Lending FEDERAL SMALL-DOLLAR LENDING DEVELOPMENTS CFPB Payday Lending Rule The so-called Payday, Vehicle Title and Certain HighCost Installment Loans rule (Payday Rule), promulgated by the CFPB in 2017, is slated to finally go into effect on March 30, 2025, following years of litigation (or at least that is the CFPB’s position at the time of this writing). While ostensibly aimed at higher-APR lending (e.g., loans with an APR above 36%), it also applies to most creditors, including banks, offering loans (1) that are substantially repayable within 45 days or less or (2) that have a bullet or balloon payment feature. It applies by its plain terms to a number of mainstream financial products and products marketed to high-net-worth individuals, none of which the CFPB seems to have considered when promulgating the rule. While the Payday Rule’s most onerous provisions — those related to ability to repay — have been rescinded, certain payment-related provisions remain, including provisions that (1) prohibit covered lenders from initiating additional payment transfers from consumers’ accounts after two consecutive payment attempts have failed for nonsufficient funds unless the consumer authorizes additional payment transfers; and (2) require various notices before a covered lender initiates a payment transfer attempt. Assuming the Payday Rule is not delayed further, companies impacted by the rule will need to devote all necessary resources to address the rule’s rapidly approaching compliance date. CFPB Sues Small-Dollar Lender In May 2024, CFPB sued a fintech company operating a small-dollar, short-term lending platform. The CFPB alleges the company engaged in deceptive practices related to the total cost of loans, servicing, and collection of void and uncollectible loans, and provided consumer reports governed by the FCRA while failing to ensure the maximum possible accuracy of those consumer reports. CONTRIBUTORS Jason M. Cover, Mark J. Furletti, Joshua McBeain, Jeremy C. Sairsingh The CFPB also alleges that despite advertising no-interest loans, the company prompts borrowers to select a “tip” for the lender and a “donation” during the application process. Per the CFPB, consumers only see options for what percentage of a donation or tip to give, and none of the options is zero. CFPB Proposes Earned Wage Access Interpretive Rule In July 2024, the CFPB proposed a sweeping interpretive rule opining that earned wage access (EWA) products — whether provided through employer partnerships or marketed directly to borrowers — are subject to TILA and Regulation Z (Reg Z). The comment period closed on August 30, 2024, and it remains to be seen whether the CFPB under the new administration will put the brakes on the rule. In November 2020, during the previous Trump administration, the CFPB issued an advisory opinion stating that EWA products do not involve the offering or extension of “credit” as that term is defined in Reg Z and TILA. The 2020 opinion explained that an EWA product is not an extension of credit if it meets several conditions, including providing the consumer with no more than the amount of accrued wages earned; provision by a third party fully integrated with the employer; no consumer payment, voluntary or otherwise, beyond recovery of paid amounts via a payroll deduction from the next paycheck, and no other recourse or collection activity of any kind; and no underwriting or credit reporting. The proposed interpretive rule takes the opposite approach, applying broadly to any product that involves both “the provision of funds to the consumer in an amount that is based, by estimate or otherwise, on the wages that the consumer has accrued in a given pay cycle” and “repayment to the third-party provider via some automatic means, like a scheduled payroll deduction or a preauthorized account debit, at or after the end of the pay cycle.” Likewise, the proposed rule treats EWA products as consumer credit for purposes of TILA. Specifically, the CFPB defines “debt” to include any obligation to pay money at a future date, even if the amount is contingent on future events, such as the availability of funds from the next payroll event. Also, the proposed rule treats optional tips and expedited funds fees as “finance charges” for purposes of Reg Z, with the CFPB taking the position that such costs are conditions of the extension of credit and must be disclosed as part of the finance charge. STATE SMALL-DOLLAR LENDING DEVELOPMENTS State Regulation of EWA Even if the CFPB under the new administration reverses course on its proposed rule, states have wide latitude to regulate EWA products, and several states did so in 2024: • California adopted final EWA regulations taking effect on February 15, 2025. The regulations classify direct-toconsumer EWA products as loans under the California Financing Law (CFL), but in lieu of CFL licensure, providers of EWA products must register with the state and comply with specific regulatory requirements. Notably, the regulations define “charges” to include gratuities and expedited payment fees. • Kansas enacted EWA legislation requiring EWA providers to be licensed by the state bank commissioner and comply with certain disclosure rules. • Wisconsin enacted legislation requiring EWA providers to be licensed and imposing substantive and disclosure rules. Several other states, including Arizona, Hawaii, Kentucky, and Massachusetts, introduced EWA bills that were not enacted but may be reintroduced in the 2025 legislative session. We fully expect EWA state activity to continue in 2025 — and such legislation may accelerate if state legislatures perceive a pullback at the federal level. Other State Legislation • Florida Consumer Finance Act Amendments: On July 1, 2024, amendments to Florida’s Consumer Finance Act took effect. The amendments allow licensees to lend any sum of money up to $25,000. The maximum interest rate has been increased to 36% per annum (up from 30%) computed on the first $10,000 of the principal amount; 30% per annum (up from 24%) on amounts exceeding $10,000 up to $20,000; and 24% per annum (up from 18%) on amounts exceeding $20,000 up to $25,000. Among other things, the 2024 CFS Year in Review | 43 amendments also increase the grace period before late fees can be imposed from 10 to 12 days, require licensees to offer free credit education courses to borrowers at the time a loan is made, provide for the suspension of certain collection activities in the event of a disaster, and require branches of businesses making consumer finance loans to obtain a license. • Kansas UCCC Amendments: In May 2024, Kansas enacted significant changes to the Kansas Mortgage Business Act and the Uniform Consumer Credit Code (UCCC), most of which took effect on January 1, 2025. Among other things, the amended UCCC provides that small-dollar-loan borrowers who are unable to repay a loan as contemplated may elect once every 12 months to repay the payday loan by means of an extended payment plan. The extended payment plan terms allow the consumer to repay the outstanding payday loan including any fee due in at least four substantially equal installments. No additional loans may be made to the consumer during an extended payment plan, and lenders are required to prominently display the availability of extended payment plans where loans are made and disclose the availability of extended payment plans in small-dollar-loan agreements. The amended UCCC also caps interest rates on closedend consumer loans at 36%, revises NSF and late fee provisions, caps prepaid finance charges on consumer loans at the lesser of 2% of the amount financed or $300, and amends the UCCC’s right-to-cure provisions. 2024 CFS Year in Review | 44 2024 CFS Year in Review | 45 Student Lending According to a recent finding by the Consumer Financial Protection Bureau (CFPB), student debt currently represents the second-largest form of U.S. consumer debt, at over $1.7 trillion. For years, we have tracked developments in student lending, which became increasingly active and contentious during the Biden administration. In the past couple of years, we chronicled the Biden administration’s efforts to provide relief to indebted students and the legal challenges to those efforts. Notably, the U.S. Supreme Court’s decision in Biden v. Nebraska, 143 S. Ct. 2355 (2023), struck down Biden’s loan forgiveness plan, ruling that the Higher Education Relief Opportunities for Students Act of 2003 (HEROES Act) did not authorize the Secretary of Education to cancel approximately $430 billion in student debt. Despite this major setback, the Biden administration continued pushing for student debt relief through 2023. Last year, the tug-of-war between debt relief efforts and legal obstacles continued, with new battlegrounds introduced just in time for a new presidential administration to take shape. BIDEN ADMINISTRATION’S EFFORTS TO FORGIVE DEBT Despite Biden v. Nebraska, the Biden administration pushed ahead in its effort to maximize student debt relief. The administration’s efforts have largely been successful. In October 2024, the Biden administration announced an additional $4.5 billion in student loan relief, bringing the total forgiveness approved to over $175 billion since President Biden took office. This most recent forgiveness was largely due to significant changes to the Public Service Loan Forgiveness (PSLF) program. The program, which supports public servants such as nurses, teachers, and servicemembers, operates by forgiving the remaining balance for individuals who have made 120 monthly payments. By making this program more easily accessible, simplifying the approval process, and increasing marketing efforts, roughly $74 billion has been forgiven through PSLF. The administration has also found success through other programs. The Saving on a Valuable Education (SAVE) CONTRIBUTORS David M. Gettings, Courtney T. Hitchcock, Anthony T. Peluso plan, announced in July 2023, is a new repayment plan for low-income borrowers. The plan, which modifies the way a borrower’s “discretionary income” metric is calculated, has accounted, along with similar income-driven repayment (IDR) plans, for approximately $56.5 billion in relief since the administration took office. COURT CHALLENGES IN 2024 As noted above, the Biden administration’s efforts have faced legal challenges given the relatively unilateral actions the administration took and the potential costs to taxpayers that student loan forgiveness creates. In April 2024, seven states challenged the SAVE plan in Missouri federal court. In August, the Eighth Circuit issued a temporary injunction in Missouri v. Biden, 112 F.4th 531 (8th Cir. 2024), placing most of the SAVE plan relief on hold while the appeal is pending before the Supreme