Can a Lender’s “Robo-Signing” of a Loan Document be the Basis for an Unfair or Deceptive Trade Practice Claim?

The financial crisis of 2008 and the subsequent wave of mortgage foreclosures brought to light certain lenders’ practices of “Robo-Signing.” Robo-Signing was a term coined to refer to bank employees’ alleged practice of “robotically” signing mortgage loan documents without reviewing them.

A recent decision from the Middle District of North Carolina explores in some depth whether the alleged robo-signing of a mortgage assignment provides a basis for a borrower to make a N.C. Gen. Stat. § 75-1.1 claim. 

In Tobias v. Nationstar Mortgage, LLC, the plaintiffs were borrowers who took out a mortgage loan. To secure the loan, the borrowers executed a deed of trust on their residence. Several years later, Bank of America purported to assign the loan to Nationstar Mortgage. A written assignment was recorded in the appropriate county register of deeds.

The borrowers then applied for a loan modification with Nationstar. Nationstar denied the loan modification. Nationstar maintained that the borrowers failed to timely submit documents to Nationstar.

After the denial of the loan modification, the borrowers filed a complaint against Nationstar and other related entities. The borrowers asserted claims for violations of federal lending regulations and section 75-1.1. As a basis for their 75-1.1 claim, the borrowers contended that the assignment was “fraudulent and/or forged” because it had been robo-signed.

Besides seeking treble damages for the 75-1.1 violation, the borrowers sought as a separate state-law remedy to void and cancel the assignment. The borrowers asserted that the defendants’ conduct harmed the borrowers’ ability to market and sell their residence.

The defendants moved to dismiss the borrowers’ cause of action to cancel the assignment and the 75-1.1 claim. The defendants argued that the borrowers could not void the assignment and maintain a 75-1.1 claim because the borrowers lacked standing to challenge the assignment. As an alternative ground, the defendants argued that the North Carolina Debt Collections Act is the exclusive remedy for debt collection actions that allege unfair and deceptive practices.

The Court dismisses the 75-1.1 claim, but on an alternative basis

The Court agreed with the defendants that the borrowers lacked standing to void the assignment. The borrowers were not a party to the assignment, did not allege that they were a third-party beneficiary of the assignment, and did not allege that they could be the subject of double liability if Nationstar enforced the assignment. The borrowers, therefore, could not show a particularized injury stemming from the alleged robo-signing.

The Court also found that the complaint failed to state a claim for unfair and deceptive trade practices.  But not for the reasons defendants advanced. Although they lacked standing to void/cancel the assignment, the Court found that the defendants had standing to maintain the 75-1.1 claim because they alleged that the assignment clouded title to their residence.   

The Court agreed with the defendants that the NCDCA is the exclusive remedy under North Carolina law for unfair debt collection practices. The court did not, however, dismiss the 75-1.1 claim on that basis because the borrowers were not challenging the defendants’ debt collection procedures.

The defendants caught a break, however because rather than allowing the 75-1.1 claim to proceed, the Court dismissed the claim on a basis that the defendants had not briefed.

The Court found that the borrowers failed to allege sufficiently an actual injury proximately caused by the defendants’ conduct. The borrowers’ complaint affirmatively alleged that the borrowers obtained a mortgage loan memorialized by a recorded deed of trust. The borrowers also attached a copy of the deed of trust to the complaint.

The borrowers did not dispute the validity of the deed of trust. The court recognized that the undisputed terms of the deed of trust allowed the holder to assign its interest without notice to the borrowers.  After reviewing language in the assignment, the Court found that was exactly what happened—Bank of America assigned and conveyed the loan to Nationstar. 

The Court also found that the borrowers’ allegations regarding the property’s marketability and their ability to sell it were conclusory and unsupported by any other factual allegations. The Court also noted the absence of allegations of any unfair or deceptive conduct on Nationstar’s part.

The takeaway—linking conduct to injury is important

Why did the Court go out of its way to dismiss the 75-1.1 claim? Perhaps the Court was uncomfortable with imposing treble damages for possible misconduct that did not appear to cause the borrowers’ injury.

The Tobias decision thus shows that a defendant’s misconduct—standing alone—may not be a basis for 75-1.1 liability. A 75-1.1 claimant should show with particularity how the misconduct alleged to be either unfair or deceptive caused a particularized injury, or risk summary dismissal of the claim.

Special thanks to Lauren Golden, who made substantial contributions to the writing of this blog post.

Author: George Sanderson

When a Claim of Deception Turns on Promises

Businesses regularly make decisions based on forecasts of future market opportunities.

When a business makes a bad guess, however, can N.C. Gen. Stat. § 75-1.1 come to its aid? What if the guess turned on statements by a contracting partner?

Today’s post looks at a recent decision about these questions. As the decision reveals, section 75-1.1 sets a high bar for claims that appear to rest—as Naked Eyes might say—on promises, promises.

