Month-In-Brief: Business Regulation & Regulated Industries

CURRENT MONTH (October 2021)

Antitrust Law

Senate Proposal Opens the Door for Increase in State Attorneys General Antitrust Lawsuits

By Barbara Sicalides, Troutman Pepper Hamilton Sanders LLP

On September 23, 2021, the U.S. Senate advanced legislation that puts all businesses at risk of defending antitrust lawsuits across different jurisdictions at the same time. Senate Bill 1787 (S. 1787)—the Antitrust Enforcement Venue Act of 2021—prevents defendants from transferring and consolidating antitrust lawsuits brought by state attorneys general to a different venue. This regulatory action is part of a broader legislative scheme that seeks to target giant tech monopolies and streamline litigation for state prosecutors. This legislation has been the subject of a recent push by states for more authority in this space. If enacted, S. 1787 would allow states to challenge allegedly anticompetitive activity at all levels of commerce, placing businesses of all sizes at greater risk of state antitrust litigation. S. 1787 would allow states to choose the venue in which they challenge alleged anticompetitive conduct, increasing the cost and risk of antitrust litigation across different jurisdictions for businesses of all sizes.

Companies engaged in interstate commerce should review or implement antitrust compliance training and materials to minimize the risk of violations of the antitrust laws and the possibility of being forced to defend against multiple lawsuits across different jurisdictions.

Banking Law

Federal Agencies Issue Joint Statement on LIBOR Transition

By Christopher Greenidge, McGlinchey Stafford PLLC

On October 20, 2021, five federal agencies, in conjunction with the state bank and state credit union regulators, issued a joint statement highlighting the risks posed by the discontinuation of the London Interbank Offered Rate (LIBOR). The agencies are urging banks and nonbanks to “continue their efforts to transition to alternative reference rates to mitigate consumer protection, financial, legal, and operational risks.” The joint statement outlines certain considerations that entities should take into account in preparation for the elimination of LIBOR. These include conducting due diligence necessary to ensure that alternative rate selections are appropriate, developing and implementing a transition plan for communicating with consumers, clients, and counterparties, and ensuring systems and operational capabilities will be ready for transition to a replacement reference rate after LIBOR’s discontinuation.

In a press release issued in in connection with the joint statement, the Consumer Financial Protection Bureau stated that it is currently working on a final rule to address the anticipated expiration of LIBOR, which is expected to be issued in January 2022.

Consumer Finance 

Federal Agencies Extend Mortgage Forbearance

By Sanford Shatz, McGlinchey Stafford PLLC

At the end of September 2021, three federal agencies that insure or guarantee residential mortgages— the Department of Veterans Affairs (VA), the United States Department of Agriculture’s Rural Housing Service (USDA), and the Department of Housing and Urban Development’s Federal Housing Administration (FHA)—extended the time for borrowers to seek mortgage forbearance through the end of the COVID-19 National Emergency. Previously, all three agencies had required borrowers to seek forbearance by September 30, 2021, and stated that forbearance would end by June 30, 2022.

After extending the time to seek forbearance, the VA stated that any forbearance should end by September 30, 2022. The USDA did not provide an end date for forbearance, stating that borrowers may obtain forbearance up to six months, and seek up to an additional six months. The FHA stated that its forbearance period would end by the later of six months after the end of the National Emergency or September 30, 2022.

Because the CARES Act does not specify the nature or extent of the covered period for mortgage forbearance, it appears that borrowers may seek forbearance through the end of the National Emergency for up to six months, and request an additional six months, if necessary. The federal agencies are expected to issue additional guidance on this topic.

Rohit Chopra Sworn in as CFPB Director, Sets Priorities, Names Key Staff

By Eric Mogilnicki & Graves Lee, Covington & Burling LLP

On October 12, 2021, Rohit Chopra was sworn in as Director of the Consumer Financial Protection Bureau, following his confirmation by the U.S. Senate on September 30, 2021. Chopra will be the fifth Bureau leader in the past four years, as Director Cordray resigned in November 2017 and was followed by Acting Director Mick Mulvaney, Director Kathleen Kraninger, and Acting Director Dave Uejio. His term will last until October 2026, subject to at-will removal by the President.