Court. Although the Supreme Court has not issued an ultimate decision, it declined a request from the Biden administration to lift the Eighth Circuit’s injunction pending resolution. There is also concern from the Department of Education that court rulings on the SAVE plan could have further impact on other IDR plans. Although borrowers enrolled in the SAVE plan saw their loans placed into a temporary, interest-free forbearance, the ultimate court determination on the legality of these plans could have ramifications on debt relief moving forward. Other decisions on Biden debt relief policies have fared better. In Missouri v. United States Dep’t of Educ., No. CV-224-103, 2024 WL 4374124 (S.D. Ga. Oct. 2, 2024), a federal judge ruled that Georgia, one of the original seven to challenge the SAVE plan, failed to show it would be harmed by the administration’s plan to forgive approximately $73 billion in debt. Although the state claimed potential losses in tax revenue under the plan, the court held that Georgia lacked standing to challenge the policy, and transferred the case to Missouri given the clear injuries that the plan would present to the Higher Education Loan Authority of the State of Missouri. CFPB STATISTICS REPORT AND PREDATORY LENDING In addition to courts, regulatory bodies have directed considerable efforts to combat allegedly deceptive and predatory lending practices. Throughout 2024, the CFPB found multiple instances where it accused loan servicers of creating excessive barriers, providing inaccurate benefit information to borrowers, and failing to notify consumers about fund transfers. During one such examination, the CFPB discovered that Student Loan Pro, a telemarketing firm, was allegedly illegally charging borrowers fees for filing paperwork to access free debt-relief programs. Consequently, on December 4, 2024, the CFPB banned Student Loan Pro from offering or providing consumer financial products. Additionally, on December 16, 2024, the CFPB published a special edition of its Supervisory Highlights, capturing a range of concerns across the student loan origination and servicing markets. Notably, the CFPB’s report suggests that various lenders allegedly misled borrowers about the loss of federal protections when refinancing federal loans through private lenders; engaged in unfair practices in private lending and servicing, such as allegedly denying disability benefits; misrepresented autopay discounts; and eliminated unemployment protections without informing borrowers. The CFPB report also claims that servicers misled borrowers about their rights to challenge loans based on school misconduct and engaged in illegal debt collection practices through false threats of legal action and abusive practices. Finally, CFPB examiners also highlighted what they perceived as poor customer service, deceptive billing statements, unauthorized debits, delays in processing IDR applications, improper denials of IDR applications, and failure to inform borrowers of self-certification options. TRUMP ADMINISTRATION IMPACT MOVING FORWARD In dealing with the above issues, the Biden administration utilized regulatory processes, rather than pushing initiatives through Congress, to implement changes and provide student loan relief through the SAVE plan and enhancements to the PSLF program. Additionally, the administration reduced payment amounts under IDR plans and expanded the Temporary Expanded Public Service Loan Forgiveness program, allowing more borrowers to qualify for forgiveness. Utilizing regulatory tools enabled the Biden administration to bypass the legislature — leading to praise from some stakeholders and criticism from others. 2024 CFS Year in Review | 46 Because these changes were not implemented through congressional legislation, they are highly vulnerable to repeal or modification. The Trump administration could also use regulatory procedures to undo Bidenera initiatives. The SAVE plan, in particular, is at risk. Republican lawmakers heavily criticized this plan, and even if the legal challenges to the SAVE plan are resolved, the new administration might not implement it. Other IDR plans, such as Income-Contingent Repayment and Pay As You Earn, face similar risks. Additionally, congressionally enacted programs such as the PSLF and IDR plans, which would require legislative action to amend or repeal, could still be affected with new barriers to access. For example, the Trump administration may make it harder to qualify for these programs or reduce staffing and funding. Thus, the regulatory arena will be an important battleground for student lending. For borrowers who received loan forgiveness through Biden’s measures, the risk of having those benefits clawed back is low, but not zero. The Trump administration in its first term proposed eliminating the government’s subsidy for federal student loans, and Republicans have already filed legislation that proposes removing the loan forgiveness feature while retaining the IDR plan. Even though last year saw $40 billion in additional debt relief, the Trump administration is poised to scale back or eliminate some of this forgiveness, focusing efforts instead on lowering taxes, interest rates, and inflation; implementing tariffs; and reducing unemployment. Troutman Pepper Locke will continue to monitor these updates as the new administration takes shape and provide insight and information to help you navigate the student lending space. 2024 CFS Year in Review | 47 2024 CFS Year in Review | 48 Telephone Consumer Protection Act The Telephone Consumer Protection Act (TCPA) continues to be a favorite target for the plaintiffs’ bar, with TCPA filings up 5.2% year to date over 2023 as of early July. Standing, junk faxes, recruitment messages, personal liability, and text messages continued to be hot topics for courts and regulators in 2024. DEVELOPMENTS IN LITIGATION Hobbs and FCC Interpretations On October 4, 2024, the Supreme Court granted a petition for appeal in a TCPA action concerning online junk faxes. The main issue before the Court in McLaughlin v. McKesson is whether the Hobbs Act requires district courts to adhere to the FCC’s legal interpretation of the TCPA in the context of junk faxes. In 2019, the FCC decided that marketing messages sent through online fax services are not covered by the TCPA in the same way that physical fax transmissions are. Since that decision, district and appellate courts have used it to decertify class actions over fax campaigns. The McLaughlin dispute arose out of junk faxes received by McLaughlin, a chiropractic clinic, in 2013 that allegedly did not contain certain opt-out notifications. McLaughlin was decertified by a district court and the Ninth Circuit affirmed that decertification, writing, “The court correctly found that it was bound by the Federal Communications Commission (FCC) Amerifactors declaratory ruling, which determined that the TCPA does not apply to faxes received through an online fax service.” The Supreme Court’s review may be informed by its prior decision in PDR Network, LLC v. Carlton & Harris Chiropractic, Inc., 588 U.S. 1 (2019). In that case, Justices Thomas, Alito, and Gorsuch joined Justice Kavanaugh’s concurrence addressing the scope of the Hobbs Act. The concurrence discussed how the Hobbs Act’s primary purpose is to channel facial, pre-enforcement challenges to agency orders through courts of appeals. Justice Kavanaugh’s analysis suggested that absent a pre-enforcement challenge, or following appellate court review of an agency’s interpretation, parties may raise arguments about the correctness of agency interpretations in subsequent proceedings. The concurrence noted that when statutes are silent about review in enforcement actions, traditional administrative law principles may permit district court review of agency interpretations. This analysis CONTRIBUTORS Virginia B. Flynn, Chad R. Fuller, Kristen L. Mynes, Jovanni Villa could be relevant to the Court’s consideration of the issues presented in McLaughlin. Recruitment Messages In a recent ruling, the U.S. District Court for the Central District of California dismissed a complaint under the TCPA against Nexa Mortgage, LLC. The plaintiff, who had registered his cell phone on the National Do-Not-Call Registry, received three text messages and one voicemail from the defendant over three days in March 2024, aimed at recruiting him for employment. The court found these communications were not “solicitations” under the TCPA as they were intended to recruit the plaintiff, not to sell goods or services. The plaintiff’s argument that the defendant’s administrative fee constituted a product sale was rejected, as the fee could be passed on to customers. Additionally, the court ruled that the plaintiff failed to provide sufficient evidence that the defendant used an automated telephone dialing system (ATDS) or that the voicemail was prerecorded. The personalized nature of the messages and the lack of specific facts supporting the use of an ATDS or a prerecorded message led to the dismissal. The complaint was dismissed with prejudice, as further amendments were deemed futile. This ruling is favorable for businesses using text messages for recruitment, contrasting with adverse decisions in other circuits regarding recruiting messages as telephone solicitations. No Personal Liability Under the TCPA In Perrong v. Chase Data Corp., the Eastern District of Pennsylvania ruled that the owner of a company cannot be held personally liable for violations of the TCPA. The case involved defendant companies selling calling and texting services, allegedly sending unsolicited text messages to the plaintiff to generate leads for personal injury lawyers, violating Section 227(b) of the TCPA. The court allowed the plaintiff to proceed with claims against one company and to amend the complaint against a successor company. However, claims against the owner were dismissed. The court noted that the allegations against the owner were conclusory and that Third Circuit precedent does not support personal liability for corporate officers under the TCPA, as Congress did not include such language in the statute. The dismissal of claims against the owner was without leave to amend. DEVELOPMENTS IN REGULATORY OVERSIGHT Effective Dates Announced for Amendments to TCPA Rules The FCC marked a significant development in TCPA enforcement by announcing effective dates for its enhanced consumer protection rules. Published on March 5, 2024, these amendments will take effect on April 11, 2025, following a six-month implementation period that the FCC deemed necessary for industry compliance. The new rules substantially clarify and strengthen revocation requirements under the TCPA. Most notably, the amendments establish that consumers may withdraw their consent to receive automated calls or texts “in any reasonable manner.” This includes using common opt-out terminology such as “stop,” “quit,” “end,” “revoke,” “opt out,” “cancel,” or “unsubscribe.” The rules impose specific time frames for honoring these requests, requiring callers to process revocations “as soon as practicable” and no later than 10 business days after receipt. For text message marketers, the amendments create a narrow window for sending a single confirmatory message. Businesses may send one text within five minutes of receiving a revocation request, solely to confirm or clarify the scope of the opt-out. This provision aims to balance consumer protection with legitimate business needs for clear communication about opt-out scope. The implementation timeline follows significant industry dialogue, including notable opposition from USTelecom — The Broadband Association. The trade group raised concerns about potential unintended consequences, particularly regarding the possibility of legitimate calls being inadvertently blocked. Their advocacy emphasized the need for operational flexibility, especially in handling emergency communications. LOOKING FORWARD Expect to see increased regulatory scrutiny and potential litigation focusing on new amendments to the TCPA rules once they take effect. On the litigation front, text messages and do-not-call list violations will likely continue to be popular targets. 