Skip to main content

Editors’ Note:

Welcome to the Spring 2021 issue of Greenberg Traurig’s Financial Services Insights Newsletter. This newsletter reviews certain significant cases and legal developments affecting the financial services industry.

In This Issue:

Spotlight on…

GT Insights

Upcoming Events

Q&A with GT’s Ben Saul: Recent CFPB Developments and Outlook

Sequel to Spokeo: Supreme Court to Address Standing and Typicality Requirements for Class Actions

The Enhanced Whistleblower Provision of the AMLA 2020: Understanding and Meeting the Two-Fold Risk

Spotlight on…

Citing the increasing needs of clients in consumer and specialty finance, fintech, and banking sectors, Greenberg Traurig (GT) has added Benjamin M. Saul as a shareholder in the firm’s Financial Regulatory & Compliance (FRAC) Practice in its Washington, D.C. office. Saul has worked with clients on high-stakes regulatory, enforcement, and litigation matters for nearly 20 years and is known as a leader in Consumer Financial Protection Bureau (CFPB) matters. Read the press release here.

GT Insights

CFPB Reiterates Focus on Mortgage Industry COVID-19 Response, Highlights Fair Servicing Concerns

On May 4, 2021, the Consumer Financial Protection Bureau (CFPB or the Bureau) released two new reports that double down on its message in early April 2021 that the Bureau is heightening its supervisory and enforcement scrutiny of mortgage servicers. Continue reading the full GT Alert.

CFPB Intensifies Focus on Pandemic Mortgage Servicing

The Consumer Financial Protection Bureau (CFPB or the Bureau) has sharpened its focus on the mortgage servicing industry. Knowing that millions of mortgage borrowers will exit COVID-19 moratoriums and forbearance plans in the fall, the Bureau first issued a compliance bulletin putting servicers on notice that it will use all supervisory and enforcement tools against those not ready to process loss mitigation requests from these borrowers. The CFPB followed by issuing a proposed rule that would amend the Real Estate Settlement Procedures Act (RESPA) Regulation X so as to prevent “avoidable foreclosures” on this borrower cohort. Continue reading the full GT Alert.

Upcoming Events

Patrick Broderick to Present at MBA's Legal Issues and Regulatory Compliance Conference 2021

Greenberg Traurig is proud to sponsor the 2021 Mortgage Bankers Association (MBA) Legal Issues and Regulatory Compliance Conference, where attendees will hear timely updates on emerging regulatory priorities resulting from the change in administration, including the delay of the mandatory compliance date of the general qualified mortgage (QM) rule and the future of fair lending. This two-day event will take place virtually on May 25-26, 2021. GT Shareholder Patrick Broderick will speak on the May 26 panel, “Regulatory Trends Track: Navigating the Recovery: FCRA, FDCPA and Bankruptcy Issues.” Click here for details and registration.


Q&A with GT’s Ben Saul: Recent CFPB Developments and Outlook

What is the status of President Biden’s nominee for CFPB director, Rohit Chopra?

Mr. Chopra’s nomination has moved out of committee and is ready for a floor vote. However, President Biden has indicated that Mr. Chopra’s confirmation will be delayed until the administration fills the FTC vacancy created by the resignation of former FTC Chair Joseph Simons. As Mr. Chopra is currently an FTC commissioner, his departure before Mr. Simon’s replacement is in place would leave Republican FTC commissioners with a 2-1 majority. To avoid this outcome, Mr. Chopra’s confirmation must follow the confirmation of Columbia Law School Professor Lina Khan, President Biden’s nominee to replace Mr. Simons at the FTC. Ms. Khan’s nomination remains in committee and it could take some time – late April or even early May – before the Senate turns to confirming Mr. Chopra.

Importantly, Acting CFPB Director David Uejio, driven by Mr. Chopra’s views and intentions, has wasted little time in launching a major course correction at the CFPB. Although some of the CFPB’s recent actions seem motivated to preserve the status quo until Mr. Chopra arrives, Mr. Uejio has taken numerous active measures to advance a new, Chopra-aligned agenda at the CFPB.

