Financial Services Law

Borrower Wins Key Victory in Madden v. Midland

A federal judge has ruled that New York law—not Delaware law as the parties agreed in the initial loan agreement—applies to the defaulted borrower's claims and has certified a class action against the debt collector.

By Benjamin T. Brickner

On February 27, U.S. District Judge Cathy Seibel issued a long-awaited decision in Madden v Midland Funding, LLC. The District Court's order considered the following questions: (1) which state's law should apply to the defaulted borrower's claims, and (2) whether to certify a class action against the debt collector on behalf of similarly situated borrowers.

After a brief history of the case, we summarize both holdings and discuss their implications for marketplace lending. In short, Judge Seibel's decision compounds uncertainty surrounding debt collection practices and could have far-reaching implications for related industries, including marketplace lending.

Procedural History

In 2005, Saliha Madden, a New York resident, opened a credit card account with Bank of America. The account cardholder agreement ultimately included a Delaware choice-of-law clause, whereby both parties stipulated that Delaware law would govern the agreement. Madden defaulted on the loan and her account was later sold to debt purchaser Midland Funding, LLC. Midland's affiliate attempted to collect the debt with a default interest rate of 27%.

In 2011, Madden sued Midland and the affiliate, claiming abusive and unfair debt collection practices under federal law and excessive interest under New York law, which provides that rates exceeding 25% per year are criminally usurious. The District Court found that the National Bank Act (NBA) preempted state usury law, thereby defeating both claims. The Second Circuit reversed in a ruling that has been roundly criticized, concluding that preemption applies only where application of state law would hinder a national bank's exercise of its powers under the NBA. While Bank of America is a national bank, neither Midland nor its affiliate is. The current eight-member U.S. Supreme Court declined to hear a further appeal and the case was remanded to the District Court for additional proceedings that resulted in the February 27 decision.

Choice of Law

Although the cardholder agreement chose Delaware law to govern the contractual relationship between the parties, the District Court determined that New York law should be applied. Midland argued for Delaware law, which has no interest rate cap, while Madden argued for New York law, which does. The Court found there was no reasonable relationship between the parties or the transaction with the State of Delaware. Moreover, the Court noted that New York's usury prohibition "constitutes a fundamental public policy" against excessive interest rates. Application of Delaware law would frustrate that policy.

Class Certification

The District Court also granted Madden's motion to certify a class action on behalf of as many as 50,000 similarly situated borrowers. The class includes New York residents from whom Midland has attempted to collect interest exceeding 25% since November 2008, and whose cardholder agreements purported to be governed by state laws (such as Delaware's) that have no usury cap.

Industry Implications

The District Court's decision could prevent enforcement of choice-of-law provisions in credit agreements against New York borrowers unless the counterparty is a national bank. This could be especially consequential for agreements that provide for payment of interest exceeding 25%, which is common among consumer loans and credit cards.

Moreover, the decision creates added uncertainty among lenders and debt purchasers who operate in the Second Circuit (New York, Vermont and Connecticut). Before Madden, it was widely understood that loans that are "valid when made" are not made invalid when assigned or sold to another party. The District Court's decision undermines this principle, rendering a valid-when-made loan potentially unenforceable to the extent it contravenes the fundamental public policy of the borrower’s home state.

Choice of law was an alternative to the preemption argument raised in the appeal, since even if federal bank preemption does not run to nonbanks, as the Second Circuit held, (1) Delaware recognizes the "valid when made" doctrine, and (2) no usurious interest was charged if the loan agreement is governed by Delaware law. But as proceedings continue, it remains unclear whether the District Court will recognize the "valid when made" doctrine under New York law. Unless it does so, the Second Circuit's preemption finding, together with the District Court's choice-of-law finding, could prove fatal to Midland's position.

The reasoning employed in Madden could apply beyond the sale of delinquent loans to debt collectors, including, perhaps, to any secondary sale of loans to nonnational bank buyers. In particular, this decision could adversely impact marketplace lenders. Even if an originating bank could enforce the terms of high-interest loan agreements, its third-party debt collectors may be unable to do so. This could cause banks to scale back their primary lending (particularly at higher interest rates), reducing the supply of loans available for purchase by marketplace lenders. Further, as enforceability of existing loans is made less certain, their value on the secondary market is diminished. Uncertainty also increases risk of loss, making investments through platforms that hold loans made to New York borrowers less attractive.