2024 CFS Year in Review | 49 2024 CFS Year in Review | 50 Tribal Lending Lawsuits challenging Tribal lending practices continued in 2024. Courts heard challenges on the enforceability of delegation clauses and arbitration agreements, splitting on whether the prospective waiver doctrine invalidates agreements that waive access to state statutory schemes. Courts rejected attempts to expand the U.S. Supreme Court’s holding in Coughlin to abrogate Tribal immunity in Fair Credit Reporting Act (FCRA) and Family Medical Leave Act (FMLA) suits. The Eastern District of New York granted summary judgment for a bank that allegedly conspired to violate the Racketeer Influenced and Corrupt Organizations Act (RICO) in assisting in the collection of Tribal loans, finding there was no evidence of the specific intent needed to sustain the claim. COURTS ASSESS WHETHER THE PROSPECTIVE WAIVER DOCTRINE INVALIDATES ARBITRATION AND DELEGATION CLAUSES BASED ON LACK OF ACCESS TO STATE LAW In Dunn v. Global Trust Mgmt., LLC, No. 21-10120, 2024 U.S. Dist. LEXIS 24993 (11th Cir. Oct. 3, 2024), the Eleventh Circuit reversed the district court, finding that the Tribal arbitration agreements’ delegation provisions were enforceable and the arbitrator was required to decide threshold questions of arbitrability. The court held: • Since the parties delegated enforceability issues to an arbitrator, it could only consider challenges to the enforceability of the delegation provisions themselves. • Regarding the plaintiffs’ broader challenges to the enforceability of the arbitration agreements, the court “cannot consider these or the other arbitrability issues raised” and “must respect the parties’ decision to delegate these questions.” • It could not “address whether the arbitration agreements (as opposed to the delegation provisions themselves) are unenforceable because they prevent Plaintiffs from raising their federal or state-law claims.” • The delegation provisions incorporated the Federal Arbitration Act (FAA) and did not preclude the plaintiffs from raising defenses to the enforceability of their arbitration agreements under the FAA. • The plaintiffs’ challenges based on provisions mandating application of Tribal law may not be decided by the court, since that issue was properly delegated to the arbitrator. SEVENTH CIRCUIT DISTRICT COURTS SPLIT ON SCOPE OF THE PROSPECTIVE WAIVER DOCTRINE In Walton v. Uprova Credit LLC, 1:23-cv-00520, 722 F. Supp. 3d 824 (S.D. Ind. 2024), the Southern District of Indiana found the prospective waiver doctrine did not extend to waiver of access to state statutory schemes in upholding a delegation clause. The court evaluated a recent U.S. Supreme Court case — Viking River Cruises, CONTRIBUTORS David N. Anthony, Jed Komisin, Allie Voehringer Inc. v. Moriana — which the plaintiffs argued expanded the prospective waiver doctrine to waivers of access to state law (as opposed to a waiver of access to federal law) and stated: • The Supreme Court never mentioned the prospective waiver doctrine (or the effective vindication exception) in Viking River. • Rather, the Supreme Court reiterated that “by agreeing to arbitrate a statutory claim, a party does not forgo the substantive rights afforded by the statute; it only submits to their resolution in the arbitral forum.” • Substantive statutory rights — federal or state — are not nullified by virtue of their resolution in an arbitral, rather than a judicial, forum. • The ruling “reserves the pertinent choice-of-law inquiry for the arbitrator, as well as [the plaintiff’s] unconscionability arguments” and requires that “[a]ny further judicial involvement must await the outcome of the arbitration of these threshold matters.” In Fahy v. Minto Dev. Corp., 722 F. Supp. 3d 784 (N.D. Ill. 2024), the Northern District of Illinois split with Walton and found Viking River dicta expanded the prospective waiver doctrine to invalidate delegation clauses and arbitration agreements based on a consumer’s inability to access state statutes. The Fahy court reasoned: • The Supreme Court directly ruled on the scope of the prospective waiver doctrine in Viking River by rejecting defendant’s argument that the prospective waiver doctrine applied only to waivers of federal statutes. • Viking River labeled defendant’s position that the prospective waiver doctrine applied only to waivers of federal statutes “erroneous.” • Even if the Viking River discussion was dicta, it provided guidance on the state of the law. In Harris v. W6LS, Inc., 23 CV 16429, 2024 U.S. Dist. LEXIS 91687 (N.D. Ill. May 22, 2024), the Northern District of Illinois largely agreed with the Fahy court’s rationale, invalidating a delegation clause and arbitration agreement based on an inability to access state law, stating: (1) “Viking River meant what it said” when it rejected the defendant’s argument that the prospective waiver doctrine applies only to waivers of federal, not state, statutory rights; and (2) that although that ruling was dicta, the Viking River court clearly went out of its way to decide that question rather than reserve it for later decision. The Harris decision was appealed to the Seventh Circuit Court of Appeals, making that court the second circuit — after the Eleventh Circuit in Dunn — to potentially rule on the scope and effect of the prospective waiver doctrine in assessing delegation clauses and arbitration agreements in the Tribal lending context. COURTS REJECT ATTEMPTS TO EXPAND THE U.S. SUPREME COURT’S COUGHLIN RULING TO ABROGATE TRIBAL IMMUNITY UNDER THE FCRA AND FMLA In Schindler v. Great Plains Fin., LLC, 24-cv-328-jdp, 2024 U.S. Dist. LEXIS 200409 (W.D. Wis. Nov. 4, 2024), the plaintiff argued that governmental entities — including arms of Tribes — are not entitled to immunity from suit under the FCRA. Rejecting the plaintiff’s argument and granting the motion to dismiss, the Western District of Wisconsin found: • FCRA does not abrogate sovereign immunity for Tribal governments and economic arms. • The Schindler defendants were thus entitled to assert a sovereign immunity defense to the FCRA claims and were dismissed from the case. In Butrick v. Dine Dev. Corp., 3:223-cv-00884, 2024 U.S. Dist. LEXIS 197500 (E.D. Va. Oct. 30, 2024), the plaintiff argued that Congress abrogated Tribal immunity in enacting the FMLA. The Eastern District of Virginia rejected the plaintiff’s argument, found an arm of the Tribe is immune to FMLA claims, and dismissed the case for lack of subject matter jurisdiction, stating: • Tribal immunity presumptively applies, and Congress must “unequivocally express” its intent to abrogate that immunity. • The FMLA does not mention Indian tribes. Further, unlike the Bankruptcy Code in Coughlin, there is no expansive or broadly sweeping language indicating Congress intended to abrogate immunity under the FMLA. 2024 CFS Year in Review | 51 EASTERN DISTRICT OF NEW YORK REJECTS RICO CONSPIRACY CLAIM REGARDING ALLEGEDLY USURIOUS TRIBAL LOANS In Moss v. First Premiere Bank, 13-cv-5438, 2024 U.S. Dist. LEXIS 174341 (E.D.N.Y. Aug. 2, 2024), the Eastern District of New York granted summary judgment to a state-chartered bank defendant on a RICO conspiracy claim for allegedly “providing part of the financial infrastructure … to defraud borrowers and collect usurious interest.” The court: • Rejected the plaintiff’s argument that the defendant had four categories of “red flags” through which they had constructive knowledge of the allegedly unlawful nature of the enterprise, including: • Due diligence information about the general risks of state inquiries and usury laws in connection with payday lending. • Example loan documents with 995% interest rates. • Borrowers’ proof of authorization forms with over 600% interest rates. • Information that lenders’ ACH applications were under investigation in California and Colorado. • Found the plaintiff could not demonstrate a meeting of the minds for RICO conspiracy purposes through such circumstantial evidence and alleging defendant “should have known” is insufficient to establish such “specific intent.” The court granted judgment for the defendant, finding no reasonable juror could find the defendant conspired to violate RICO. LOOKING AHEAD IN 2025 In 2025, we expect plaintiffs’ attorneys to continue testing the validity of delegation clauses and arbitration provisions, arguing any waiver of any statutory law renders the provisions unenforceable. We also expect plaintiffs’ attorneys to continue arguing Tribal sovereign immunity is abrogated by Congress within statutory schemes. NonTribal partners can likely expect lawsuits asserting a liberal view of the minimum amount of participation required to subject them to liability under RICO. 2024 CFS Year in Review | 52 2024 CFS Year in Review | 53 Uniform Commercial Code Litigation and Banking The year 2024 played out as expected in banking and Uniform Commercial Code (UCC) litigation. Financial institutions faced Ponzi scheme cases, and courts tended to grant dismissals where the allegations showed the banks merely conducted routine banking services or plaintiffs failed to plead facts showing actual knowledge of the scheme. Cases filed by victims of elder exploitation continued to trend upward, even though courts regularly granted dismissals on UCC. preemption grounds. Banks continued