Alston & Bird's Payments Docket | May 2023


MAY 2023 | 3 REGULATORY & ENFORCEMENT CFPB Investigates Cryptocurrency Lender’s Product On December 1, 2022, the Consumer Financial Protection Bureau (CFPB) made public an administrative order denying cryptocurrency lender Nexo Financial LLC’s petition to modify the CFPB’s civil investigative demand. This is the first publicly known action taken by the CFPB against a cryptocurrency product provider. The CFPB served Nexo with a civil investigative demand in late 2021, seeking further information about whether Nexo’s products were subject to federal consumer financial law, specifically the Consumer Financial Protection Act and the Electronic Fund Transfer Act, and Nexo’s compliance with these laws. In its petition to modify, Nexo claimed that the CFPB lacked authority to investigate Nexo’s Earn Interest Product, which allows investors to earn interest on deposited crypto assets. Nexo asserted that because the Securities and Exchange Commission (SEC) had taken the position that other crypto lending products were securities, the CFPB was estopped from investigating Nexo under provisions of federal law that preempted the CFPB from regulating securities. The CFPB rejected Nexo’s arguments. Specifically, the CFPB’s order states that Nexo does not concede that the Earn Interest Product is, in fact, a security, or that Nexo was required to register the offering with the SEC. According to the CFPB, Nexo was trying to avoid answering any of its questions while at the same time preserving the argument that the product is not a security subject to SEC oversight. The attempt to have it both ways, the CFPB’s order states, doomed Nexo’s petition from the start. The CFPB also argued that the U.S. Supreme Court has stated that courts should not refuse to enforce an administrative subpoena when confronted by a fact-based claim regarding coverage or compliance with the law. CFTC Files First Enforcement Action for Scheme Involving Decentralized Digital Asset Platform Commodity Futures Trading Commission v. Eisenberg, No. 1:23-cv-00173 (S.D.N.Y.). On January 9, 2023, the Commodity Futures Trading Commission (CFTC) filed its first enforcement action for a fraudulent or manipulative scheme involving trading on a supposed decentralized digital asset platform. The CFTC brought an action in New York federal court charging Avraham Eisenberg with a fraudulent and manipulative scheme to obtain over $110 million in digital assets from Mango Markets, a purported decentralized digital asset exchange. The CFTC alleges Eisenberg created two anonymous accounts on Mango Markets to manipulate the price of perpetuals contracts (a type of futures contract popular in crypto markets) for Mango Markets’ native token MNGO. Eisenberg allegedly sold massive amounts of MNGO perpetuals contracts to himself, thus pumping the price of those contracts 1,300% in less than an hour. As a result of Eisenberg’smanipulative trading, the price of MNGO jumped over 13-fold during a 30-minute span, and Eisenberg cashed out his profits by using the artificially inflated value of his swaps as collateral to withdraw over $110 million in digital assets fromMango Markets. Following Eisenberg’s trading, the platform became insolvent. The U.S. Attorney’s Office in the Southern District of New York has filed a parallel criminal complaint charging Eisenberg with commodities fraud and commodities manipulation. FTC Settles with Payment Processor for Alleged Dodd–Frank Violations In the Matter of Mastercard Incorporated (FTC). As part of its continuing efforts to regulate the payment processing industry, on January 13, 2023, the Federal Trade Commission (FTC) announced it had finalized a settlement with one of the world’s largest payment processing companies regarding the processing of remote transactions on virtual wallets likeApple Pay andGoogle Pay. The settlement requires the payment processing company to end its practice of allegedly locking out competing networks from merchants for remote virtual wallet transactions, which it does using account number credential “tokens.” Under the Dodd–Frank Act, banks issuing debit cardsmust let merchants choose fromat least two different networks to process transactions. The purpose of the requirement is to drive down transaction fees paid by merchants and to promote competition. According to the FTC, the payment processing company allegedly required the use of “tokens” when cardholders load their cards from the payment processing company onto their digital wallets. Once they do so, the payment processing company allegedly prevented them from using their digital wallets to make purchases from merchants that were not on the network operated by the payment processing company. As a result, merchants were required to utilize the payment processing company’s network to receive payment from digital wallets connected to debit cards issued by the payment processing company. The proposed settlement would enjoin, for 10 years, the payment processing company from refusing to process transactions between merchants on its network and digital wallets not linked to debit cards it issues. The proposed settlement also requires the payment processing company to provide the FTC prior written notice if it seeks to offer a new payment processing product that would require merchants to route electronic transactions only through the network operated by the payment processing company. Finally, the proposed settlement requires the payment processing company to submit regular compliance reports to the FTC.

