Client Alert

Financial Services Report, Fall 2005


In this issue:

On the Edge

Editor’s Note

Why another law firm newsletter?  Because this one is different. Like other newsletters, this one will report on recent developments in statutes, regulations, and case law affecting the financial services industry. But our emphasis will be trend-spotting and forecasting future developments. You won’t see a lot in these pages about a court’s reasoning, how the dissent got it right or the majority distinguished this case or overlooked that one. Those things matter, but if you need that kind of detail we’ll tell you whom to contact.

Like the masthead says, we want to help companies "stay ahead of the summons."  Our goal is to offer suggestions to ward off the process server. So, you will get pithy summaries and occasional humor, with an eye toward what it all means. Let us know if we miss. And if we don’t hear from you, forgive us if we misinterpret your silence as applause and submit these pages to the Pulitzer committee.

The hot story this Fall is data breach. Nothing else comes close. Congressmen and legislators are earning their pay figuring out how to force companies to put ever tighter locks on customer data and devising new forms of negative reinforcement for those that don’t.

Meanwhile, the class action bar isn’t waiting. Dozens of class actions have been filed against companies whose data has been hacked or lost before there is even any proof that a single person’s ID has been pinched or credit card filched. It’s a "Fear of ID Theft" kind of thing. One State Attorney General has just sued a retailer for not notifying several hundred thousand customers about a data loss even though his state doesn’t have a notification statute. Why?  The theory is that the company—a shoe retailer—breached an implied warranty to protect its customers’ data. Talk about letting the other shoe drop.

Our Winter issue will cover legislation. Until then, we remain, respectfully yours.

William L. Stern, editor

Beltway Report

Security Breach-the New Bandwagon

Twenty states have already passed legislation governing notification of affected persons in the event of a security breach. Another dozen or more states are cooking up legislation. Even New York City has its own ordinance, although it will be trumped by the New York State statute when it becomes effective in December. Some states’ laws (e.g. Oregon) are so badly drafted that a worker who misplaces a Blackberry could face fines for violating peoples’ privacy. In the meantime, class action lawyers who used to wait by the ticker tape for inspiration nowadays scan the news headlines for the latest corporate security breach.

Arbitration Report

Does California have a thing against contracts?  Two decisions handed down by the California Supreme Court just six weeks apart give one pause.

Arbitrations and Class Actions

In June, the California Supreme Court weighed two competing goals:  Fostering class actions versus enforcing contractual bargains. Class actions won.  Discover Bank v. Superior Court (Boehr), 36 Cal. 4th 148 (2005), may mark the end of arbitration as a way for companies to resolve consumer disputes, at least in California. After Boehr, a company that uses consumer arbitration in California runs the risk that it may be forced to undergo classwide arbitration.

The full text of this article is available at:

California Report

Prop 64

Think Proposition 64 hasn’t made a difference?  Tell that to the plaintiffs’ bar. Before Proposition 64, three leading Southern California plaintiff’s firms routinely pursued claims under California’s unfair competition law, Bus. & Prof. Code §17200 ("UCL"). Just days before the November election, they mass-filed eight hundred or more insurance bad faith suits arising from the San Diego wildfires of 2003 and included a UCL claim in each. Then came the election. A few weeks later, they amended and dropped the UCL claim in every one.

The full text of this article is available at:

Privacy Report

9th Circuit:  SB-1 Is Either Preempted... or Not

California’s Financial Information Privacy Act (Fin. Code §4050) (better known as "SB-1") departed from the Gramm-Leach-Bliley Act because it required customer "opt-in" consent when financial institutions share nonpublic customer information with non-affiliates, and "opt-out" choice to share such information with affiliates. In June, the Ninth Circuit held that SB-1 is preempted as to affiliate sharing. (See American Bankers Association v. Gould, 412 F.3d 1081 (9th Cir. 2005).) Or did it? Let’s take a look.

The full text of this article is available at:

Ahead of the Summons

California Expands Nationwide

It must be depressing being a legislator in the other 49 states. Why bother passing laws when California has more than it needs and is willing to apply them nationwide?

In June, the California Supreme Court held that a California resident could sue in California several Nevada casinos and hotels for including a so-called "energy surcharge" in their rates. The Supreme Court held that California had jurisdiction over the Nevada hotels and that California’s Section 17200 could apply to those claims. (Snowney v. Harrah’s Entertainment, Inc., 35 Cal.4th 1054 (2005).)

The full text of this article is available at:

Insurance Report

A Great Deal, or "Adverse Action"?