to experience success with statute of repose defenses, and federal appellate courts grappled with UCC issues. PROVIDING ROUTINE BANKING SERVICES DOES NOT CONFER AIDING AND ABETTING LIABILITY In O’Dell v. Berkshire Bank, No. 5:24-CV-652, 2024 U.S. Dist. LEXIS 198634 (N.D.N.Y. Oct. 31, 2024), a New York federal judge dismissed Berkshire Bank from a class case alleging that it aided and abetted a $90 million Ponzi scheme for roughly a decade, ruling that the investors did not plead facts showing the bank had actual knowledge of the fraud. “While plaintiff has alleged in general terms that Berkshire had numerous internal controls, legal obligations, and oversight mechanisms in place to detect and impede fraudulent activity, plaintiff has not plausibly alleged nonconclusory facts that would somehow permit a ‘strong inference’ that defendant possessed actual knowledge of fraudulent intent.” O’Dell at *8. “[P]laintiff’s complaint offers speculation as to Berkshire’s knowledge based on weak allegations of circumstantial evidence. But the mere fact that defendant should have known Marshall was conducting a Ponzi scheme is insufficient to demonstrate actual knowledge for purposes of a common law claim of aiding-and-betting fraud.” Id. at *9. The court further found that allegations the bank failed to investigate red flags and assisted with transactions related to the fraud “are not enough to plausibly allege substantial assistance.” Id. at *11. A federal district court in the Southern District of Florida reached a similar conclusion in FW Distribution, No. 24-cv-21385, 2024 U.S. Dist. LEXIS 199805 (S.D. Fla. Nov. 1, 2024). The plaintiff fell victim to a fraud scheme and thereafter brought claims against the financial institutions banking the fraudsters alleging that they engaged in aiding and abetting by allowing “hundreds CONTRIBUTORS Heryka R. Knoespel, Mary C. Zinsner, Elizabeth M. Briones, Zachary A. Turk of thousands of dollars of activity” to flow through the accounts which “could not have escaped the notice of bank personnel.” The court granted the banks’ motions to dismiss, holding that allegations of routine banking services were “insufficient to show the actual knowledge necessary for Plaintiff’s aiding and abetting claims.” Id. at *25. The court further noted that since “Plaintiff [did] not allege any affirmative steps” other than mere processing of transactions and allowing the fraudsters to bank with them, the defendants “merely provided ministerial services” and could not be deemed to have provided “substantial assistance.” Id. at *35-36. CASES INVOLVING ELDER EXPLOITATION CONTINUE TO TREND UPWARD The FBI reports that each year millions of elderly Americans fall victim to some type of financial fraud, including romance, lottery, and sweepstakes scams. Elder Fraud, Federal Bureau of Investigation (https:// www.fbi.gov/how-we-can-help-you/scams-and-safety/ common-frauds-and-scams/elder-fraud). Financial institutions banking the elderly are frequent targets when the victims and their families seek to recover funds. But courts regularly find UCC preemption and failure to state plausible claims. With increasing litigation, we are also seeing discussion by regulators on this topic. In December 2024, the Board of Governors of the Federal Reserve System (FRB), Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), Financial Crimes Enforcement Network (FinCEN), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and state financial regulators issued a joint statement to provide covered financial institutions with examples of effective risk management and other practices to identify, prevent, and respond to elder financial exploitation. In Owczarak, No. 23-cv-13113, 2024 WL 3827415 (E.D. Mich. July 15, 2024), an elderly plaintiff was defrauded into issuing multiple wire transfers totaling over $700,000 to accounts in Hong Kong. Once the scam was discovered, he sued the bank for negligence, contending that the bank failed to exercise reasonable care in preventing and investigating the suspected fraudulent transfers. The bank moved to dismiss on the basis that the common law negligence claim arising from the wire transfers was preempted by Article 4A of the UCC The plaintiff argued that the negligence claim was not displaced by the UCC because he alleged he was defrauded into issuing the wire transfers, and such circumstances involving fraud do not fall within the UCC’s confines. The district court rejected this argument and granted dismissal. Likewise, in Kanter-Doud v. Wells Fargo Bank, N.A., No. 2:23-cv-00678-DAD-AC, 2024 WL 382325 (E.D. Cal. Feb. 1, 2024), the elderly plaintiff was duped into wiring approximately $150,000 to unknown fraudsters posing as Microsoft employees claiming that plaintiff had an unpaid balance. The plaintiff brought claims under California’s financial elder abuse statutes and California’s Unfair Competition Law (UCL). The bank moved to dismiss, and the court granted the motion after finding that plaintiff failed to plead that the bank had actual knowledge of the fraudsters’ wrongful conduct and failed to plead the fraudulent prong of the UCL claim with sufficient particularity. THE STATUTE OF REPOSE DEFENSE DEFEATS UNTIMELY DEPOSITOR CLAIMS For decades, courts have been dismissing claims when a depositor fails to adhere to the statutes of repose across UCC subsections. A recent example is HK Capital LLC v. Fed. Deposit Ins. Corp., No. 23CV3775(DLC), 2024 WL 2305364 (S.D.N.Y. May 21, 2024), where the district court dismissed a plaintiff’s UCC claims after finding the alleged violations were time-barred pursuant to N.Y. UCC Section 4-A-505’s statute of repose because the plaintiff failed to object to account debits within one year of receiving notice of the transfers in account statements. The plaintiff’s failure to timely notify the bank meant the claims were subject to the one-year statute of repose in the applicable deposit agreement. FEDERAL APPELLATE COURTS GRAPPLE WITH UCC ISSUES Federal appellate courts also grappled with UCC issues in 2024. In VFS Leasing Co. v. Markel Ins. Co., 120 F.4th 745 (11th Cir. 2024), the U.S. Court of Appeals for the Eleventh 2024 CFS Year in Review | 54 Circuit considered whether a drawer could continue to be liable to a drawee when the payment issued was made to two drawees and one drawee deposited the payment without the other’s knowledge and consent, resulting in one drawee not being paid as required. The court held that under Florida’s version of the UCC, the drawer did not remain liable to one of the two drawees. In interpreting and applying Florida state law to its UCC counterpart, the court of appeals emphasized that the language of the relevant statute specified that liability for a draft was discharged “regardless of when or by whom acceptance was obtained.” Therefore, the drawer was discharged from liability. However, the court emphasized that the drawee could seek recourse from the bank that accepted the check without both drawees’ consent. In Approved Mortg. Corp., 106 F.4th 582 (7th Cir. 2024), the U.S. Court of Appeals for the Seventh Circuit held that the sender could not seek a refund from the beneficiary bank under the Indiana Code’s equivalent to UCC 4-A-207 because the sender did not have the necessary privity with the beneficiary bank. The Seventh Circuit agreed with the district court’s two-pronged approach specifying that (1) a sender’s claim asserted under UCC 4-A-207 must look to UCC 4-A-402 for its remedy; and (2) under UCC 4-A-402(d), a sender is entitled to a refund only from the receiving bank, not from the beneficiary’s bank. The Seventh Circuit supported its holding by citing UCC 4-A-402’s language, which links any refund obligation of the sender of the “payment order” received by the receiving bank rather than a funds transfer received by the beneficiary bank. The Seventh Circuit also found the Second Circuit’s discussion of privity requirements in Grain Traders v. Citibank, N.A., 160 F.3d 97 (2d Cir. 1998), persuasive because privity requirements align with the UCC drafters’ goals of promoting “certainty and finality so that ‘the various parties to funds transfers [will] be able to predict risk with certainty[.]’” Ultimately, the Seventh Circuit held that privity requirements provided a framework designating from whom parties could seek compensation for transfers gone awry. LOOKING FORWARD TO 2025 We expect to see more of the same in 2025. Cases involving third-party scams against the elderly will continue to proliferate, and banks will rely on the numerous defenses to these claims, including preemption, and various safe harbor provisions for reporting elder fraud. Plaintiffs will continue to fight against preemption, and bank lawyers must continue to emphasize that regulatory guidance regarding elder fraud practices does not create a standard of care or impose liability. Push payment fraud claims arising from fintech and other mobile applications will continue to rise, and courts will grapple with Electronic Fund Transfer Act defenses. As fraudulent schemes become more sophisticated and prevalent, particularly with evolving AI, we expect to see more Ponzi and other fraudulent scheme cases. Victims of fraud will struggle to prove actual knowledge or complicity on the part of the bank that merely banks the bad actor. Troutman Pepper Locke attorneys are well versed in all aspects of banking and UCC litigation, and we encourage readers to reach out if you have issues of concern or want a sounding board. 