Following his swearing in, Director Chopra published a statement outlining his priorities for the Bureau. He first pointed to the “extremely fragile moment” brought on by the COVID-19 pandemic and the “uneven recovery,” which he stated exposed “the longstanding systemic and structural barriers we must overcome to build a more inclusive economy.” In that context, Director Chopra stated that the Bureau must “use [its] tools to promote competition and shift market power toward consumers and law-abiding businesses,” “strive for a marketplace where families are treated fairly and can seek help when they’re in trouble,” and “anticipate emerging risks so we can act before a crisis, rather than acting after it is too late.”

Joint CFPB-FTC Amicus Brief Urges Inapplicability of Section 230 to FCRA Suit

By Eric Mogilnicki & Graves Lee, Covington & Burling LLP

On October 14, 2021, the CFPB and the Federal Trade Commission filed an amicus brief in Henderson v. The Source for Public Data, L.P., a case pending in the U.S. Court of Appeals for the Fourth Circuit. The underlying action arose from the plaintiff’s claims under the Fair Credit Reporting Act (“FCRA”). The plaintiff alleged that the defendant operates as a consumer reporting agency and failed to comply with certain procedural requirements under the FCRA. The U.S. District Court for the Eastern District of Virginia held that the defendant cannot be held liable for violating the FCRA based on the dissemination of consumer reports that include false, incorrect, or misleading information because the defendant is a publisher and speaker of third-party information, meaning the claims are barred under Section 230 of the Communications Decency Act.

In the amicus brief, the CFPB and the FTC urge reversal, arguing that Section 230 is inapplicable. They argue that enforcement of the FCRA’s requirements does not implicate the concerns that Congress sought to address in passing Section 230. In a joint statement, CFPB Director Rohit Chopra and FTC Chair Lina M. Khan stated their concern that “if tech companies circumvent consumer and banking laws, using Section 230 and other tactics, it will give a free pass to some, undermining fair competition.”

Seila Law LLC Forgoes Another Appeal

By Eric Mogilnicki & Uttara Dukkipati, Covington & Burling LLP

On October 8, 2021, California law firm Seila Law LLC informed the Ninth Circuit Court of Appeals that it would not pursue U.S. Supreme Court review of the Circuit Court’s decision that the CFPB had validly ratified a civil investigative demand (“CID”).

In a landmark ruling last year, the U.S. Supreme Court agreed with Seila Law that the CFPB was unconstitutionally structured, and struck limitations on the President’s authority to fire the Bureau Director. However, the Supreme Court did not rule on whether or how the CFPB could ratify its prior decisions. The Ninth Circuit later ruled that the CID issued to Seila Law had been validly ratified by the Bureau Director and was still enforceable. With last week’s action, Seila Law will now face the CID it first challenged in 2017.

Senate Banking Chair Urges the CFPB to Focus on the Tenant Screening Industry

By Eric Mogilnicki & Lucy Bartholomew, Covington & Burling LLP

In April of 2021, Senator Sherrod Brown, Chairman of the Senate Banking Committee, sent letters to ten tenant screening companies, expressing concerns with inaccuracies in tenant screening reports and requesting information regarding the companies’ Fair Credit Reporting Act compliance policies and procedures.

On October 19, 2021, Senator Brown sent a letter to CFPB Director Rohit Chopra, outlining the findings of the Senate Banking Committee’s inquiry and urging the CFPB to “begin a thorough review of the tenant screening industry and use its authorities to the fullest extent possible to protect renters.” Senator Brown’s letter cited cases in which tenant screening companies issued reports with inaccurate information, which may lead to denied rental applications and higher security deposits. The letter notes that reports on applicants’ criminal records or prior evictions raise greater accuracy concerns since these factors are often outcome determinative.

5th Circuit Rejects Putative Class Action Under National Bank Act on Overdraft Fees

By Ralph T. Wutscher, Maurice Wutscher LLP

The U.S. Court of Appeals for the Fifth Circuit in Johnson v. BOKF N.A. recently affirmed the dismissal of a putative class action challenging a bank’s overdraft fees as usurious under the National Bank Act (NBA). In so ruling, the Fifth Circuit held that the Office of the Comptroller of the Currency’s (OCC) official Interpretive Letter on the subject—Interpretive Letter 1082—was entitled to deference.