Talk about the recent CFPB actions that illustrate this new agenda?

Where to begin? There has been a spate of policy and rulemaking activity. In addition, our industry contacts are already reporting increased scrutiny during exams, and our contacts at the Bureau similarly report that the number of new investigations is already trending up noticeably and will only multiply. To start with, the CFPB has made clear that its immediate priorities are protecting consumers impacted by the pandemic and promoting racial equality. Many of its recent actions demonstrate the Bureau’s commitment to these new priorities through a combination of tightening oversight of supervised institutions and providing relief to borrowers. For example, between March 31 and April 5, 2021, the CFPB rescinded seven policy statements issued in 2020 providing regulatory flexibility to financial institutions and replaced a 2018 bulletin on supervisory communications that eliminates the use of Supervisory Recommendations; issued a bulletin warning mortgage servicers to be ready for the wave of borrowers that will make loss mitigation requests as they exit pandemic moratoriums and forbearance plans in the fall; and proposed changes to RESPA Regulation X in order to prevent foreclosures on those same borrowers.

The CFPB has also extended the compliance dates for Qualified Mortgage and Debt Collection rules –likely preserving Mr. Chopra’s ability to later revise them. And, showing its return to a “regulation by enforcement” regime, in early March, the Bureau rescinded a 2020 Policy Statement limiting its pursuit of civil penalties for “abusive” acts or practices. In addition, the Bureau has reversed course from the prior administration, indicating it will enforce the Military Lending Act. In late March, Mr. Uejio also issued a statement that small dollar lenders will receive heightened supervisory and enforcement scrutiny, with the Bureau taking enforcement where business models “depend on inability to pay.” This inability to repay scrutiny will also likely be extended to other consumer lending products.

On the fair lending front, in early March, the CFPB issued an interpretative rule clarifying that lenders cannot discriminate based on either sexual orientation or gender identity. It also issued guidance on providing financial services to consumers with Limited English Proficiency. In addition, the Bureau is reinstating Home Mortgage Disclosure Act (HMDA) data reporting requirements, moving forward with implementation of the small business data collection rule, and has joined an interagency RFI to understand what regulatory clarity may be needed around the use of artificial intelligence by consumer finance companies.

Meanwhile, the Bureau’s Research, Markets and Regulations team is studying pressing issues related to housing insecurity and barriers to racial equity in consumer finance. And this is not an exhaustive list! Mr. Uejio has been an active Acting Director, indeed.

What are some of the areas of CFPB focus that lie ahead?

As to protecting consumers impacted by the pandemic, and as the CFPB has already indicated, it intends to use its unfair, deceptive and/or abusive acts or practices (UDAAP) and other authority to scrutinize mortgage servicers closely. The same will be true of student loan servicers, debt collectors and furnishers of credit reporting information, as well as other financial service products and practices. In terms of other areas of focus, Mr. Uejio has specifically called out small dollar lenders as a sector the Bureau will scrutinize. Similar scrutiny on overdraft practices may also return.

As to promoting racial equity in financial services, fair lending and servicing has returned as a top priority of the Bureau. In many respects, the CFPB’s fair lending priorities may dovetail with its objective to protect consumers impacted by the pandemic. For example, the CFPB – through its statements and intent to move forward with the small business data collection rule – has signaled it will use its authority under the Equal Credit Opportunity Act to police discrimination in small business credit (a sector hard hit by COVID-19). In this regard, inquiries into whether financial institutions discriminated against women and minority-owned businesses when offering PPP loans may arise. Such matters will focus on the adequacy of compliance procedures, whether the PPP lending program restricted access to certain protected classes of borrowers, and whether an institution has complied with Regulation B’s requirements for recordkeeping and adverse action notices.

Another such example is fair servicing – for both mortgage and student loans. Here, the Bureau is likely to focus on whether servicers have engaged in sufficient and consistent loss mitigation outreach to protected class borrowers, managed communications with Limited English Proficiency borrowers, and properly considered income from part-time employment, alimony, child support, separate maintenance payments, retirement benefits or public assistance when evaluating income as part of determining eligibility for loss mitigation options.