2024 CFS Year in Review | 55 2024 CFS Year in Review | 56 SPECIAL SECTION 2024 Privacy, AI & Cybersecurity Year in Review in Financial Services and Beyond TRADITIONAL AND EMERGING LEGAL FRAMEWORKS CONVERGE IN THE NEW DATA ECONOMY 2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers and the ecosystem of commercial data, and the continued proliferation of comprehensive U.S. state privacy laws with bespoke twists such as expanded protections for teen data. While new laws created headlines, existing laws and consumer protection frameworks proved equally important in shaping the regulatory landscape, especially in the U.S. This convergence, in conjunction with uncertainty around the priorities of key federal agencies such as the Federal Trade Commission (FTC), presents challenges and opportunities for organizations, particularly those that depend on the data broker ecosystem or data broker services. Looking in the 2024 Rearview Mirror to Develop a Key Action Item Roadmap for 2025 TRENDS TO WATCH IN 2025 Trend One – AI Meets Everything As consumers, businesses, and the markets began to navigate a world newly imbued with AI, the regulatory landscape underwent a seismic shift in early 2024 with the adoption of the European Union’s AI Act (EU AI Act), establishing the first comprehensive framework for AI governance globally. This watershed moment, combined with the enactment of the Colorado AI Act at the U.S. state level, evolving U.S. federal activity on AI, including three executive orders (EOs) under the Biden administration,1 the AI Training Act, and the National AI Initiative, as well as the newly issued and stillforthcoming Trump EOs, created a complex compliance environment that has led many companies to seek an integrated and consolidated approach to compliance. • Regulatory Convergence. The EU AI Act’s risk-based approach to AI system categorization has emerged as a de facto global standard and has forced organizations to reassess their privacy frameworks and governance structures. This risk-based regulatory framework requires organizations to demonstrate robust governance of AI systems while maintaining stringent privacy protections. In response, companies are transforming how they approach their privacy documentation, risk assessment processes, and governance structures. • Reshaping Privacy Documentation for the AI Era. Traditional privacy policies and terms of service must evolve to address the unique challenges posed by AI systems. Organizations are updating their privacy policies and terms of service to clearly articulate how AI processes personal data, explain automated 1 In 2024, President Biden issued three executive orders related to AI: (1) Maintaining American Leadership in Artificial Intelligence, (2) Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government, and (3) The Safe, Secure, and Trustworthy Development and Use of AI. A Special Section from our Privacy + Cybersecurity Practice Group decision-making mechanisms, delineate user rights regarding AI-driven processes, allocate AI-related risks, and address emerging IP ownership issues, among other topics. This transparency extends beyond mere compliance – it builds trust with stakeholders and establishes clear expectations for AI system deployment. Organizations must carefully balance innovation with risk management, establishing clear boundaries for AI system use while maintaining operational flexibility – for example, when updating their terms of service agreements to address novel concerns around AIgenerated content, liability frameworks, and dispute resolution mechanisms. • Building an Integrated Governance Framework. Successful AI governance requires a coordinated approach that bridges technical, legal, and operational considerations. To build governance for AI, many companies are establishing a cross-functional AI governance body that includes privacy, legal, security, IT, and business unit leadership. Such a governance body can serve as the central nervous system for AI-related decision-making, ensuring consistent risk assessment and rapid response to regulatory changes by overseeing and coordinating data governance in a comprehensive and strategic way to account for AI’s unique characteristics to ensure that tasks that are owned by distinct functions work together. Three key examples of the types of activities that, when coordinated, allow many companies to achieve outsized compliance impact with minimal business interruption are risk assessments, data governance activities, and incident management. • Example One: Expanding traditional privacy impact assessments (PIAs or DPIAs) that are required under most comprehensive privacy laws to encompass AI-specific considerations. 2 Organizations need to evaluate algorithmic bias, transparency of decisionmaking processes, usage rights, and training requirements for data sources, particularly those sourced from data brokers, and potential unintended consequences of AI deployment. This enhanced risk assessment protocol should be integrated into existing privacy frameworks to create a unified approach to risk management. • Example Two: Conducting data protective activities to strategically maintain privacy and security throughout the AI lifecycle while enabling innovation and operational efficiency. Activities that can be overseen by an AI governance body include maintaining dynamic data maps and system inventories, establishing model training controls, and implementing robust monitoring systems. • Example Three: Considering AI systems in all aspects of the incident response planning process. Organizations must prepare for novel scenarios involving AI-related security events and privacy incidents, establishing clear escalation procedures and communication protocols. This preparation ensures rapid response to incidents while maintaining stakeholder trust. Trend Two – State Privacy Laws Continue to Grow in Number, Complexity The U.S. state privacy law landscape expanded significantly in 2024, growing to a total of 19 states with statutes, and eight states with enforceable laws, in some cases with broad applicability and compliance obligations. 3 For example, Oregon and Texas joined the ranks of U.S. states with both comprehensive privacy legislation and data broker regulations. The expansion will continue for the foreseeable future, and the impact will continue to grow. For example, already in 2025, five state privacy statutes previously passed have come into effect, with three additional laws coming into force by the end of the year. 2 This will also meet certain AI laws’ requirements such as the CO AI Act. 3 Most U.S. state privacy laws only apply if an organization meets a specific revenue threshold or data-processing threshold and/or is not a small business. However, the types of exemptions and thresholds to meet those exemptions differ depending on each state. For example, the Oregon Consumer Privacy Act applies only to businesses that process the personal data of 100,000 or more consumers’ personal data or process the data of 25,000 or more consumers and derive 25% or more of their annual gross revenue from the sale of that data. Or. Rev. Stat. § 646A.572(1). Further, the Oregon Consumer Privacy Act and Texas Data Privacy and Security Act have exemptions for protected health information processed under the Health Insurance Portability and Accountability Act, data processed solely for employment purposes, activities involving collecting or using information in relation to a consumer’s credit, and information collected and disclosed in accordance with certain federal laws. Or. Rev. Stat. § 646A.572(2), TX BUS & COM § 541.003. 2024 CFS Year in Review | 57 • The Dawn of Teen Privacy. The Children’s Online Privacy Protection Act (COPPA), a federal law protecting the online privacy of minors under the age of 13 in the U.S., has been the singular law protecting children’s privacy in commercial contexts. Until the California Consumer Privacy Act (CCPA) provisions extending new protections to minors between the ages of 13 and 16, most organizations that did not have child-directed sites or services did not feel the need to dedicate compliance resources specifically focused on children’s privacy. Today, the majority of the 19 states with comprehensive privacy laws require specialized treatment of personal data collected from minors between the ages of 13 and 18 – depending on the state. To further complicate the compliance landscape, the FTC recently finalized its first amendments to the COPPA Rule, expanding requirements for verifiable parental consent, including for targeted advertising; placing limits on data retention; and enhancing disclosure obligations. • Automated Decision-Making and Profiling Practices. A key theme emerging across U.S. state privacy frameworks is the increasing focus on automated decision-making and profiling practices. States have adopted varying approaches to what constitutes automated decision-making requiring special handling, ranging from decisions affecting financial or housing opportunities to those impacting employment or education. 4 These differences in scope and threshold requirements create challenges for organizations operating across multiple jurisdictions. With several states now requiring documented evaluation of algorithmic impacts before deployment, companies are watching as the trend toward mandatory assessments for automated systems gains momentum and increasingly aligns in important ways with the increased focus and regulation on AI – even without the adoption of AI-specific laws. 5 As with the implementation of AI, these automated decision practices are encouraging companies to revise and enhance the scope of their risk assessments and increase their baseline monitoring practices to detect bias and other unintended impacts on individuals. • Online Advertising and Tracking Technologies. Online advertising and the use of online tracking and analytic technologies to potentially target and profile consumers naturally faced heightened scrutiny under these new frameworks. States continue to focus on providing consumer choice when it comes to crosscontext behavioral advertising, with most mandating clear opt-out mechanisms. The implementation of universal opt-out signals has gained traction, though technical specifications and compliance requirements vary by jurisdiction. These developments have particular significance for organizations engaged in targeted advertising or operating adtech platforms. 6 Companies that haven’t done so before are now developing inventories of their online trackers and implementing governance for the use of new trackers. • Litigation Involving Collection and Use of Data Continues. In 2024, we saw the continued filing of lawsuits alleging the collection and use of information without consent. Plaintiffs have focused their attention on the use of tracking technologies, including cookies, pixels, SDKs and other trackers, to claim that their personal data was collected and using information without consent, allegedly in violation of Wiretap Act statutes. While these cases continue to work their way through the courts, two recent decisions from the Massachusetts Supreme Court and the California Superior Court are helpful for companies that face such claims. In Vita v. New England Baptist Hosp., 494 Mass. 824, 826 (2024), the Supreme Court of Massachusetts found a criminal Wiretap Act cannot form the basis of a suit against a website owner for claims related to unlawful collection and use of date. 4 For example, Colorado’s law addresses automated processing that produces “similarly significant effects” for consumers, while Virginia focuses on decisions that “produce legal or similarly significant effects concerning the consumer.” 4 Colo. Code Regs. § 904-3 Rule 6.03, Va. Code Ann. § 59.1-575. Maryland also limits consumers’ rights to opt out of profiling that are “solely automated decisions that produce legal or similarly significant effects concerning the consumer.” Md. Code, Com. Law § 14-4705(b)(7)(iii). 