MAY 2023 | 5 CFPB Proposes Repeat Offenders Registry On December 12, 2022, the CFPB proposed a new rule that would require certain “nonbank covered person entities” to register with the CFPB when they become subject to certain local, state, or federal consumer financial protection agency or court orders. The CFPB has further proposed to publish the orders and company information via an online registry. Additionally, larger supervised nonbanks would be required to designate a senior executive to attest the firm’s compliance with the covered orders. “Nonbank covered person entities” includes anyone that offers consumer financial products or services unless otherwise exempt under the regulation. Some examples of entities that would be excluded from this rule are insured depository institutions, insured credit unions, states, and natural persons. Each covered nonbank would be required to provide information about “covered orders” 90 days after the effective date of any applicable covered order and would be required to update such information 90 days after any amendment or change. The CFPB proposes to define “covered orders” to be those that are both public and final, including both agency and court-issued orders, issued at least in part in any action or proceeding brought by any federal, state, or local agency. In the proposed rule, the CFPB reasoned that entities subject to proposed orders relating to the offering or provision of consumer financial products and services may pose ongoing risks to consumers in markets for those products and services. The CFPB posits that a central repository will allow it to track and mitigate the risk posed by repeat offenders, while also being able to monitor all lawbreakers subject to agency and court orders. CFPB Proposes Rule to Rein in Credit Card Late Fees On February 1, 2023, the CFPB proposed a rule that would decrease the late payment fee amounts that card issuers can charge consumers on credit cards and still qualify for a safe harbor under Regulation Z. Regulation Z currently allows card issuers to qualify for a safe harbor by charging a fee up to $30 for an initial late payment or up to $41 for a subsequent late payment that occurs during the same billing cycle or one of the next six billing cycles. The proposed amendment would (1) decrease the safe harbor fee amount to $8 regardless of whether the late payment is an initial or subsequent late payment; and (2) provide that late fee amounts must not exceed 25% of the required payment. In other words, a cardholder’s minimumpayment due would have to be $32 in order to charge the proposed $8 safe harbor late fee. The proposed rule would also remove a requirement that the CFPB adjust the safe harbor amount annually to reflect changes in the Consumer Price Index. Although the proposed rule does not change other penalty fees, like returned payment fees or overlimit fees, the CFPB is also seeking comments on whether the proposed amendments should apply to those fees as well. The CFPB’s director, Rohit Chopra, explained the rule would ensure credit card penalty fees are “reasonable and proportional” to a late payment and “reduce credit card late fees paid by Americans by $9 billion each year.”Notably, theWhite House has endorsed the proposed rule. FDIC Downgrades Bank’s Community Lending Rating over Strategic Partner’s Consumer Violations The Federal Deposit Insurance Corp. (FDIC) recently downgraded the community lending rating given to Transportation Alliance Bank (TAB), a Utah digital bank, due to an illegal credit practice of one of the bank’s strategic partners. TAB is a partner bank to multiple nonbank fintech firms.While the violationwas limited to the single strategic partner, the FDIC found the violation had impacted a large number of consumers over an extended period. According to the FDIC, this warranted issuing a“needs to improve”grade on TAB’s most recent Community Reinvestment Act exam. The FDIC’s action highlights the complexities of the bank partnership model, which is the backbone for much of fintech industry. IRS Delays Implementation of $600 Reporting Threshold The IRS is delaying its requirement for e-commerce platforms to send 1099-K tax forms to customers who have transactions totaling more than $600 in business transactions for one more year. The requirement—included in the 2021 American Rescue Plan Act—required third-party settlement organizations to report third-party network transactions paid in 2022 with any participating payee that exceed $600 in aggregate payments, regardless of the number of transactions. Taxpayers will no longer be required to report tax year 2022 transactions under this lower $600 threshold. Lawmakers on both sides of the aisle had recently expressed