If you give an applicant an initial rate for homeowners or automobile insurance and the rate is influenced by a credit report, you have to send an "adverse action" notice under the Fair Credit Reporting Act if the given rate is not your best available rate. This is true even if the rate is better than the applicant could have gotten elsewhere. (Reynolds v. Hartford Financial Services, 2005 WL 1840054 (9th Cir. Aug. 4, 2005).) This is easy to fix now, before the process server arrives.

The full text of this article is available at:

Creditor’s Rights Report

A New Chapter in Bankruptcy

Bankruptcy reform is here. When the majority of the provisions from the "Bankruptcy Abuse Prevention and Consumer Protection Act of 2005" go into effect on October 17, 2005 (certain disclosure rules in the new law are subject to further rule-making by the Federal Reserve Board), abuses in Chapter 7 bankruptcies should decrease, and more debts should be repaid—a good thing, certainly. While celebrating this long-awaited reform, however, creditors need to take steps now to prepare for the impact of this new law and ensure that their own conduct is in compliance with the new requirements.

The full text of this article is available at:

Mortgage Report

RESPA Ruling—"NYET" to Overcharges, "DA" to Markups

Section 8 of RESPA doesn’t prohibit overcharges, said the Third Circuit in August, but it can prohibit markups. (Santiago v. GMAC Mortgage Group, Inc., ___ F.3d ___ 2005 WL 1840031 (3d Cir. 2005).)  In Santiago, plaintiff obtained a home loan from GMAC and was charged fees of $85 (tax service), $20 (flood certification), and $250 (funding fee). He sued under RESPA, arguing that the first two services were performed by third-party vendors and included an illegal mark-up, whereas the third fee had a reasonable value of only $20 such that the excess amount was essentially a fee without any corresponding "services rendered."  The court concluded there is no cause of action for overcharges with respect to the $250 "funding fee." 

The full text of this article is available at:

Car Report

Car Buyer’s Bill of Rights

In July, California’s Governor Schwarzenegger signed into law the nation’s first "Car Buyer’s Bill or Rights."  The bill is a compromise. Consumers who buy a vehicle valued under $40,000 will have a two-day right to rescind and get a full refund, but it allows car dealers to charge $250 for this service. AB 68 also governs what a "certified" used car means, and requires dealers to disclose consumers’ credit ratings as well as the vehicle’s base price (exclusive of add-ons). The bill also limits the "dealer spread" to 21⁄2% for 60-month finance contracts and 2% for contracts longer than 60 months. The law becomes effective July 1, 2006.

The full text of this article is available at:


Operations Report

Happy Days for Op-Subs

State banking officials cannot regulate the operating units of national banks, according to the Second Circuit. (Wachovia Bank, N.A. v. Burke, 414 F.3d 305 (2d Cir. 2005).) Wachovia Bank organized its mortgage operation (Wachovia Mortgage Corp.) as an operating unit of the national bank parent, rather than a department or division of the bank itself. It sued the Connecticut Banking Commissioner over whether the state has a right to license and regulate its nonbank unit. The Second Circuit agreed that the National Bank Act ("NBA") and OCC regulations free banks from state supervision.

A month later, the Ninth Circuit fell in line. In Wells Fargo Bank, N.A. v. Boutris, 2005 WL 1924713 (9th Cir. Aug. 12, 2005), it found California’s "per diem interest" statute preempted under NBA as to Wells Fargo’s mortgage company subsidiary, which was licensed as a consumer financial lender ("CFL") under California law. California could not conduct an audit nor could it require licensure of the bank’s OpSub. The "per diem interest" statute was not preempted, however, under the Depository Institutions Deregulation and Monetary Control Act ("DIDMCA"), a ruling which some feel may let states regulate when national banks may start to accrue interest, even though they may not regulate the amount.

The Mofo Marker

  • 2 Percentage of GDP represented by
    tort costs
  • 800   Dollars, per U.S. citizen, attribut-
    able to tort costs
  • 153   The number of seats up for grabs in
    California’s last election
  • 0     The number of those seats that
    changed parties
  • 20     Number of states with their own
    notification statute covering data breaches
  • 12     Number of states considering such

Preemption Soup

If the NBA preempts the CFL, why does ESPN show the NFL rather than MLB on Sunday nights in September? Stay tuned.


New FTC rules on proper disposal of customer information took effect on June 1, 2005. (16 C.F.R. §314.) These rules apply to financial institutions over which the FTC has jurisdiction. The FTC wants to prove it is serious about enforcing those rules.

USA Patriot Act Compliance

Join us for a free live web seminar on September 13 at 2:00pm EST. Hear from leading experts on federal agency guidance and exam procedures and the compliance programs needed to protect both your institution and your customers. You will also be able to engage our presenters by emailing your questions. For more information, including how to register, go to



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.