It should be noted that Madden has not yet been followed by any other court, nor has its reasoning been directly applied to marketplace lending. In fact, two other circuits have come to the opposite view. Nonetheless, we urge marketplace lenders and others to carefully consider the District Court's decision and to closely monitor the ongoing proceedings. The prospect of class action is especially concerning, as it could lead to additional litigation and larger recoveries. In the meantime, industry members should evaluate whether their lending activities could bring them within Madden's reach, especially in the Second Circuit states of Connecticut, New York and Vermont.

Why it matters

Recent rulings in Madden have created deep uncertainty among lenders and debt purchasers operating in the Second Circuit (New York, Connecticut and Vermont). These decisions have cast doubt on the “valid when made” doctrine, preemption under the National Bank Act and choice-of-law provisions in credit agreements. To date, Madden’s reasoning has not been applied to marketplace lending directly, nor has it been followed in any other jurisdiction. But lenders and debt collectors seeking to collect interest payments above the usury cap of a borrower’s home state—particularly in the Second Circuit—should closely monitor the ongoing litigation and carefully consider whether their activities could bring them within Madden’s reach.

Related Links

Madden v. Midland Funding, LLC, No. 11-CV-8149, (S.D.N.Y. Feb. 27, 2017), available here.

back to top

The Battle Over the CFPB Continues

The battle over the future of the Consumer Financial Protection Bureau (CFPB) rages on, with Republicans trying a host of measures to challenge and contain the agency.

What happened

With the new administration taking over in January, Republicans have made it a priority to effect change at the CFPB but have been met by a new obstacle. In February, the U.S. Court of Appeals for the D.C. Circuit granted the Bureau’s motion for a rehearing en banc in CFPB v. PHH Corporation, thereby vacating the ruling by a panel of the D.C. Circuit that ruled last year that, among other things, the CFPB’s structure was unconstitutional to the extent that its single director was removable solely for cause. As a result, the court preserves the status quo and leaves President Donald Trump unable to terminate CRPB Director Richard Cordray absent cause.

The new strategy: a multifaceted approach to change, control and/or defund the CFPB through whatever means possible.

For example, Republicans recently introduced multiple bills to reform or eliminate the Bureau. Sen. Ted Cruz (R-Texas) proposed Senate Bill 370, a measure that would repeal the Consumer Financial Protection Act of 2010 (with “the provisions of law amended or repealed by that Act … restored or revived as if the Act had not been enacted”). An identical bill was introduced in the House of Representatives.

An alternative bill would leave the CFPB in place but eliminate its funding by amending the Dodd-Frank Wall Street Reform and Consumer Protection Act to remove the primary funding mechanism for the Bureau (the transfer of funds from the Federal Reserve Board) and establish a “Civil Penalty” fund. Pursuant to Sen. Mike Rounds’ (R-S.D.) measure, Senate Bill 365, all civil penalties obtained by the CFPB would be deposited into that fund and in turn transferred to the general fund of the U.S. Treasury, in lieu of funding the Bureau.

A third piece of legislation, Senate Bill 105 from Sen. Deb Fischer (R-Neb.) addressed the structure of the agency, eliminating the current single director and replacing it with a five-member bipartisan commission similar to the Federal Trade Commission and Federal Communications Commission while Senate Bill 387, put forward by Sen. David Perdue (R-Ga.), would permit federal lawmakers to control the CFPB’s funding by making it subject to Congressional appropriations.

Lawmakers are likewise employing the Congressional Review Act to review any rules promulgated by the agency within the past 60 legislative calendar days. Efforts have already begun to nullify the Bureau’s Prepaid Rule, set to take effect in October, when Sen. Perdue introduced a joint resolution of disapproval in February.

Although the means may vary, Republican legislators appear united in their efforts against the CFPB. “We fought a war to get rid of the king and now it’s time to bring the unconstitutional CFPB’s war on credit and war on consumer choice to an end,” House Financial Services Committee Chairman Jeb Hensarling (R-Texas) said recently. “We will win this war.”

While all the politicking goes on, the Bureau has continued its work. Its active enforcements have substantially increased in the first quarter of 2017. By February, the CFPB had commenced ten enforcement actions. A five-fold increase over the two filed over the same period last year.

And the CFPB is active on other fronts. This past week, the CFPB released a Request for Information (RFI) about the use of “alternative data” to help increase access to credit for “credit invisible” consumers and publishing a report on the agency’s efforts in the credit reporting industry.

The CFPB estimated that 26 million Americans are “credit invisible,” lacking a credit history with a nationwide consumer reporting agency. Traditional credit history is based on data such as mortgages, credit cards and other loans, and is used by lenders to decide credit eligibility and the cost to borrowers. But what about using different data sources, like rent payments and mobile phone bills, to make lending decisions, the Bureau asked.