The plaintiff checking account holder filed a putative class action under the NBA, challenging the “Extended Overdraft Charges” assessed by the bank when she overdrew on her checking account and failed to timely cover the overdraft. The plaintiff alleged that the bank extended credit to her when it covered her overdraft, and that the overdraft charges constituted usurious interest in violation of the limits set for the bank under the NBA.

The Fifth Circuit first noted that Interpretive Letter 1082 squarely addressed these allegations, and that the defendant bank’s deposit account agreement expressly authorized the overdraft charges at issue. The Court then examined whether it should defer to the OCC’s Interpretive Letter 1082.

After extensive examination recounted in its opinion, the Court concluded that “deference to OCC’s interpretation of these regulations is appropriate, and the agency’s determination in Interpretive Letter 1082 that the type of bank fees at issue here … are non-interest charges is a sufficient basis to resolve this case.” Therefore, the Fifth Circuit affirmed the dismissal of this putative class action.

California Governor Approves Changes to CCPA and CPRA

By Webb McArthur, Hudson Cook, LLP

On October 5 and 8, 2021, California Governor Gavin Newsom signed into law Assembly Bills 694 and 335, amending provisions of the California Consumer Privacy Act (“CCPA”).

In November 2020, California voters approved Proposition 24, known as the California Privacy Rights Act (“CPRA”), to amend the CCPA by providing for additional consumer rights with regard to personal information, shifting enforcement of and rulemaking under the CCPA from the Attorney General to a new agency (the California Privacy Protection Agency), and amending the scope of the CCPA. AB 694 and AB 335 make a series of technical changes to the CCPA in accordance with the CPRA. Most provisions of the CPRA become effective on January 1, 2023, so companies doing business in California should review all changes to the CCPA in preparation.

Notably, the CPRA will eliminate the CCPA’s limited exemptions for personal information collected by a business about a person acting in an employment, management, or similar context (the employment exemption) and for personal information reflecting a communication or transaction between the business and the consumer in a commercial context (the business to business exemption). As a result, all provisions of the CCPA will, beginning on January 1, 2023, apply to personal information in employment and commercial contexts. The CPRA also increases one of the CCPA’s size thresholds, from 50,000 to 100,000 California residents or households whose information the business annually buys, receives for commercial purposes, sells, or shares for commercial purposes.

The CPRA adds new consumer rights with regard to their personal information, including:

• The right to opt out of the sharing of personal information for cross-contextual (third-party) advertising purposes;
• The right to limit the use and disclosure of sensitive personal information, a new sub-category of personal information;
• The right to accuracy and correction; and
• Rights related to automated profiling to be developed by regulation.

The CPRA also adds new requirements on businesses within the law’s scope, including:

• New content for Notices at Collection and in online Privacy Policies;
• New content for consumer disclosures;
• Requiring businesses to enter into contracts with third parties to which personal information is sold and pass on deletion requests to those third parties;
• New required terms for service provider agreements; and
• Requiring businesses generally to limit the purposes for processing personal information and implement data security protections, including the potential need for cybersecurity audits.

The new agency enforcing the CCPA, the CPPA, is tasked with updating existing CCPA regulations and issuing new regulations related to new CPRA requirements.

California DFPI Launches Review of Residential Mortgage Servicers

By Christopher Greenidge, McGlinchey Stafford PLLC

On September 13, 2021, the California Department of Financial Protection and Innovation (DFPI) announced it would be conducting a review of residential mortgage servicers. Licensees servicing residential mortgages, either directly or through sub-servicers, will be required to provide information to the DFPI regarding the actions they are taking to help borrowers avoid foreclosure, including:

• A process for screening borrowers for potential eligibility for state and federal foreclosure aid;
• Procedures and plans for compliance with loss mitigation requirements; and
• An assessment of the magnitude of foreclosure risk among the loans they service.

The DFPI’s goal in launching this mandatory survey is to ensure that licensees are complying with state and federal laws protecting borrowers from COVID-19-related financial insecurity and informing eligible consumers about mortgage relief funds.

New Provisions of Maine Consumer Credit Code Broaden Applicability of Statute and May Impact Bank Partnership Programs

By Frank Bishop, Jr., Hudson Cook, LLP

On October 18, 2021, two recently enacted Maine laws took effect: HP 1082 and SP 205. Both new laws make significant amendments to the Maine Consumer Credit Code (“MCCC”) that may impact creditors doing business in Maine and, in particular, bank partnership programs.