concerns about the timeline of implementation of these changes. IRS commissioner Doug O’Donnell explained, “The additional timewill help reduce confusionduring the upcoming2023 tax filing season andprovidemore time for taxpayers to prepare and understand the new reporting requirements.” The existing 1099-K reporting threshold of $20,000 in payments fromover 200 transactions will remain in effect. OCC Goes After Small Banks with Fintech Partners The Office of the Comptroller of the Currency (OCC) has announced significant changes to its civil money penalty (CMP) Policies and Procedures Manual and Matrix, which could result in big fines for small banks. Specifically, the revised manual increases the OCC’s discretion in determining how to impose penalties and includes a note that looks very much like a shot across the bow of small banks with fintech partnerships. The OCC’s CMP matrix considers the size of a regulated financial institution. So, typically, smaller institutions face smaller CMPs. But the revisions to the CMP matrix includes a note, which states: “there may be cases when the relevant conduct [of a small institution] reflects transaction volume on par with that of a much larger institution,” and that “[i]n such cases, it may be appropriate to consider the table’s suggested CMP amount for an institution in a higher total asset category.”

MAY 2023 | 7 While smaller banks traditionally wouldn’t have a transaction volume comparable to larger banks, they can achieve a much higher transaction volume through partnerships that provide loans or other services to consumers, effectively broadening the small bank’s reach. Treasury Issues Report on Regulation of Nonbank Fintechs in Consumer Financial Markets U.S. Department of the Treasury Report to the White House Competition Council: Assessing the Impact of New Entrant Non-bank Firms on Competition in Consumer Finance Markets (Nov. 2022). As fintechs increasingly play a larger role in the consumer finance market, and increasingly either displace or partner with traditional banking firms to do so, they have garnered significant regulatory scrutiny. The latest agency to weigh in is the U.S. Treasury Department, which on November 17, 2022 released a report recommending that federal banking regulators implement a “clear and consistently applied” framework for the oversight of relationships between banks and fintech firms. The report largely focuses on the positive effects that fintech firms are having on competition in financial services markets, including diversification, complexity, and competitive pressure on traditional banks. The report also notes that fintech firms may be improving financial services for consumers by expanding access to credit via alternative underwriting approaches, allowing greater access to payment solutions, and decreasing transaction costs through the use of digital banks. However, the report also highlights the risks that fintechs pose to consumers and the financial system, in particular by supposedly engaging in what Treasury calls “regulatory arbitrage.” According to the report, fintech firms sometimes act by “re-bundling core banking services outside the bank regulatory perimeter,” intermingling commerce and banking by skirting regulatory hurdles placed on traditional banks. Such actions pose reliability and fraud risks to consumers, and the use of machine learning and data collection by fintechs can pose data privacy concerns and lead to discrimination. To address these concerns, Treasury’s report recommends several steps from existing regulators under existing statutory and regulatory frameworks. First, Treasury recommends heightened scrutiny fromantitrust regulators when reviewingmergers of banks and fintechs, or purchases of fintechs by banks, including heightened scrutiny by the FDIC under its review of bank merger transactions. Second, Treasury recommends that the CFPB and federal banking regulators, notably the FDIC, should continue to promote responsible consumer credit underwriting designed to reduce bias and increase access to consumers, particularly so-called “credit invisibles.” In particular, Treasury recommends that the FDIC review and approve underwriting products that increase credit visibility. Third, Treasury would like draft guidance on the risk of third-party relationships finalized so that federal banking regulators have a clear and consistent supervisory approach to bankfintech relationships. Fourth, Treasury recommends consistent application of supervisory practices to small-dollar lending when done by a bank and fintech acting together. Part of this consistent application of existing regulatory requirements would require the FDIC to treat fintechs like banks when they offer consumer