Specifically, the RFI sought information about whether alternative data could improve access to credit, if the complexity of the process would make it harder for consumers to understand their financial lives, the possible impact on costs and service (with the potential for lower operating costs for lenders and in turn, lower costs for borrowers), the implications for privacy and security, and the impact on specific groups (such as members of the military, who move frequently).

“Alternative data from unconventional sources may help consumers who are stuck outside the system build a credit history to access mainstream credit sources,” Cordray said. “We want to learn more about whether this nontraditional approach can offer opportunities to millions of Americans who are credit invisible and how to minimize any risks in how this information is used.”

In other agency news, the CFPB released a Supervisory Highlights Credit Reporting Special Edition, detailing the problems in the industry the Bureau said it has “uncovered and corrected” through its oversight work.

Since launching its supervision of the market in 2012, the regulator has worked to fix data accuracy. Recent exams have found that quality control programs ordered by the CFPB at consumer reporting companies have improved the accuracy of consumer records. The Bureau also made an effort to repair broken dispute processes by directing companies to follow federal requirements to send a notice with the results of disputes to consumers, for example, and consider documentation provided by consumers on a disputed item. Information from furnishers has also been cleaned up, the CFPB reported, with furnishers dedicating more resources to ensuring the integrity of information provided to credit reporting companies.

“Much more work needs to be done,” Cordray said in a statement with the release of the report. “But our corrective actions are leading to positive changes that are benefiting consumers all over the country.”

To read Senate Bill 370, click here.

To read Senate Bill 365, click here.

To read Senate Bill 105, click here.

To read Senate Bill 387, click here.

To read the CFPB’s RFI on alternative data, click here.

To read the CFPB’s report on the credit reporting industry, click here.

Why it matters

The future of the embattled CFPB remains uncertain, with Republicans trying on several fronts to eliminate or reform the Bureau. How the changes end up taking place—whether via a lack of funding, new legislation, or the PHH case pending in the D.C. Circuit—remains to be seen.

back to top

New York’s Cybersecurity Regulations Are in Effect

The New York Department of Financial Services’ (DFS) cybersecurity regulations took effect March 1—is your entity in compliance?

What happened

The “Cybersecurity Requirements for Financial Services Companies” were initially proposed last September by the DFS with a modified proposal released in late December based on comments and testimony.

The first-in-the-nation regulations for banks, insurance companies and other financial services institutions under DFS jurisdiction require covered entities to assess their specific risk profile and design a program that will “ensure the confidentiality, integrity and availability” of the entity’s information systems and “nonpublic information,” including any business-related information, information provided to a covered entity, healthcare information, and personally identifiable information.

In addition, covered entities must establish a written cybersecurity policy covering topics ranging from business continuity and disaster recovery planning to physical security and environmental controls to the designation of a Chief Information Security Officer (CISO), with that officer or another member of senior management obligated to file an annual certification with the DFS that confirms compliance with the regulations.

Changes made to the initial proposal included additional or modified definitions (for terms such as “Third-Party Service Provider” and “Nonpublic Information”) and an explanation that certain items in the required cybersecurity policy were not black-and-white mandates, but should be based on the institution’s risk assessment (such as the use of multi-factor authentication for employees accessing internal databases).

The modified proposal also featured clarifications about the CISO position, which does not have to be a new hire or an individual dedicated solely to CISO activities, the DFS said. The officer can even be employed by an affiliate of the covered entity or by a service provider.

Other requirements established by the regulation: a “periodic” risk assessment and an obligation to maintain audit trails for cybersecurity events “that have a reasonable likelihood of materially harming any material part of the normal operations.” DFS also established limited exemptions. For example, the regulation does not apply to “small” covered entities—defined as those with less than ten employees and independent contractors, less than $5 million in gross annual revenue in each of the last three years, or less than $10 million in year-end assets—as well as covered entities that do not “control, generate, or receive nonpublic information.”

“New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and the financial system from the ever increasing threat of cyber-attacks,” Governor Andrew Cuomo said as the regulation took effect. The regulation “will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber-crimes.”

To read the NYDFS regulation, click here.

Why it matters

The final regulation is risk-based and establishes “regulatory minimum standards while encouraging firms to keep pace with technological advances,” the DFS said in a statement. Covered entities should carefully review the regulation to ensure compliance now that the effective date has passed.

back to top