5 For example, comprehensive state privacy laws in Colorado and Nevada regulate automated decision making by regulating “profiling,” which encompasses various automated decision-making processes. The Colorado Privacy Act Rules require companies to conduct data protection assessments before profiling of data that presents a reasonably foreseeable risk of disparate impact, financial or physical injury, privacy violations, or any other substantial injury to consumers. 4 Colo. Code Regs. § 904-3 Rule 9.06. The Nevada Data Privacy Act includes reasonably foreseeable risk of reputational injury as a factor that triggers a duty to conduct data protection assessments in addition to all the factors included in the Colorado rules. Neb. Rev. Stat. § 87-1102(25), Neb. Rev. Stat. § 87-1116(c). 2024 CFS Year in Review | 58 That court held: “We cannot conclude that the wiretap act unambiguously prohibits and, indeed, criminalizes the interception of web browsing activity, because there appears to be a difference in kind and not degree between interactions on a website available to the public and private conversations in your house or on your telephone.” Id. The Los Angeles Superior Court, in Licea v. Hickory Farms LLC, 2024 WL 1698147, at *4 (Cal. Super., Los Angeles County Mar. 13, 2024), reached a similar conclusion, finding a claim under the California Invasion of Privacy Act (a state surveillance act statute) was not cognizable because “[s]uch a broad based interpretation [of the law] would potentially disrupt a large swath of internet commerce without further refinement as the precise basis of liability, which the court declines to consider.” Id. We expect more cases to be decided in 2025, which should provide both clarity and guidance on the risks associated with the use of tracking technologies. Trend Three – The Rise and Regulation of Third-Party Data The need for more and more data and the increased regulation of information brokers that make data available to organizations for various commercial purposes, including marketing, analytics, research, and AI model development, led to the continued scrutiny of the data ecosystem and third-party information brokers (data brokers). The established registration frameworks seen first in Vermont and California, and last year in Oregon and Texas, are expanding with new registration and transparency obligations, but the increased regulatory attention on the use of third-party data adds significant new compliance concerns for organizations that rely on third-party data in their operations. Litigation in this space also increased in 2024. We expect this trend to continue in 2025, including through new laws, enforcement actions, and litigation directly affecting data brokers, and we expect to see downstream effects on organizations that may rely on third-party (brokered) data. • Regulatory Focus. The evolving scrutiny of data brokers has been driven by the growing concerns over privacy and data security. Data brokers (entities that collect and sell personal information about consumers) have become increasingly sophisticated in their operations. However, this sophistication has also attracted the attention of regulatory bodies such as the FTC and state attorneys general (AGs), leading to a series of settlements, enforcement actions, and rulemaking aimed at curbing potentially harmful practices. • FTC Settlements and Rulemaking. In 2024, the FTC made new use of its Section 5 authority by bringing enforcement actions and settling consent orders with several entities from a variety of industries related to the collection and sale of sensitive location data. In settling with these entities, which were broadly labeled data brokers – X-Mode/Outlogic, Gravy Analytics, and Mobilewalla – the FTC highlighted that location data may be considered sensitive when revealing affiliations with places of worship, medical facilities, military installations, private home locations, or other locations that may be protected under the law. This aligns with the states’ inclusion of “precise geolocation” as “sensitive personal data” under most new state privacy laws. In conjunction with the FTC’s focus on sensitive data, the Commission updated the Health Breach Notification Rule to address technological advancements and direct-to-consumer health products (e.g., fitness trackers), protect consumers from misuse of their health information, and keep pace with the proliferation of digital health records. The updated rule applies to more companies and types of data incidents and requires more information to be included in breach notifications. • State Actions. The FTC was not the only regulator to crack down on data brokers in 2024. Both the California Privacy Protection Agency (CPPA) and the Texas AG announced sweeps of data broker registration. In June, the Texas AG notified over 100 companies of their apparent failure to comply with the Texas data broker law. In October, the CPPA announced an investigative 6 For example, comprehensive state privacy laws, such as in Virginia and Nebraska, provide that if a business “sells personal data to third parties or processes personal data for targeted advertising,” it must clearly and conspicuously disclose that it sells consumer data and provide consumers with an opt-out mechanism. Colorado law has additional requirements for companies to adhere to the requests that come through universal opt-out mechanisms under state law. 7 Vita v. New England Baptist Hosp., SJC-13542, 2024 WL 4558621 (Mass. Oct. 24, 2024.) 2024 CFS Year in Review | 59 sweep of data broker registration and, two weeks later, announced its first-ever settlement against two data brokers for failing to register in a timely manner. Six days after announcing that settlement, the CPPA again settled with two data brokers for failing to register in a timely manner. • New Rulemaking. While no new states enacted data broker laws in 2024, both the CPPA and the Consumer Financial Protection Bureau (CFPB) engaged in rulemaking regarding data brokers. The CPPA finalized rules requiring data brokers to disclose specific types of personal information during the registration process, including whether the data broker collects the personal information of minors and reproductive health information. The new rules also define data broker for the first time, stating that businesses may be considered data brokers even if they have a direct relationship with the consumer, provided they sell personal information not collected directly from that consumer. The CFPB also made inroads toward regulating data brokers by proposing amendments to Regulation V, which implements the Fair Credit Reporting Act (FCRA). Under the proposed rule, the CFPB aims to address the sale of consumer report information by ensuring data brokers are subject to the same regulations as consumer reporting agencies. The proposed regulations also address many other areas of consumer reporting, such as imposing new requirements and restrictions on the permissible purposes available to end users to obtain consumer reports. The CFPB also finalized a rule to address the reporting of medical debt. While federal regulators made clear steps toward regulating data brokers, this priority will likely change under the Trump administration. For example, leadership at the FTC has been assumed by current Commissioner Andrew Ferguson, who was often critical of the last FTC’s priorities and decisions. Further, leadership is expected to change at the CFPB soon, and regulatory actions taken by both agencies in the final weeks of the Biden administration may be stayed pursuant to the Regulatory Freeze issued by President Trump on January 20, 2025. • Litigation Continues. The past year also saw new lawsuits being pursued by private commercial entities that seek to enforce individual privacy rights. These lawsuits have been filed in New Jersey and West Virginia under each state’s version of laws that were enacted to protect the privacy of judges, law enforcement officers, and other state officials and their eligible family members. The lawsuits target entities that maintain, disclose, and redisclose personal information (e.g., home address and unpublished phone number) of individuals protected under the statutes, and allege the entities have failed to honor requests to suppress the information. The New Jersey state law has been challenged on the basis that it is unconstitutional. In 2024, the New Jersey Supreme Court granted a petition for certification and will review lower court rulings on Daniel’s Law. Oral argument is expected sometime in the spring of 2025. A district court judge in New Jersey also certified his decision on a facial challenge to Daniel’s Law to the Third Circuit Court of Appeals for review. No decision has been rendered on whether the Third Circuit will accept the petition. Nevertheless, we expect the Supreme Court of New Jersey and the Third Circuit Court of Appeals will weigh in on the New Jersey law. Litigation against businesses that maintain personal data also is being filed under common law principles relating to an individual’s right to publicity, which some states have codified by statute. These lawsuits focus on data brokers – which are defined broadly to include organizations generating revenue from selling information, including personal information that is not directly collected from individuals – that allegedly use an individual’s name or likeness in a commercial context without authorization. Specifically, data brokers that offer “people search” directories and use “teaser data” as part of a free preview or free trial to advertise their products and services are being sued for unauthorized commercial use of an individual’s name and likeness. No determinations have been made on the merit to the claims being asserted, but members of the industry are watching them closely for guidance. Trend Four – Cyber Risk Accelerating at the Speed of AI Throughout 2024, data incidents persisted without interruption, with threat actors increasingly employing more sophisticated techniques in their attacks. Traditional attack vectors, such as business email compromises (BECs) and ransomware, remain the most common types of attacks. As threat actors continue to evolve their tactics and techniques to compromise individuals and exert pressure on their 2024 CFS Year in Review | 60 victims, we expect them to utilize all tools at their disposal, potentially including machine learning and AI. • BEC scams are on the rise. In BECs, criminals may send an email that seems to originate from a trusted source making a legitimate request, often to redirect payments to vendors or employees through wire fraud. This scam is frequently carried out by criminals who gain unauthorized access to an organization’s email system or an employee’s email account, primarily for financial gain. In the past year, we have seen an increase in BECs and the dollar value of losses implicated in such schemes. • Phishing Grows Up. With experience and the availability of AI to assist threat actors engaged in social engineering, phishing emails are becoming more sophisticated and more successful. We expect that it will only become harder for busy workers to recognize fake or “spoofed” email accounts and phishing emails. • No Honor Among Thieves. This year we also saw threat actor groups become increasingly unpredictable, with a growing trend of re-extorting victims after payment of a ransom demand and an increase in “copycat” groups imitating known threat actors. This trend upsets the expectation that at least some established threat actors have a “reputation” to uphold and will stand by their promise not to publish data or re-extort or reattack their victims. 