credit. Finally, Treasury recommends that the CFPB and other supervisory agencies should act together to offer a unified approach to regulations involving consumer data. Taken together, these recommendations show that Treasury is increasingly interested in not only allowing fintechs to act like banks, but in regulating fintechs like banks when they partner with banks to offer consumer credit, including potentially subjecting fintechs to disclosure, reserve, compliance, and documentation requirements enforced by the FDIC. NEW LAWSUITS Antitrust Lawsuit Filed Against Two Credit Card Companies Rum Point Recovery LLC, et al. v. Visa Inc., et al., No. 1:23-cv-00232 (E.D.N.Y.). On January 12, 2023, Rum Point Recovery LLC and Northside Recovery LLC filed an antitrust lawsuit against Visa and Mastercard, seeking injunctive relief and damages for alleged monopolization by conspiring to avoid competing for merchants’ acceptance of their cards. The complaint alleges that before their corporate restructurings in 2008 and 2006, respectively, Visa and Mastercard were each organized as a membership corporation, the owners and members of which were virtually all the competing banks that issued general purpose payment cards to consumers or that signed merchants to accept such cards. The plaintiffs allege that each membership corporation was governed by bank executives selected from Visa’s and Mastercard’s owner/member banks. The plaintiffs assert that these banks sat together onVisa’s andMastercard’sboardsof directors andagreedupon the rules that would restrain competition among them. The plaintiffs allege that this includes the “honor all issuers”rule, which requires that merchants that accept any one bank’s general purpose credit or debit cards issued over a network accept all other banks’ cards that carry the brand of that network. Competing banks that issued Visa and Mastercard general purpose payment cards, the plaintiffs claim, have agreed not to compete with one another for merchant acceptance of those cards. The plaintiffs assert that those competing banks have also agreed to fix the interchange fees that merchants paid the banks for acceptance of those cards. The plaintiffs claim that the honor all issuers and default interchange fee rules have allowed Visa and Mastercard to achieve substantial market power in the general purpose payment card markets. Finally, the plaintiffs complain that the agreements not to compete ensured that Visa and Mastercard issuers enjoyed, and continue to enjoy, supracompetitive profits that have kept the banks faithful to Visa and Mastercard.

MAY 2023 | 9 Food Delivery Service Sues for Failure to Pay Sign-On Bonus Delivery Hero SE v. Mastercard Asia/Pacific Pte. Ltd., No. CL-2022-000657, High Court of Justice of England andWales, Commercial Court. A German food delivery service claims that a Mastercard subsidiary failed to make good on its obligations under the parties’ payment processing services agreement. In an action initiated in the Commercial Court Division of the High Court of Justice of England andWales, Delivery Hero alleges that it entered into an agreement with Mastercard to obtain payment processing services in various countries, including Japan, Taiwan, and Hong Kong, that would allow more than 20 million customers to pay for food deliveries via contactless payment or through a digital wallet, and that Mastercard agreed to pay Delivery Hero a significant signon bonus following execution of their agreement. Things quickly went south, however, and Delivery Hero alleges that Mastercard failed to pay the promised sign-on bonus and, later, that Mastercard wrongfully terminated the parties’ agreement altogether after Delivery Hero opted to use different payment processing services in certain countries. In its action, Delivery Hero seeks $40 million in damages, restitution of $100,000 it spent on a Mastercard-specific marketing campaign, and a ruling invalidating Mastercard’s prior termination of the contract. Bank and Digital Payments Provider Hit with New Consumer Class Actions over Purported Service Malfunction Lezcano v. Early Warning Services LLC, et al., No. 2:23-cv-00115 (D. Ariz.). Willner v. Bank of America Corp., et al., No. 2:23-cv-01430 (C.D. Cal.). In January, Bank of America and its digital payments provider were named as defendants in two new consumer class actions over purported service malfunctions with its peer-to-peer, quick-pay money transfer service. In Lezcano, the named plaintiff alleges that Bank of America’s quick-pay service experienced a widespread outage on January 18, 2023 that purportedly caused the reversal of previous quick-pay deposits into their Bank of America accounts. As an alleged result, affected users purportedly