More generally, the Bureau may return to a more aggressive use of disparate impact theory to establish claims of discrimination against creditors. To this end, users of non-traditional data and/or algorithmic models may face more scrutiny – though the Bureau will continue to balance bias risk against the potential for such alternative approaches to expand access to credit. For lenders utilizing such approaches, it will be important to have put fair lending process around them, including developing appropriate business justifications and conducting outcome testing, as appropriate.

On the rulemaking front, the CFPB seems poised to continue moving toward proposed rules concerning open banking and consumer access to financial data – a step that could bring much needed standardization among the somewhat competing objectives of consumers, banks, fintechs, and data access providers.

What can financial institutions and other service providers do now to manage CFPB risk?

Although the proactive steps will vary from issue to issue, at a high-level, now is the time to ensure that your institution’s change management and governance risk and compliance approaches are robust; its risk assessments and policies and procedures are adequate given the new guidance and rules coming out of the Bureau almost daily; and its customer complaint response procedures are fulsome. Further, complaints should be addressed fully and in a timely fashion, emerging supervisory expectations should be addressed in proactive dialogue with your examiner-in-charge, and Bureau developments should be kept top-of mind through regular coordination with your regulatory and government affairs teams, trade associations, industry peers, and third-party advisors.


Sequel to Spokeo: Supreme Court to Address Standing and Typicality Requirements for Class Actions

By Sylvia E. Simson and Keith Hammeran

In Spokeo, Inc. v. Robins (2016), the Supreme Court held that a named plaintiff must allege a concrete harm to have Article III standing to sue on behalf of a putative class. But district courts have since varied in interpreting Spokeo’s holding that a “risk of real harm” can be sufficiently concrete to satisfy Article III.

All eyes are thus now on the Court’s forthcoming decision in TransUnion LLC v. Ramirez, which may provide guidance on what the Court meant by a “risk of real harm,” and may affect or narrow the types of persons who can participate in class actions. The decision is likely to inform defense strategies at all stages of class action litigation against large companies, including financial institutions.


In 2002, TransUnion developed a product to screen the names of U.S. consumers against those on a list maintained by the U.S. Office of Foreign Asset Controls (OFAC). If a consumer’s first and last names matched those of a person on the list, TransUnion would add an alert to the consumer’s credit report regarding the “potential match.” The named plaintiff, Sergio Ramirez, alleged he suffered actual injury in the form of denied credit and embarrassment after a Nissan dealership refused to sell him a car based on a TransUnion credit report with an OFAC alert. Moreover, upon requesting his credit file from TransUnion, Ramirez received two mailings that allegedly did not clearly apprise him of his rights with respect to the alert. 

Ramirez brought a putative class action against TransUnion under the Fair Credit Reporting Act. Ramirez did not, however, limit his putative class definition to consumers who had suffered purported injuries similar to his own following the disclosure of OFAC alerts to third parties. Instead, he defined the putative class more broadly as all persons who had requested their credit files from TransUnion and been sent similar OFAC mailings. Following discovery, the parties stipulated that over 75% of the proposed class had not in fact had a credit report containing an OFAC alert shared with a third party. The district court nonetheless certified the class as defined by Ramirez, rejecting TransUnion’s objections that the absent class members lacked standing and that Ramirez’s unique injuries made him atypical of the class. 

At trial, Ramirez testified extensively concerning his unique injuries. Virtually no evidence was presented with respect to the absent class members’ injuries. For example, no evidence was presented that any of the 25% of class members whose credit reports containing OFAC alerts had been shared with third parties were denied credit or were even aware of such disclosure. Nor was there evidence that any absent class member had been confused or affected by TransUnion’s mailings. Nonetheless, the jury awarded the class $60 million in statutory and punitive damages. 

A divided Ninth Circuit reduced the punitive damages award but otherwise affirmed. The majority held that a “risk of real harm” existed, sufficient for standing under Spokeo, merely because the class members’ credit files were designed to be disclosed at a “moment’s notice,” and because TransUnion’s mailings were “inherently shocking and confusing” and left class members “completely in the dark” about how to challenge the OFAC alerts. The majority further held that Ramirez satisfied the typicality requirement of Fed. R. Civ. P. 23 because all of the class members’ claims were based on the same conduct and legal theories, even if Ramirez’s injuries were different and/or more complex.