New provisions of the MCCC that may impact bank partnership programs. SP 205 adds a new provision to the MCCC that prohibits an entity from engaging in any device, subterfuge, or pretense to evade the requirements of the MCCC, including: (1) making a loan disguised as a personal property sale and leaseback transaction; (2) disguising loan proceeds as a cash rebate for the pretextual installment sale of goods or services; or (3) making, offering, assisting, or arranging a debtor to obtain a loan with a greater rate of interest, consideration, or charge than is permitted by the MCCC through any method. A loan made in violation of this new provision is void and uncollectible as to any principle, fee, interest, or charge.

In addition, SP 205 deems a person a lender subject to the requirements of the MCCC notwithstanding the fact that the person purports to act as an agent or service provider or in another capacity for an entity that is exempt from the MCCC, if, among other things: (1) the person holds, acquires or maintains, directly or indirectly, the predominant economic interest in the loan; (2) the person markets, brokers, arranges, or facilitates the loan and holds the right, requirement or first right of refusal to purchase the loan or a receivable or interest in the loan; or (3) the totality of the circumstances indicate that the person is the lender and the transaction is structured to evade the requirements of the MCCC. Circumstances that weigh in favor of a person being deemed a lender include, without limitation, when the person: (1) indemnifies, insures, or protects an exempt entity for any costs or risks related to the loan; (2) predominantly designs, controls, or operates the loan program; or (3) purports to act as an agent or service provider or in another capacity for an exempt entity while acting directly as a lender in other states. If deemed a lender, the person may be subject to licensing and rate limitations imposed by the MCCC.

Broader applicability of supervised lender license. Prior to the effective date of HP 1082, the MCCC required a licensee to: (1) make a supervised loan (a consumer loan with a finance charge greater than 12.25%); (2) take assignment of and undertake direct collection of payments from or enforcement of rights from an office in Maine arising from supervised loans; or (3) service mortgage loans. HP 1082 strikes the reference to “from an office in Maine,” thereby applying the licensing requirement to any person who takes assignment of and services supervised loans, wherever located. A supervised financial organization (a defined term that includes state and federally chartered banks and credit unions) is exempt from the licensing requirement.

Broader applicability of MCCC. Prior to the effective date of HP 1082, the MCCC applied to a consumer credit transaction if: (1) a signed writing evidencing the obligation or offer of the consumer was received by the creditor in Maine; or (2) the creditor, wherever located, induced the consumer who was a resident of Maine to enter into the transaction by face to face, mail, telephone, or email solicitation. HP 1082 expands the applicability of the MCCC to any consumer credit transaction with a consumer who is located in Maine. In addition, prior to the effective date of HP 1082, the MCCC applied to consumer credit sales where the seller extended credit 25 or more times in the preceding or current calendar year. HP 1082 lowers that threshold to more than 15 times, but only with regard to consumer credit sales of automobiles.

Massachusetts Attorney General Issues Advisory on Vehicle Advertising, Pricing, and Lease Buyouts

By Thomas P. Quinn, Jr., Hudson Cook, LLP

On September 28, 2021, Massachusetts Attorney General Maura Healey issued an advisory to remind vehicle dealerships about their obligations, and consumers about their rights, relating to vehicle advertising and pricing, as well as the requirement for dealerships to honor the terms of lease buyouts. The advisory, which was issued pursuant to the Massachusetts deceptive trade practices statute and regulation, as well as the attorney general’s motor vehicle regulation, is effective immediately. To the extent that dealerships are engaged in any of the activities identified in the advisory, they are on notice that the attorney general considers the practices to be illegal and that they must terminate such activities without delay.

The attorney general notes in the advisory that the practices outlined therein may be caused by the COVID-19 pandemic and its twin effects of decreasing public transportation ridership (which has increased the demand for vehicles) and slackening production of semiconductor chips necessary for vehicle manufacture (which has driven down vehicle production). These factors have resulted in significant market price increases for both new and used vehicles, with the downstream effect of dealers refusing to sell vehicles at the price advertised, requiring the payment of additional fees and “market cost adjustments,” and refusing to honor lease buyout terms.