noticed temporarily missing funds and, on some occasions, negative bank account balances. In the complaint, the plaintiff seeks to represent a class consisting of “millions”of quick-pay service users, which includes “[a]ll … customers residing in the United States whose funds were affected by the Service Malfunction occurring January 18, 2023.” The plaintiff asserts claims for negligence, unjust enrichment, breach of contract, conversion, and breach of fiduciary duty, and prays for compensatory and punitive damages, injunctive relief, attorneys’ fees, and interest. Notably, the plaintiff also acknowledged that all affected users agreed to a use service agreement that requires certain disputes to be submitted to individual arbitration, but alleges that the arbitration agreement and class action waiver are void because they are “substantively and procedurally unconscionable and/or [are] against public policy.” Willner, a consumer class action filed in California, likewise alleges service failures of quick-pay service functionality. In this case, the named plaintiff alleges that, as a result of an unspecified malfunction with the “internal system,” users’ accounts were subject to unauthorized withdrawals ranging from $5 to thousands of dollars each. The plaintiff sought to represent a California-only class consisting of all residents “who had unauthorized . . . withdrawals from their Bank of America account at any time from four years prior to the filing of this Complaint” and alleged claims under California’s Consumers Legal Remedies Act, Unfair Competition Law, and False Advertising Law. Shortly before the deadline for the defendants to file their response to the class action complaint, the plaintiff voluntarily dismissed her claims, but did so without prejudice to refiling them in the future. FTX Files for Chapter 11 Protection FTX Trading Ltd., No. 1:22-bk-11068 (Bankr. D. Del.). OnNovember 11 andNovember 14, 2022, FTXTrading Ltd., alongwith 101 affiliated entities, filed for Chapter 11 bankruptcy in federal bankruptcy court in Delaware. Before its bankruptcy filing, FTX was one of the largest and most popular cryptocurrency exchanges in the world. It was also seen as one of the safer, better-regulated places to hold and trade cryptocurrency assets. FTX was founded as a broker and exchange for cryptocurrency assets by Sam Bankman-Fried and others in May 2019. Before founding FTX, Bankman-Fried founded and ran Alameda Research, a hedge fund that traded cryptocurrencies and other digital assets. Bankman-Fried was the majority owner of both FTX and Alameda. FTX quickly became one of the largest cryptocurrency exchanges in the world and held $16 billion in customer deposits, including cash and digital assets. FTX pitched itself as the safe, regulated cryptocurrency exchange. It also used its balance sheet to bail out other failing cryptocurrency exchanges, including Voyager Digital and BlockFi. As bitcoinplummeted inprice over the course of 2022, alongwith the value of almost every other digital asset, Alamedabegan losingmoneyon some its trades. FTX lent about half of its customers’ deposits, around $10 billion, to Alameda. As collateral, Alameda pledged FTX $10 billion in FTT, a digital token operated by FTX. When the value of FTT began to fall, Alameda could not pay back FTX, and the exchange became insolvent. Effectively, FTX appears to have loaned $10 billion in customer money to its own hedge fund, which promptly lost most or all of that $10 billion. Bankman-Fried was removed from the company and was replaced by John Ray III, the former chairman of the Enron Creditors Recovery Corporation. Ray immediately placed the company into the protection of the U.S. bankruptcy court and stated that he has never “seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information.”Three of FTX’s top four executives have pleaded guilty to various federal crimes in connection with FTX’s collapse and have all agreed to testify against the fourth, Bankman-Fried. The company, assisted by its bankruptcy counsel, has since completed a 90-day internal assessment of the exchanges’ financial status. During a hearing in the bankruptcy case held on April 12, 2023, counsel for FTX stated that the company had identified and recovered $7.3 billion in assets for creditors and was working toward filing a plan of reorganization under Chapter 11. The company plans to file the plan with the bankruptcy court in July, with a