10 Essential Actions to Immediately Take or Plan to Implement in 2025 1. Establish a Cross-Functional AI Governance Body. Form a governance body that includes representatives from privacy, legal, security, IT, and business units to oversee AI-related decision-making. This body should ensure consistent risk assessment and rapid response to regulatory changes by overseeing and coordinating data governance comprehensively. This approach will help manage the unique risks associated with AI systems, including those related to data sourced from third-party data brokers. 2. Enhance Your Risk Assessment Procedures for the Enterprise and Your Vendors. Expand traditional DPIAs to address multiple compliance obligations by including AI-specific considerations such as algorithmic bias, transparency of decision-making processes, and potential unintended consequences of AI deployment. This enhanced risk assessment protocol should be integrated into existing privacy frameworks to create a unified approach to risk management. Special attention should be given to third-party risk management practices (for example, utilizing vendor-supplied, AI-forward, or AI-enhanced tools or services) and the origin of data sourced from third parties (including data brokers), to ensure that sources meet necessary diligence and training requirements and can comply with downstream data subject rights requests they must help the company you honor. A unified approach will help manage the complexities of working with multiple regulatory frameworks and minimize the impact on the business. 3. Perform Adtech Tracker Inventory. Effective data governance is impossible if companies don’t know what they’re collecting, and online trackers such as cookies and pixels are often a blind spot. Companies should implement periodic reviews of their digital properties to generate and validate any technologies that automatically collect personal data. The inventory should identify the specific data elements collected, how the data is used, the third parties with whom the data is shared, and the relevant contracts governing this activity. 4. Adapt to U.S. State and Federal Privacy Laws. Develop flexible compliance programs that can adapt to the evolving requirements of state privacy laws, particularly those focusing on automated decisionmaking and profiling practices. Stay updated on data broker registration and transparency obligations to avoid enforcement actions and litigation. Last, but not least – don’t forget the children. Review current data collection practices to identify any risks associated with knowingly collecting personal data from children, with new focus on the collection of information of teens. 5. Update Privacy Policies and Terms of Service. As part of an annual review of your privacy policies and terms of service, ensure the company has clearly articulated how AI processes personal data, explain automated decisionmaking mechanisms, and delineate user rights regarding AI-driven processes as appropriate and to the extent that the organization uses AI. 2024 CFS Year in Review | 61 6. Engage in Proactive Data Governance. Conduct data protective activities strategically, such as maintaining dynamic data maps, establishing model training controls, and implementing robust monitoring systems to ensure privacy and security throughout the AI life cycle. This includes ensuring that data sourced from third-party data brokers is properly managed and compliant with relevant regulations. 7. Review Data Minimization and Record Retention and Deletion. To advance privacy, prepare for AI, and comply with data minimization requirements, review data inventories to ensure that an appropriate data retention period is assigned to categories of personal data, and that processes are in place to delete personal data after the retention period has expired. This not only reduces data compliance risk but also cleans data sources, improving quality and efficiency for strategic uses, such as AI. 8. Update and Rehearse Your Incident Response Procedures. Develop and implement clear escalation procedures and communication protocols for security incidents involving AI and ransomware to ensure rapid response to incidents and maintain stakeholder trust. All organizations should also take specific steps to strengthen their vulnerability to common types of exploits, including by implementing multiple verification methods for wire or ACH requests (e.g., requiring a live video call to obtain verbal authorization for the transaction), increasing security training, regularly conducting mock phishing exercises, and routinely testing their incident response plans through tabletop exercises. Publicly traded companies should additionally review their materiality assessment processes and procedures to ensure they account for the Securities and Exchange Commission’s cybersecurity disclosure rules and interpretive guidance and align with their incident response plans. Specifically, publicly traded companies must continue to refine their incident response procedures to ensure incidents are evaluated and escalated to an internal disclosure committee early to ensure when filing is appropriate based on the facts of the incident and when reporting may be required. 9. Conduct Regular Risk Assessments. Regularly evaluate the risks associated with AI systems, including algorithmic bias and the transparency of decision-making processes, to ensure compliance with regulatory requirements and mitigate potential risks. This should include a thorough assessment of data sourced from third-party data brokers. 10. Monitor Regulatory Developments. Keep abreast of new laws, enforcement actions, and litigation trends affecting data brokers and AI systems to proactively adjust compliance strategies and mitigate risks. This includes monitoring developments in the regulation of online advertising and tracking technologies, which are subject to heightened scrutiny under new privacy frameworks. Authors Next Steps If you have any questions about the trends or how to apply our recommended 10 steps to your company, please contact one of our authors or any member of our Privacy + Cyber Practice. Ronald I. Raether, Jr., Partner James Koenig, Partner Theodore P. Augustinos, Partner Tambry Lynette Bradford, Partner Joshua D. Davey, Partner Laura Hamady, Counsel Brent T. Hoard, Partner Joel M. Lutz, Counsel Sadia Mirza, Partner Kim Phan, Partner James Shreve, Partner Julie Hoffmeister Smith, Partner Molly McGinnis Stine, Counsel Angelo A. Stio, III, Partner Kenneth K. Suh, Counsel Tara L. Trifon, Counsel Peter T. Wakiyama, Partner 2024 CFS Year in Review | 62 2024 CFS Year in Review | 63 CFS Law Monitor The Consumer Financial Services Law Monitor blog offers timely updates regarding the financial services industry to inform you of recent changes in the law, upcoming regulatory deadlines, and significant judicial opinions that may impact your business. We report on several sectors within the consumer financial services industry, including payment processing and prepaid cards, debt buying and debt collection, credit reporting and data brokers, background screening, cybersecurity, online lending, mortgage lending and servicing, auto finance, and state AG, CFPB, and FTC developments. We aim to be your go-to source for news in the consumer financial services industry. Please email cfslawmonitor@troutman. com to join our mailing list to receive periodic updates, or visit the blog at www. consumerfinancialserviceslawmonitor.com. Webinar Opportunities Troutman Pepper Locke’s Consumer Financial Services Practice Group provides a variety of webinars throughout the year (many providing CLE credit) related to a variety of consumer financial services topics that may include: • Background Screening • Bankruptcy • Case Law Updates • Class Action Litigation • Consumer Financial Protection Bureau (CFPB) Enforcement and Regulatory Guidance • Electronic Fund Transfer Act (EFTA) • Fair Credit Reporting Act (FCRA) • Fair Debt Collection Practices Act (FDCPA) • Fair Housing Act (FHA) • Federal Trade Commission (FTC) Enforcement and Regulatory Guidance • Fintech • Mortgage Litigation and Servicing • State Attorney General Investigations • Telephone Consumer Protection Act (TCPA) Our goal is to deliver the most useful webinar content possible. These webinars are designed to help you navigate the most complex litigation, regulatory enforcement, and compliance challenges. We welcome topic suggestions. Please send them to us at [email protected]. To be notified of our webinars, please sign up at https:// www.consumerfinancialserviceslawmonitor.com/ subscribe/. 