To address these concerns, the advisory highlights the following dealer obligations under existing law:

• Dealers must clearly and conspicuously disclose which charges are included and excluded in the advertised price of a vehicle, along with the expiration date of any advertised price.
• Dealers must sell a vehicle for its advertised price.
• Dealers must not make any misrepresentations in vehicle advertising, including any misrepresentations about the value of the vehicle. Such misrepresentations could include, among other things, the posting or advertising of vehicle prices that are inaccurate or that they do not intend to honor.
• Dealers must honor the terms of their contractual obligations with consumers in vehicle leases, including the consumer’s right to purchase the vehicle under the contract.
• As a catch-all, the advisory notes that dealers must comply with all existing laws meant for the protection of public health, safety, or welfare or that are otherwise intended to provide protection to consumers.
• Finally, the advisory states that dealerships are places of public accommodation under Massachusetts law, meaning that dealers may not discriminate against consumers based on their race, color, religion, national origin, sex, gender identity, sexual orientation, disability (either physical or mental), and/or ancestry.

The advisory instructs consumers who believe that a dealership is violating its obligations under the law to contact the attorney general’s Consumer Advocacy and Response Division.

Considering this heightened attention, Massachusetts dealerships should review existing advertising and sales campaigns to ensure that they remain compliant and do not include any of the practices outlined in the advisory.

Employment Law

HIPAA Privacy Doesn’t Stop Vaccine Inquiries by Employers and Businesses

By Katherine Conklin & Charles E. Stoecker, McGlinchey Stafford, PLLC

In guidance issued on September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) again explained that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule does not apply in most instances in which individuals are asked whether they have received a COVID-19 vaccine or to provide evidence of vaccination. The OCR also reminds organizations that if HIPAA does apply, it regulates the use and disclosure of protected health information, and not the ability to request information from its employees.

The guidance poses a number of common questions, all of which are answered in the negative:

• “Does the HIPAA Privacy Rule prohibit businesses or individuals from asking whether their customers or clients have received a COVID-19 vaccine?” “No.”
• “Does the HIPAA Privacy Rule prevent customers or clients of a business from disclosing whether they have received a COVID-19 vaccine?” “No.”
• “Does the HIPAA Privacy Rule prohibit an employer from requiring a workforce member to disclose whether they have received a COVID-19 vaccine to the employer, clients, or other parties?” “No.”

The guidance reminds everyone that the HIPAA Privacy Rule only regulates the usage of protected health information by “covered entities” and their business associates, and only health care providers, health care clearing houses, and health plans are “covered entities.” Those entities cannot provide vaccination information to third parties who are not covered entities without an appropriate HIPAA authorization or as otherwise permitted under HIPAA. However, employers or businesses interacting with their customers or visitors are not covered entities and are not restricted by the HIPAA Privacy Rule.

The guidance clarifies that even covered entities can request COVID-19 information from their workforce members when the covered entities, such as hospitals, are acting in their capacities as employers. Covered entities can require their workforce members to provide proof of vaccination, sign a HIPAA authorization about vaccination status, wear a mask, or reply to inquiries from patients about vaccination status.

The guidance notes that the Americans with Disabilities Act (ADA) does require employers to keep documentation or other confirmation of vaccination confidential and stored separately from the employee’s personnel files. The relief from HIPAA privacy restrictions for employers does not extend to ADA compliance. Moreover, group health plans sponsored by employers are often HIPAA-covered entities, which means that COVID-19 vaccination information that employers receive through a group health plan constitutes protected health information subject to HIPAA rules. However, notably, information an employer learns from sources other than the group health plan (such as the methods discussed above) is not protected by HIPAA.

OSHA Vaccine Mandate Standard Expected Any Day Now

By Charles E. Stoecker & Christine Tenley, McGlinchey Stafford, PLLC

On October 12, 2021, the Occupational Safety and Health Administration (OSHA) submitted its draft of the proposed COVID-19 vaccine mandate enforcement standards to the White House’s Office of Management and Budget for review (OMB), advancing President Biden’s vaccine mandate for private employers to an impending compliance reality.

How did we get here, and what’s the latest on the federal vaccine mandate?