MAY 2023 | 11 targeted confirmation date in early 2024. The company also plans to file a disclosure statement, detailing its creditors and amounts owed, in the fourth quarter of 2023. It can then work to begin raising capital to restart the exchange. FTX is neither the first cryptocurrency exchange to file for bankruptcy nor the last, but it is likely the largest. So far, the company has identified billions in customer funds that it cannot account for. Whether any of these funds can be recovered will depend significantly on how the bankruptcy court treats cryptocurrencies and other digital assets, which so far have been difficult for U.S. courts to decipher. Bankrupt Digital Asset Exchange Seeks to Return Customer Funds Celsius Network LLC, et al., No. 1:22-bk-10964 (Bankr. S.D.N.Y.). On February 28, 2023, the bankrupt cryptocurrency and digital asset exchange Celsius sought approval in its Chapter 11 bankruptcy proceeding for a settlement with account holders to return approximately 72 cents on the dollar. The proposed settlement would end a multitude of lawsuits filed by individual and institutional creditors for cash and digital assets deposited by customers onto Celsius’s exchange. The proposed settlement follows a plan of reorganization that would create a new entity, owned by customers of Celsius, that would allow Celsius to begin returning assets to customers as early as June 2023. According to court filings from Celsius, customers would likely receive between 70% and 85% of the assets they had deposited with Celsius when it declared bankruptcy. Customers that choose to leave their assets with Celsius past June 2023 will receive a larger percentage of their original deposits, up to 85% if their assets remain with Celsius for five years. The proposed settlement has not yet been approved. The proposed settlement follows a significant ruling by the Southern District of New York bankruptcy court, which held in January that deposits are the property of the exchange, not the property of customers. The ruling, the first of its kind in a cryptocurrency bankruptcy, effectively turned depositors into unsecured creditors and put them last in line for funds from the bankruptcy estate. While the ruling had an immediate effect in the Celsius case, it cast a significant shadow over themuch larger FTX bankruptcy in Delaware, where a different judge may soon be (but has not yet been) asked to make a similar ruling. Far from being settled, bankruptcy courts are still wrestling with tricky issues of ownership and security interests of digital assets stored in cryptocurrency exchanges. NOTEWORTHY DECISIONS Court Dismisses Class Action Against National Credit Union Wilkins v. Navy Federal Credit Union, No. 2:22-cv-02916 (D.N.J.). On January 18, 2023, a New Jersey federal judge granted Navy Federal Credit Union’s motion to dismiss a proposed class action accusing it of consumer fraud and breach of contract for failing to reimburse fraud losses on a digital payments network. In the complaint, the plaintiff alleged that she received an automated voicemail from someone purporting to be an agent of her utility company but was actually left by a fraudster. The fraudster convinced the plaintiff to transfer almost $3,000 to an account provided in the voicemail under the guise of avoiding her power being shut off. The following day, the plaintiff learned from her utility company’s customer service that she had been defrauded, and she immediately reported the fraud to her bank, Navy Federal. When Navy Federal did not reimburse the plaintiff, she filed the proposed class action, asserting violations of the New Jersey Consumer Fraud Act (NJCFA) and a breach of contract claim. Specifically, the plaintiff asserted that Navy Federal falsely marketed the digital payments network as a fast and safe way for consumers to send money and that Navy Federal omitted from its marketing “huge, undisclosed security risks.”The plaintiff also argued that, by failing to provide reimbursement for such transactions, Navy federal breached its contractual obligations. In tossing the proposed class action, the court found that the complaint failed to allege facts showing that Navy Federal had an “obligation” to investigate the reported fraudulent transactions or reimburse account holders. According to the order, an unlawful practice under theNJCFA involves an act in connectionwith the sale or advertisement of merchandise. However, the court highlighted that the plaintiff’s complaint clearly stated that signing up for and using the digital payments network is free; therefore, there is no sale or advertisement of merchandise, making the claimout of reach of the NJCFA. The court also held that the plaintiff had not met the heightened, stringent, and specific pleading requirements for asserting a fraud claim under the NJCFA. Finally, the court dismissed the plaintiff’s contractual claims because she failed to adequately plead an obligation owed to customers by Navy Federal and a subsequent breach of that obligation.