2024 CFS Year in Review | 64 Consumer Financial Services Podcasts THE CONSUMER FINANCE PODCAST Troutman Pepper Locke’s Consumer Finance Podcast provides reliable, insightful, and entertaining industryspecific content central to consumer financial services. Supplementing our current webinar, advisory, and blog thought leadership, this weekly podcast features industry experts, insiders, and other Troutman Pepper Locke attorneys delivering easily digestible analyses on a variety of thought-provoking topics, covering: • Debt Collection • Enforcement Issues • Fair Lending • Federal and State Regulation • Fintech • Litigation Trends • Privacy and Cybersecurity • Student Lending FCRA FOCUS FCRA Focus is dedicated to discussing all things related to the Fair Credit Reporting Act, which regulates the collection of consumers’ credit information and access to their credit reports. Covering the regulatory and litigation aspects of the FCRA, each episode explores an interesting aspect of credit reporting, with the aim of providing new insights that help consumer finance businesses do their jobs better. Guests from the industry and lawyers for consumers as well as business insiders join us monthly in this podcast series. Christopher J. Willis David M. Gettings Kim Phan CRYPTO EXCHANGE PODCAST The digital assets market is everexpanding, moving from a niche interest to an industry sector that touches many areas of our daily lives. The Crypto Exchange podcast, which publishes monthly, looks at the trends, challenges, and legal issues that our clients and others in the industry face daily. From NFTs to Web3, bitcoin to blockchain, fintech to regtech, and payment processing to data processing, we’ll walk you through the federal and state regulatory, legal, and business intricacies of this rapidly evolving industry sector. MOVING THE METAL: THE AUTO FINANCE PODCAST Our bimonthly auto finance podcast delivers authoritative, insightful, and engaging content tailored to the auto finance industry. Each episode features in-depth discussions, providing listeners with easily digestible analyses on a variety of compelling topics, including: • Regulatory developments • Compliance strategies • Litigation insights • Consumer protection • Market trends • Technological innovations Designed to complement our existing webinars, advisories, and blog content, our podcasts are your go-to resource for staying informed and ahead in the dynamic world of consumer financial services. Tune in to gain valuable perspectives and practical advice to help navigate the complexities of this ever-evolving industry. All of our podcasts are available on troutman.com; our blog, The Consumer Financial Services Law Monitor; Google Podcasts; Spotify; Apple Podcasts; and various other podcast platforms. Brooke K. Conkle Christopher J. Capurso Ethan G. Ostroff 2024 CFS Year in Review | 65 Introducing a new solution specifically designed to keep consumer financial services professionals informed of the latest federal- and state-level developments in debt collection, privacy and data security, and consumer reporting. Staying ahead of an ever-evolving legal landscape is time consuming. We do the work for you with an intuitive and easy to access online platform, and a monthly webinar to answer your questions and discuss the trends that matter most. EACH OF OUR THREE TRACKERS COVER AN AREA OF CRITICAL IMPORTANCE TO BUSINESSES IN THE CONSUMER FINANCE SECTOR: A monthly, one-hour call with our attorneys, who will review developments, provide insights, examine trends, and answer questions. CFS Legislative + Regulatory Tracking SUBSCRIPTION SERVICE What’s Included Legislative and regulatory newsletters highlighting the most important developments, delivered to your inbox weekly. An enterprise-wide license, enabling you to register an unlimited number of employee users. Consumer Reporting + FCRA Case Law Tracker Privacy + Data Security Tracker Debt Collection Tracker 3 2 1 All-inclusive federal and state legislative and regulatory developments in consumer reporting, as well as case law updates and tracking of the substantive developments in federal FCRA cases. Targeted overviews of the ever-changing landscape for financial institutions — including rulemaking and legislative efforts — relating to the collection, use, protection, and sales of consumer financial data. Comprehensive legislation and regulation tracking across all aspects of consumer collections, including creditor collections, licensing, debt sales, judgment enforcement, and electronic engagement/AI. To learn more or to discuss pricing options, please contact: Stefanie H. Jackman Partner stefanie.jackman@ troutman.com 404.885.3153 Kim H. Phan Partner kim.phan@ troutman.com 804.697.1445 2024 CFS Year in Review | 67 Our Team TROUTMAN PEPPER LOCKE David N. Anthony Richmond david.anthony@ troutman.com 804.697.5410 Virginia B. Flynn Charlotte virginia.flynn@ troutman.com 704.916.1509 Joseph M. DeFazio New York City joseph.defazio@ troutman.com 212.704.6341 Joseph N. Froehlich Raleigh joseph.froehlich@ troutman.com 919.578.6837 Massie P. Cooper Richmond massie.cooper@ troutman.com 804.697.1392 Justin D. Balser Virtual justin.balser@ troutman.com 949.622.2443 Jason M. Cover Philadelphia jason.cover@ troutman.com 215.981.4821 William D. Foley, Jr. New York City william.foley@ troutman.com 212.812.8344 Dale A. Evans, Jr. West Palm Beach dale.evans@ troutman.com 561.820.0248 Chad R. Fuller San Diego chad.fuller@ troutman.com 858.509.6056 Brooke Conkle Richmond brooke.conkle@ troutman.com 804.697.1873 D. Kyle Deak Raleigh kyle.deak@ troutman.com 919.835.4133 David L. Foster Austin david.foster@ troutman.com 512.305.4751 Simon A. Fleischmann Chicago simon.fleischmann@ troutman.com 312.443.0462 Mark J. Furletti Philadelphia mark.furletti@ troutman.com 215.981.4831 Partners 2024 CFS Year in Review | 68 Our Team TROUTMAN PEPPER LOCKE David M. Gettings Virginia Beach dave.gettings@ troutman.com 757.687.7747 H. Scott Kelly Richmond scott.kelly@ troutman.com 804.697.2202 Kevin Heath London kevin.heath@ troutman.com +44.20.7861.9013 Lindsey E. Kress San Francisco lindsey.kress@ troutman.com 415.318.8826 Matthew K. Hansen Dallas matt.hansen@ troutman.com 214.740.8496 Jon S. Hubbard Richmond jon.hubbard@ troutman.com 804.697.1407 James Kim New York City james.kim@ troutman.com 212.704.6121 Michael E. Lacy Richmond michael.lacy@ troutman.com 804.697.1326 Cindy D. Hanson Atlanta cindy.hanson@ troutman.com 404.885.3830 Stefanie H. Jackman Atlanta stefanie.jackman@ troutman.com 404.885.3153 Heryka R. Knoespel Charlotte heryka.knoespel@ troutman.com 704.831.9171 Kalama M. Lui-Kwan San Francisco kalama.lui-kwan@ troutman.com 415.477.5758 John C. Lynch Virginia Beach john.lynch@ troutman.com 757.687.7765 Jason E. Manning Virginia Beach jason.manning@ troutman.com 757.687.7564 Regina J. McClendon San Francisco regina.mcclendon@ troutman.com 415.318.8804 Partners 2024 CFS Year in Review | 69 Our Team TROUTMAN PEPPER LOCKE Robert T. Mowrey Dallas rob.mowrey@ troutman.com 214.740.8505 Lori J. Sommerfield Virtual lori.sommerfield@ troutman.com 202.274.2998 P. Russell Perdew Chicago rusty.perdew@ troutman.com 312.443.1712 Jessamyn E. Vedro Los Angeles jessamyn.vedro@ troutman.com 213.928.9845 Nicholas O’Conner Chicago nicholas.oconner@ troutman.com 312.443.0494 Kim Phan Richmond kim.phan@ troutman.com 202.274.2992 Timothy J. St. George Richmond timothy.st.george@ troutman.com 804.697.1254 Christopher J. Willis Atlanta chris.willis@ troutman.com 404.885.3157 Ethan G. Ostroff Virginia Beach ethan.ostroff@ troutman.com 757.687.7541 Joseph Reilly Washington, D.C. joseph.reilly@ troutman.com 202.274.2908 Krystle G. Tadesse Providence krystle.tadesse@ troutman.com 401.528.5873 Thomas G. Yoxall Dallas tom.yoxall@ troutman.com 214.740.8683 Mary C. Zinsner Washington, D.C. mary.zinsner@ troutman.com 202.274.1932 Partners 2024 CFS Year in Review | 70 Counsel Thomas N. Abbott, Portland Elizabeth H. Andrews, San Francisco Katalina Baumann, Orange County Amanda K. Blackmon, Virginia Beach Megan E. Burns, Virginia Beach Daniel Cardenal, Virtual Robert J. Durant, Jr., Providence Steven J. Flynn, Atlanta Donald E. Frechette, Boston Kyle R. Gerlach, Cincinnati Vince Hess, Dallas Andrea M. Hicks, Orange County Daron L. Janis, Boston Taneska L. Jones, Houston Jonathan M. Kenney, Virginia Beach Mark D. Kundmueller, Virginia Beach Peyton C. Lambert, New Orleans Louis J. Manetti, Jr., Charlotte Victor T. Metroff, Chicago Sarah E. Pruett, New York City Sarah T. Reise, Atlanta Caleb N. Rosenburg, Washington, D.C. Jamie Z. Roth, Virtual Jesse B. Silverman, New York City Stephanie A. Sprague, Boston James K. Trefil, Richmond Shari J. Turkish, Virtual Helen O. Turner, Houston Gilliam Williston, Virginia Beach Mark J. Windham, Atlanta Steve R. Zahn, Virginia Beach Associates David M. Asbury, Virginia Beach Jared D. Bissell, San Diego Paul W. Boller, Virginia Beach Shawn A. Brenhouse, New York City Elizabeth M. Briones, Washington, D.C. Steven J. Brotman, West Palm Beach Thailer A. Buari, Washington, D.C. Christopher J. Capurso, Richmond Stefanie A. Cerrone, New York City Holly E. Cheong, Los Angeles Jenny C. Chien, San Francisco Peter S. Cox, Richmond Nathalie M. Vega Crespo, Providence Jonathan DeMars, Richmond Noah J. DiPasquale, Richmond Erin E. Edwards, Chicago Nicole ElMurr, Philadelphia Christine R. Emello, Atlanta Tina S. Felahi, San Diego Jonathan P. Floyd, Richmond Kim R. Gershen, Virginia Beach Taylor R. Gess, Philadelphia Brian J. Hamilton, Virginia Beach Christine Hehir, Los Angeles Courtney T. Hitchcock, Virginia Beach James D. Horne, Charlotte Joshua D. Howell, Richmond Kathleen M. Hutchenreuther, Virginia Beach Eli Kaplan, Virginia Beach Jed Komisin, Richmond Jacob Kozaczuk, San Diego Ryan Lewis, San Francisco Stephen D. Lozier, Chicago Nathan R. Marigoni, Salt Lake City Punit K. Marwaha, Chicago Josh McBeain, Salt Lake City Julian A. Miller, Washington, D.C. Kristen L. Mynes, Richmond Carter R. Nichols, Richmond Christine Nowland, San Diego Rachel B. Ommerman, Virtual Richard Omoniyi-Shoyoola, Chicago Anthony T. Peluso, Virginia Beach Rachelle Pointdujour, New York City Jake A. Rodon, Atlanta Jeremy C. Sairsingh, Philadelphia Kearstin H. Sale, Atlanta Angie Shewan, Salt Lake City Sarah E. Siu, Richmond Heather C. Smith, San Francisco Stephen J. Steinlight, New York City Harry K. Tiwari, New York Meagan Tom, San Francisco Zachary A. Turk, Washington, D.C. Nicholas A. Verderame, Charlotte Jovanni Villa, San Francisco Allie Voehringer, Richmond Jennifer M. Wade, Virtual Peter Yould, Orange County Attorneys Maddie O. Baruch, Charlotte Anthony J. Calenzo, Virtual Kristen T. Eastman, Virginia Beach Dorrella L. Gallaway, Virtual Kate M. Geyer, Virtual Alec Hayes, Atlanta Matthew P. Holm, Chicago Nicholas R. Jimenez, Virginia Beach Ahmed H. Khattab, New York City Sean B. Kirby, Virtual Jessica T. Majkowski, Chicago Brenna McGill, Los Angeles Lauren Nichols, Raleigh Chiemela Okwandu, Los Angeles Leah S. Strickland, Virginia Beach Brittany M. Taylor, Washington, D.C. Benjamin White, San Diego Our Team TROUTMAN PEPPER LOCKE 2024 CFS Year in Review | 71 RESULTS MATTER CORE INDUSTRY STRENGTHS By the Numbers Financial Services Health Care + Life Sciences Energy Insurance + Reinsurance Private Equity Real Estate Troutman Pepper Locke helps clients solve complex legal challenges and achieve their business goals in an ever-changing global economy. With more than 1,600 attorneys in 30+ offices, the firm serves clients in all major industry sectors, with particular depth in energy, financial services, health care and life sciences, insurance and reinsurance, private equity, and real estate. Learn more at troutman.com. Fast Facts 100+ Attorneys Ranked - Legal 500 US 2024 Best of the Best - BTI Leading Edge Law Firms Report 2024 Top 30 Most Innovative Law Firms - Financial Times 2024 Top 5% for Client Service - BTI Client Service A-Team 2024 1600+ Attorneys 30+ Offices $126B+ in M&A T