Arguments Before the Supreme Court and Potential Ramifications

The Supreme Court granted certiorari to address “whether either Article III or Rule 23 permits a damages class action where the vast majority of the class suffered no actual injury, let alone an injury anything like what the class representative suffered.” Thus, not only is the Court in a position to clarify Spokeo’s “risk of real harm” standard, it has been asked also to address what it means for standing and class certification when classes are broadly defined to include individuals who suffered significantly different harms or risks than those of the named plaintiff. 

There are many ways in which the Court could provide guidance on these issues, which could affect how future class actions are litigated. 

At oral argument, several Justices appeared to wrestle with the question of whether a class member’s past exposure to a risk of harm should give them standing even if the harm in question never materialized. Some Justices (including Justice Alito, Spokeo’s author) suggested that a mere risk of harm should not support standing absent some knowledge of the risk by class members sufficient to cause emotional distress. If the Court adds a form of knowledge component to Spokeo, it could provide a basis for new defenses and objections by defendants at the pleading and class certification stages.

The typicality issues presented by this case are also significant. The text of Rule 23 does not on its face require a named Plaintiff to have injuries typical of those of his class (it only says “claims or defenses”), so a ruling informing the typicality prerequisite could provide a new basis for defendants to challenge certification. 


The Enhanced Whistleblower Provision of the AMLA 2020: Understanding and Meeting the Two-Fold Risk

By Kyle R. Freeny

The Anti-Money Laundering Act of 2020 (AMLA), enacted in the waning days of the Trump administration, amended the Bank Secrecy Act (BSA) in several ways that are likely to have a lasting impact on the AML risk landscape that financial institutions face. Among these changes was an overhaul of the BSA’s whistleblower provision, to offer robust new incentives for individuals to report violations of the BSA to federal authorities, on the one hand, while providing a private cause of action against employers for retaliation, on the other.

Although these two aspects of the enhanced AMLA whistleblower program are mutually reinforcing, it is important for financial institutions to understand the unique risks created by each.

Increased Incentives to Report to Federal Authorities

Prior to enactment of the AMLA, the BSA had a rather anemic whistleblower provision that capped awards at $150,000 – a number that was thought did not incentivize many, particularly long-term or high-level employees. Under the AMLA’s enhanced provision, the Secretary of the Treasury can award whistleblowers up to 30% of the monetary sanctions obtained as a result of the disclosure (provided the sanction exceeds $1 million). Interestingly, unlike the SEC whistleblower program on which it was modeled, the AMLA program does not currently contain a minimum award amount, creating some ambiguity about the strength of the incentive.

Potential Increase in Enforcement Activity. Nonetheless, the dramatic increase in the potential upside of whistleblowing may naturally precipitate an increase in tips to regulators and law enforcement, with an accompanying increase in enforcement activity under the BSA. The extent of this anticipated increase remains to be seen, of course, and may depend at least in part on whether the Department of the Treasury exercises its authority in the coming months to set a minimum award amount. Nonetheless, certain clues may be gleaned from the notable uptick in enforcement that followed enactment of the SEC whistleblower program under the Dodd-Frank Act.

According to the SEC’s Report to Congress for FY 2020, the SEC’s whistleblower program has led to more than $2.7 billion in total monetary sanctions since its inception, with more than $500 million being awarded to whistleblowers. Of the 106 award recipients to date, 68% were current or former insiders. This number may be even higher under the AMLA program, since insiders have exclusive access to certain restricted information relevant to potential BSA lapses, such as whether a suspicious activity report (SAR) has been filed.