MAY 2023 | 13 Competing Payment Processors Settle Dispute over Merchant Account Migration Restrictions Qualpay Inc. vs. Tiger Payment Solutions LLC, No. 2283CV00700 (Plymouth Cty. Sup. Ct.). Late last year, payment processor Qualpay Inc. filed a tortious interference suit against fellow payment processor Tiger Payment Solutions LLC in Massachusetts superior court. In the complaint, Qualpay alleged that Tiger was tortiously interfering with Qualpay’s business relationships with various merchants by placing onerous and unreasonable restrictions on merchants’ ability to transfer their processing accounts from Tiger to Qualpay. Specifically, Qualpay alleged that Tiger refused to transfer merchants’ data to Qualpay until the merchants entered into a “Data Transfer Release and Indemnification Agreement” that, among other things, required the merchants to maintain Tiger as an additional insured on their insurance policies for 10 years and to indemnify Tiger indefinitely after the transfer. As a result, Qualpay alleged, merchants opted to retain Tiger as their payment processor rather than assume the burdens associated with completing the transfer of their accounts to Qualpay, causing Qualpay to lose significant revenue. Qualpay asserted claims against Tiger for tortious interference and violation of Massachusetts’s unfair and anticompetitive business acts and practices statute. In January 2023, before Tiger responded to Qualpay’s complaint, the parties informed the court that the case had been resolved via settlement on confidential terms. Lawsuit Challenges the CFPB’s Prepaid Rule Paypal Inc. v. Consumer Financial Protection Bureau, No. 21-5057 (D.C. Cir.). On February 3, 2023, the D.C. Circuit Court of Appeals reversed a decision that had ruled in favor of PayPal and vacated part of the CFPB’s Prepaid Rule. The Prepaid Rule regulates digital wallets and other prepaid accounts by requiring financial institutions to make certain disclosures before a consumer acquires an account and begins transacting. PayPal sued the CFPB, alleging the Prepaid Rule exceeded the CFPB’s statutory authority because the agency effectively mandated the adoption of a model clause in contravention of the Electronic Fund Transfer Act, which only authorizes “optional” clauses. The district court agreed with PayPal and vacated part of the Prepaid Rule only on PayPal’s statutory claims, holding the rule’s short-form disclosure requirements violated the Electronic Fund Transfer Act. The D.C. Circuit reversed the district court’s decision. The circuit court found the Prepaid Rule did not mandate a model clause because financial providers are not required to use specific copiable language to describe certain enumerated fees. Rather, providers can choose to use the CFPB’s model clauses or they can choose other language that is “substantially similar.” Although the appellate court reversed, it remanded the case to the district court, which may still consider PayPal’s other challenges to the Prepaid Rule, including procedural and constitutional claims that remain to be addressed. Class Action Brought Based on Bored Ape Yacht Club NFT Conspiracy Real, et al. v. Yuga Labs Inc., et al., No. 2:22-cv-08909 (C.D. Cal.). Non-fungible tokens (NFTs) are uniquely identifiable digital assets. Like cryptocurrency, they can be bought and sold, and their ownership is recorded through blockchain. But unlike cryptocurrency, they are unique and, hence, non-fungible. NFTs can take myriad forms such as digital artwork or collectibles. On December 8, 2022, the plaintiffs filed a putative class action based on conspiracy claims involving the Bored Ape Yacht Club NFT collection. The plaintiffs allege that Yuga