It’s Showtime

The facts in Topshelf Management v. Campbell-Ewald (a case we have covered before) concern flying simulators that the U.S. Navy uses in recruiting events.

The defendant, Campbell-Ewald, did marketing for the Navy. The Navy would issue a statement of work to Campbell-Ewald that sought specific services. Campbell-Ewald then gave pricing information to the Navy, and the Navy would issue a task order for the services. After it received a task order, Campbell-Ewald would issue a corresponding purchase order to a subcontractor.

In September 2008, Campbell-Ewald considered using Showtime Sports and Marketing as a subcontractor for the simulators. Showtime signed terms and conditions that would govern each purchase order from Campbell-Ewald. The terms said that no work by Showtime would be authorized before Campbell-Ewald issued a purchase order.

Campbell-Ewald soon issued a purchase order to Showtime to supply two simulators. Then, in mid-2010, Campbell-Ewald decided to subcontract work for a third simulator to Showtime, even though Campbell-Ewald had considered supplying the simulator itself.

Before it issued the purchase order for the third simulator, however, Campbell-Ewald received a letter from Showtime’s principal, Brian Efird. The letter said that Showtime was winding up its operations, but that Efird would soon associate with a new company, called Topshelf, which could contract with Campbell-Ewald.

This letter changed the calculus for Campbell-Ewald; it decided to do the work on the third simulator itself. Though disappointed about not getting the purchase order for the third simulator, Efird (through Topshelf) continued to supply Campbell-Ewald with the first and second simulators.

That work didn’t last. In December 2011, Campbell-Ewald told Efird that the Navy had discontinued the first two simulators, and that Topshelf’s work would end in January 2012.

Topshelf sued. Its complaint had tort and contract claims, but only its section 75-1.1 claim survived a motion to dismiss. Campbell-Ewald later moved for summary judgment.

When Misrepresentations and Contract Terms Collide

Topshelf’s 75-1.1 claim had two parts.

First, it claimed that Campbell-Ewald misled Topshelf about the third simulator. In particular, Topshelf thought that Campbell-Ewald, through its statements, had assured the issuance of a purchase order for the third simulator.

Second, Topshelf accused Campbell-Ewald of making a series of representations that led Topshelf to believe that more purchase orders were coming. Relying on these representations, Topshelf spent money updating the first two simulators—only to have its work on those simulators discontinued.

U.S. District Court Judge Thomas D. Schroeder didn’t buy either argument.

As for the third simulator, Judge Schroeder emphasized that Campbell-Ewald simply changed its mind about the purchase order when it learned of Showtime’s dissolution. He then explained that, on these facts, Campbell-Ewald’s evaluation of the pros and cons of using Topshelf did not violate section 75-1.1. Showtime’s dissolution, after all, was a significant event, and Campbell-Ewald’s change of heart reflected a rational business response.

The parties’ contract confirmed this reasoning. The terms that Showtime signed at the outset of the parties’ relationship said that no work could be assigned without Campbell-Ewald issuing a purchase order. Campbell-Ewald never issued a purchase order for the third simulator.

Topshelf’s second theory fared no better. That theory, like the first theory, clashed with the fundamental structure of the parties’ dealings: the companies worked under short-term purchase orders. Campbell-Ewald, moreover, issued purchase orders only based on the Navy’s needs. Given that the parties’ contract memorialized this structure Topshelf could not claim to have been misled about future expectations of work.

Top Lessons from Topshelf

Topshelf serves as yet another reminder that, when two parties have a business relationship governed by a contract, the starting point to analyze their conduct under section 75-1.1 is that contract. Here, that contract made clear that a purchase order was a prerequisite to any subcontractor work on a simulator. The plaintiff here couldn’t overcome that factual hurdle.

But was the hurdle insurmountable?

Imagine, for example, if Campbell-Ewald had told Topshelf that, notwithstanding the terms of the contract, Topshelf could be guaranteed work on the third simulator. If an executive at Campbell-Ewald made that statement to an executive at Topshelf, would Topshelf have acted reasonably had it relied on that statement? One can imagine a battle of facts regarding reasonableness—including whether the contract language would defeat any “guarantee” of future work, regardless of the specific words used to make the guarantee.

In any event, the analysis would likely start with, and revolve around, the role of the parties’ contract. That contract can leave a plaintiff, like Topshelf here, with empty promises.

Author: Stephen Feldman

The Proposed Overhaul of North Carolina’s Data-Breach Law Could Have Big-Time Consequences

One might expect N.C. Gen. Stat. § 75-1.1 to play a big role in data-breach litigation. The statute, after all, offers the prospect of treble damages and attorney fees. 

But, historically, it hasn’t. Only three decisions—from federal courts in 2009, 2014, and 2017—appear even to have considered 75-1.1 claims in the context of a data breach.

That all could change. Last week,  North Carolina Attorney General Josh Stein and Republican state representative Jason Saine announced a plan to overhaul North Carolina’s data-breach law.

