With 2016 rapidly drawing to a close, here are some thoughts regarding the types of litigation and legal/regulatory issues that will likely be top-of-mind for financial services companies, especially mortgage companies and banks, in 2017:

RMBS Suits and Mortgage Repurchase or Indemnification Claims

I admit it—I never would have thought, when I started working on cases of this type back in 2009, that new waves of residential mortgage-backed securities(“RMBS”) lawsuits and contractual mortgage buyback claims would still be getting filed (or that some older claims would still be getting litigated) in 2016 and 2017. But they remain with us. Yes, some things about these cases have changed. For example, a higher percentage of mortgage buyback suits are now brought by entities, like ResCap/RFC, Lehman Brothers Holdings, and the various failed institutions for which the FDIC  is acting as Receiver, that long ago ceased to do business—and now function primarily as “litigation machines.” Also, plaintiffs are now more prone to pitch their claims as ones for “indemnification” rather than “repurchase.” They do that both because they believe (falsely, in our view) that using the term “indemnification” can help them navigate around the statute of limitations, and because most of the loans in dispute are by no means still available for true repurchase. But more about these cases remains the same than has changed. Mortgage companies and banks threatened with RMBS and buyback/indemnification claims still tend to have far stronger legal and factual defenses available to them than the parties making the threats initially believe. And, unfortunately, the stakes remain high for the companies facing these claims—sometimes so high that negotiating a quick, acceptable settlement is all but impossible. 2017 may be a watershed year in this area of the law, with additional important decisions likely to be forthcoming on the statute of limitations, plaintiffs’ ability or inability to use “statistical sampling” in especially large cases, how alleged damages should be calculated, and the impact of bulk loan sales as part of a bid process on a plaintiff’s claims that its own client guide was breached.

CFPB Actions and Investigations

The Consumer Financial Protection Bureau (“CFPB”) may get its wings clipped to some extent by the incoming Trump administration. At a minimum, its leadership structure will need to be altered unless the PHH case ruling requiring such a change is stayed and then reversed. For now, however, the CFPB remains vigilant and active. Its priority areas for enforcement and investigation in the near term include the following: scrutinizing the fairness of various mortgage lending and servicing practices; small business lending; student lending; challenging companies’ attempts to contractually require consumers or borrowers to arbitrate disputes rather than litigate them; consumer reporting company practices; and certain debt collection practices. Companies under the CFPB’s jurisdiction (which it interprets very broadly) should bear in mind that, once the CFPB decides merely to commence an investigation to determine whether an enforcement action/lawsuit is necessary, the burden on the investigated company is typically heavy and expensive. The CFPB routinely issues civil investigative demands (“CIDs”) that require fast and extensive production of documents and other information. CIDs are often substantially broader in scope, and more burdensome, than typical document requests in civil litigation. Getting a quick understanding of the somewhat unusual procedures and protocols involved in responding to a CID from the CFPB is a must for companies that receive them—and, given the broad range of priority areas identified by the CFPB, a lot more companies may be receiving CIDs in 2017.

Data Security and Privacy

Yahoo’s latest revelations this month about the enormous data hack of its networks in 2013 will only add to various regulatory agencies’ sense of urgency about ensuring that the companies they regulate have strong systems and policies in place to safeguard personal data and other sensitive information. For obvious reasons, the financial services industry stands out as one that regulatory agencies such as the CFPB, Department of Justice, Federal Trade Commission, and various other federal and state banking and finance authorities believe must be particularly prepared to defend against—and, if necessary, respond to—data breaches. Recognizing the premium that the agencies place on safety, soundness and preparedness, we provide an overview training program related to key legal compliance issues to interested clients.

Financial Services Professionals as Fiduciaries

The U.S. Department of Labor (“DOL”) issued on April 6, 2016 its, final rule expanding the “investment advice fiduciary” definition under the Employee Retirement Income Security Act of 1974 (“ERISA”). The final rule significantly broadened and modified the set of prohibited transaction exemptions for investment activities in light of that expanded definition. There is a clear conflict brewing in 2017 with regard to rules like this one. On the one hand, there appears to be growing populist momentum for the concept of holding more financial professionals to a higher standard than has applied to them in their past dealing with customers—more of a heightened-duty, trusted advisor type of standard, as opposed to a “let the customer beware” approach. On the other hand, there is the Republican Congress’ evident desire to eliminate the DOL’s new fiduciary rule and prevent similar ones from being enacted as to other types of financial advisors. At the very least, the press attention placed on this issue can be expected to spur more lawsuits or arbitration demands by consumers against their advisors’ employers, and perhaps the advisors themselves as well.

We sincerely hope that, in spite of these issues of continuing or growing concern, all of our readers will have a very happy holiday season and a productive and prosperous new year.