Labs conspired with a highly connected Hollywood talent agent and a host of celebrities (including Justin Bieber, Paris Hilton, Jimmy Fallon, Gwyneth Paltrow, Serena Williams, Post Malone, Kevin Hart, and Steph Curry, to name a few) to promote and sell a suite of digital assets—Bored Ape Yacht Club NFTs—at inflated prices that would later crash. Yuga, the talent agent, these celebrities, and more have all been sued. The plaintiffs essentially allege a pump-and-dump scheme, albeit using NFTs as opposed to stocks. The complaint defines the putative class as “All persons who, during the Class Period, purchased the Yuga securities and were subsequently damaged thereby.” The claims against the defendants include violation of the California Unfair Competition Law, violation of the California Consumers Legal Remedies Act, aiding and abetting, civil conspiracy, violations of Section 10(b) of the Exchange Act and Rule 10b-5, violation of Section 20(a) of the Exchange Act, unregistered offering and sale of securities in violation of Sections 5 and 12(a)(1) of the Securities Act, and unjust enrichment/restitution. Two firms have submitted competing bids to lead the putative class action. And the court has ordered that the defendants’ responsive pleadings are not due until after the appointment of one or more lead plaintiffs and filing by the lead plaintiffs of an amended complaint, or designation of an operative complaint. Crypto Exchange Seeks to Derail Class Action with Mandatory Arbitration Kattula v. Coinbase Global Inc., et al., No. 1:22-cv-03250 (N.D. Ga.). In August 2022, cryptocurrency exchange Coinbase was sued in a putative class action on behalf of Coinbase account holders and Coinbase “Wallet” users who allegedly lost or were deprived of access to their account holdings. Specifically, the plaintiffs alleged that Coinbase failed to establish and maintain adequate cybersecurity measures to prevent fraudulent account access or detect and remediate fraudulent activity. And the plaintiffs alleged that Coinbase unreasonably locked out consumers from accessing their accounts and funds for extended periods or indefinitely, which caused them to incur losses because of the volatility of the cryptocurrency markets.

MAY 2023 | 15 In January 2023, Coinbase moved to compel individual arbitration. According to Coinbase, each plaintiff affirmatively agreed to a Coinbase user agreement containing a broad, mandatory arbitration agreement, which requires individual arbitration for disputes arising out of or related to the Coinbase user agreements and Coinbase’s services. In its motion, Coinbase also highlights that the Coinbase user agreement contains a class action waiver that requires any disputes to be settled individually and not on a class, representative, or collective basis. Coinbase’s motion would require individual arbitrations and resolutions of the named plaintiffs’ claims rather than a classwide resolution, greatly limiting Coinbase’s potential liability. Briefing concluded in April 2023, and the parties await the court’s decision. David E. Meadows Partner +1 404 881 7963 Kelley Connolly Barnaby Partner +1 202 239 3687 Kaylan Meaza Senior Associate +1 404 881 7412 Sam Bragg Senior Associate +1 214 922 3437 Ryan Martin-Patterson Senior Associate +1 202 239 3038 Contributing Authors Alexandra S. Peurach Partner +1 404 881 7974 Christopher Riley Partner +1 404 881 4790 Christopher Kelleher Associate +1 404 881 7435 Blake M. Simon Senior Associate +1 404 881 7760 Learn more about our Payments Litigation team

Atlanta | Beijing | Brussels | Charlotte | Dallas | Fort Worth | London | Los Angeles | NewYork | Raleigh | San Francisco | Silicon Valley | Washington, D.C.