We’re still waiting to see the bill, but the announcement included a Fact Sheet with the proposed legislation’s key elements. Two of those elements caught my attention. 

First, the bill would meaningfully change the notification obligations imposed by North Carolina’s Identity Theft Protection Act,  N.C. Gen. Stat. § 75-60 et seq., on businesses that suffer a security breach:

  • The definition of “security breaches” for which notification is required would now include incidents of mere “access” to information—such as ransomware attacks like the one recently suffered by Mecklenburg County—regardless of whether they pose a material risk of harm to a consumer.
  • Businesses would be held to a strict 15-day deadline for notifying consumers and the Attorney General about a security breach.

Second, the bill would require businesses to implement and maintain reasonable security measures to protect individuals’ personal information against a security breach. The Fact Sheet doesn’t define those measures, other than to say that they must be “appropriate to the nature of personal information.”  Fifteen other states have passed similar laws.  

Here’s where section 75-1.1 comes into the picture: the proposed legislation would make any violation of this new affirmative data-security duty a per se violation of section 75-1.1. As I’ll discuss below, this could be a pretty big deal for data-breach litigants.

The Current and Limited Options for 75-1.1 Claims on Data Breaches

Not many data-breach plaintiffs bring 75-1.1 claims, and for good reason. Leaving aside the failure to notify consumers of a security breach (which under section 75-65(i) is an automatic 75-1.1 violation), there’s no obvious way to bring the failure to prevent a breach within section 75-1.1’s ambit.

At first blush, a deception theory might seem like a viable option. A plaintiff could allege that the business represented that it employed safeguards to protect the plaintiff’s personal information, but that those representations were misleading, because the safeguards were insufficient. A deception-based claim, however, would require actual and reasonable reliance on those security-related representations. This would be no small task given the growing body of 75-1.1 case law striking down deception-based 75-1.1 claims on the pleadings for failing to meet that threshold.

A direct-unfairness theory likely wouldn’t fare any better. A plaintiff could allege that a business’s failure to protect personal information is by itself a “unfair” practice, but courts have struggled to decide whether particular conduct is unfair enough to violate section 75-1.1. And although the theory finds some support in the data-security “common law” developed by the Federal Trade Commission, no court appears ever to have held that failing to protect personal information is unfair under section 75-1.1. 

Deficient Data Security as Per Se 75-1.1 Violation?

The proposed legislation would give plaintiffs a third—and much easier—way to make out a 75-1.1 claim: a per se theory. According to the Fact Sheet, “[a] business that suffers a breach and failed to maintain reasonable security procedures will have committed a violation of the Unfair and Deceptive Trade Practices Act.” 

The proposed legislation would therefore allow data-breach plaintiffs to bypass the difficult question of whether a business’s data security practices can give rise to 75-1.1 liability. The inquiry would instead be whether the business’s security procedures were reasonable and “appropriate to the nature of the information” it held. And that inquiry—which could require a fact-intensive consideration of the business’s security procedures and the nature of the security breach—would often not be susceptible to a motion to dismiss under Rule 12. 

The availability of a per se 75-1.1 claim could thus give data-breach plaintiffs a substantial strategic advantage. Defendants might often be forced to confront, from the outset, the prospect that a fact-finder will determine that their information-security programs failed to satisfy the amorphous “reasonable security” standard. And if the price of losing that battle is a treble damages award under section 75-1.1, many businesses would face increased pressure to settle early.

Troubled Waters Ahead for Data-Breach Defendants?

Without the bill text, it’s hard to say whether the proposed overhaul will lead to more data-breach lawsuits under section 75-1.1. Various factors could avoid or limit that result.

First, even if the proposed data-security requirement is adopted and violations are declared per se violative of 75-1.1, the General Assembly might nonetheless preclude a private right of action to enforce that 75-1.1 violation. Other states with similar data-security statutes—such as Arkansas, Florida, and Massachusetts—have followed this approach. Those states have limited enforcement to the state’s attorney general. 

Second, the General Assembly could allow a private right of action, but preclude or limit the availability of treble damages. This approach has precedent: North Carolina’s records disposal law, section 75-64, requires businesses to take “reasonable measures” to protect personal information “in connection with or after its disposal.” The statute makes a violation of that requirement a per se violation of section 75-1.1, but it also prohibits the trebling of damages where the violation was caused by the business’s “nonmanagerial employees . . . unless the business was negligent in the training, supervision or monitoring of those employees.” 

Finally, data-breach defendants will still have other defenses, including and especially those based on lack of injury-in-fact sufficient to establish standing and/or to state a claim. As we’ve discussed before, these “lack of injury” defenses can present a substantial hurdle for data-breach plaintiffs.

But if the reward for clearing that hurdle is automatic treble damages, plus the chance to get attorney fees, more plaintiffs might attempt the leap.