In case you missed it, on September 9, 2021, President Biden issued an executive order mandating that private employers who employ more than 100 employees either: (1) mandate COVID-19 vaccines for their employees, or (2) implement weekly COVID-19 testing programs. President Biden tapped OSHA, the federal agency that enforces workplace safety, to create the Emergency Temporary Standard (ETS) that will last for only six months. We anticipate that the ETS will be issued within the next several weeks. Employers who fail to comply with the vaccine mandate ETS could face costly OSHA investigations and financial penalties.

With the ETS looming large on the horizon, employers must prepare for the mandate as soon as possible. Employers should communicate clearly with their workforce to ensure employees know what is expected as far as vaccination and testing once the mandate becomes effective. Employers should also ensure they have a rigorous process in place to handle requests for accommodation for covered medical disabilities, religious exemptions, and pregnancy-related accommodation requests. Although there are many unanswered questions regarding how to implement the vaccine mandate or testing program, and who is paying for what, it will benefit employers to get out in front of the mandate and begin to prepare for compliance. Currently, the latest statistics indicate that only approximately 55% of employers have issued a vaccine mandate or are strongly considering implementing a vaccine mandate.

What’s happening at the state level?

Challenges to vaccine mandates are currently winding their way through the courts. On October 11, 2021, Texas Governor Greg Abbott signed an executive order banning private employers and other entities from imposing COVID-19 mandates in Texas, in a direct challenge to President Biden’s vaccine mandate. Also, on October 13, 2021, Arkansas lawmakers introduced legislation that would allow workers to opt out of federal or employer vaccine mandates, if they are tested weekly or can prove they have natural antibodies on an annual basis. The bill also allows unemployment benefits to be paid to those employees who are terminated for failing to comply with a vaccine mandate.

The U.S. Constitution prohibits states from interfering with valid federal laws, and most courts (and federal agencies, such as the Equal Employment Opportunity Commission) have supported employers implementing vaccine mandates, subject to reasonable accommodations for disability, pregnancy, and religious beliefs. Notwithstanding, we anticipate more states will follow suit in an effort to challenge the federal COVID-19 vaccine mandate. While Texas’s ban may be superseded by Biden’s mandate, Governor Abbott’s actions set up a showdown between state and federal laws that could take months to sort out in court—well beyond the six-month period for the federal mandate to be in place.

Practically speaking, however, unless a court grants swift emergency relief to stop the federal vaccine mandate, employers should be prepared to implement the appropriate vaccine and testing programs and ensure robust compliance with federal anti-discrimination laws through at least the spring of 2022.

Health & Life Sciences

California Enacts Law on Health Care Debt Collection

By Christopher Greenidge, McGlinchey Stafford PLLC

On October 4, 2021, California enacted AB 1020, which amends provisions related to health care debt collection. The bill, which is effective January 1, 2022, will require certain licensed hospitals, including general acute care hospitals, prior to assigning a bill to collections, or selling patient debt to a debt buyer, to provide notice to a patient that includes certain information about the bill being assigned to collections or sold. The bill then prohibits a debt collector from collecting consumer debt that originates from a licensed general acute care hospital without first communicating with the debtor in writing, and including a copy of the required hospital notice and a statement that the debt collector will wait at least 180 days from the date the debtor was initially billed for hospital services before reporting adverse information to a credit reporting agency or filing a lawsuit against the debtor.

The bill also imposes standards on complaints filed by a debt collector in actions for debt that originate with a licensed general acute care hospital. Such complaints must allege that the plaintiff is a debt collector, that the underlying debt originated with a general acute care hospital, the balance of the debt upon assignment to the debt collector, and other information as specified in the bill. The plaintiff also will be required to redact protected information filed with the complaint. Additionally, the bill prohibits a default judgment against the debtor unless the debt collector has submitted business records establishing the facts alleged.

Certain hospitals, including general acute care hospitals, also will be prohibited from selling patient debt to a debt buyer unless, among other things, the debt buyer agrees to not resell the debt except in certain specified instances, agrees not to charge interest or fees on the debt, and is licensed as a debt collector by the California Department of Financial Protection and Innovation. A debt buyer also will be prohibited from engaging in certain actions, such as wage garnishment, except by court order, when dealing with a patient under a hospital’s charity care or discount payment policies.

The bill does not prohibit a debt collector or debt buyer from selling the patient debt to a 501(c)(3) nonprofit organization for purposes of cancellation of such debt.