Application to Compliance Personnel. Notably, the AMLA incentive provision does not contain any express carve-out for compliance or audit professionals who provide information on AML/CFT lapses as part of their job duties. In contrast, awards to such personnel are narrowly circumscribed under the SEC program, and for good reason: incentivizing a compliance officer to report an AML lapse to government officials in the first instance would tend to interfere with their core function of helping their institution meet its compliance obligations. It is possible that Treasury adopts similar limitations through rulemaking (assuming it believes it has the authority to do so). Unless and until such time, the AMLA places financial institutions in a very difficult position, in some sense creating a conflict between compliance personnel and the institutions they serve.

New Anti-Retaliation Cause of Action

The AMLA also creates a private right of action for employees who believe they have suffered retaliation as a result of protected whistleblower activity. Retaliation is defined to include any change in the terms and conditions of employment or post-employment as a result of the protected activity. Complaints are generally governed by the whistleblower retaliation rubric applicable to the federal aviation sector, 49 U.S.C. § 42121(b), including a low-threshold causation standard, to wit, that the protected activity was at least a “contributing factor” in the employment action. Successful employees are eligible for reinstatement, double back pay, compensatory damages, and attorney fees.

Employers that are subject to the whistleblower provisions in the Federal Deposit Insurance Act and the Federal Credit Union Act are exempt from the AMLA’s anti-retaliation provision. Employees of FDIC- and FCUA-insured institutions will continue to be covered by the existing whistleblower protections in those two separate acts, which contain a higher threshold than the AMLA.

Institutions that are covered by the new anti-retaliation provision, however, will want to carefully evaluate the new litigation risks it creates. In particular, by removing or ameliorating one disincentive to whistleblowing – namely, the prospect of suffering employment consequences – the new cause of action complements and amplifies the incentives provision, further encouraging employees to report AML lapses to federal authorities.

Risk of Claims Based on Internal Reporting. The anti-retaliation provision is not limited to circumstances where employees report to federal authorities; it also protects employees from retaliation for internal reporting of AML violations. Financial institutions subject to the provision may face retaliation claims by employees, including but not limited to compliance personnel, who were fired or disciplined after reporting potential AML lapses to a supervisor or other responsible person within the organization.

In this respect, the AMLA provision differs sharply from the SEC anti-retaliation provision, which is triggered only once an employee has made a disclosure to the SEC, and instead more closely resembles the anti-retaliation provision in the False Claims Act (FCA). For example, in February 2020, an employee was awarded $2.5 million under the FCA retaliation provision for her claim that she was terminated for reporting potential fraud to her supervisor. Although the scale of the awards under the AMLA anti-retaliation provision may seem relatively small compared to the enforcement penalties meted out by bank regulators, FinCEN, or DOJ for BSA violations, the cost of litigation coupled with the potential multiplicity of such claims should not be underestimated.

Steps to Consider

Although there is no one-size-fits-all answer on how to meet the two-fold risk created by the AMLA whistleblower program, covered institutions may wish to consider the following steps:

  • Review the adequacy of internal reporting mechanisms and remediation measures, to make sure that the institution addresses significant AML lapses before they are reported to the federal authorities for a bounty. It is worth noting that of the employee insiders awarded under the SEC program, a full 84% raised their concerns internally in some way or another. Explore additional ways to encourage employees to report concerns internally first, without appearing to discourage external reporting (which may be met with hostility by regulators). A top-to-bottom culture of compliance, in which employees believe that they are heard, can be a critical component of risk mitigation.
  • Review employee and post-employment confidentiality agreements for consistency with the new AMLA program. Use caution with provisions that may be interpreted by employees or regulators to restrict the ability of employees to report to federal authorities. By way of analogy, the SEC brought an enforcement action in 2015 against a company for requiring witnesses in internal investigations to sign confidentiality statements warning that they would face discipline if they discussed the matter with any outside parties without prior approval.
  • Separately assess the risk of exposure to retaliation claims, to the extent covered by the new provision. Review retaliation policies and manager training; update as necessary.
  • Watch for any forthcoming notice of proposed rulemaking (or other rules or guidance) related to the new whistleblower program, including on whether and how compliance and audit personnel will be permitted to receive inventive awards. Consider submitting public comments to the Treasury, whether individually or through trade associations.


This Greenberg Traurig Newsletter was prepared by the firm’s Financial Services Litigation Group.