Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California Legislature passes several amendments to the California Consumer Privacy Act and other privacy-related bills
Lawmakers in California last week amended the landmark California Consumer Privacy Act (CCPA or the Act), which confers significant new privacy rights to California consumers concerning the collection, use, disclosure, and sale of their personal information by covered businesses, service providers, and third parties. While the amendments, which California Governor Gavin Newsom must sign by October 13, leave the majority of the consumer’s rights intact, certain provisions were clarified — including the definition of “personal information” — while other exemptions were added or clarified regarding the collection of certain data that have a bearing on financial services companies.
This Special Alert provides an overview and status update of CCPA-related and other privacy bills that were recently considered by the California legislature.
* * *
Click here to read the full special alert.
If you have any questions about the CCPA or other related issues, please visit our Privacy, Cyber Risk & Data Security practice page, or contact a Buckley attorney with whom you have worked in the past.
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $4,000,000 settlement with a London-based commercial bank for 72 alleged violations of the Sudanese Sanctions Regulations (SSR). The settlement resolves allegations that between September 2010 and August 2014, the bank processed 72 bulk funding payments totaling $190,700,000 related to Sudan, which involved transactions processed to or through U.S. financial institutions in apparent violation of the SSR, which prohibits U.S. persons, including U.S. financial institutions, from processing such transactions. OFAC notes that it lowered the penalty to $4,000,000 from the proposed $228,840,000, in light of the bank’s operating capacity and the fact that it represented that it ceased the conduct at issue.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the bank in the five years preceding the earliest date of the transactions at issue; (ii) the bank fully cooperated with the investigation into the alleged violations, including by entering into a statute of limitations tolling agreement and agreeing to extend the agreement; (iii) the bank provided significant investigative leads regarding a foreign financial institution that hosted an account involved in processing the transactions; and (iv) the bank undertook several remedial measures in response to the alleged violations, such as exiting the Sudanese market in 2014, hiring new senior management, and implementing improvements to its compliance program.
OFAC also considered various aggravating factors, including that (i) the bank exhibited “reckless disregard for U.S. sanctions regulations when it entered the Sudanese market; (ii) the bank ignored warning signs that it may have been violating U.S. law; and (iii) several of the bank’s senior managers were aware of and involved in the conduct giving rise to the alleged violations.
On September 17, NYDFS announced that Winston Berkman-Breen has been appointed as the agency’s first-ever Student Advocate and Director of Consumer Advocacy. Prior to joining NYDFS, Berkman-Breen was a Justice Catalyst Fellow and Staff Attorney with the Consumer Protection Unit at the New York Legal Assistance Group, where he represented low-income New York consumer borrowers in state and federal court against lenders and debt collectors. In his new role with NYDFS, Berkman-Breen “will advocate on behalf of students and serve as a liaison between DFS and New York consumers with concerns,” including reviewing and analyzing complaint data from student borrowers to recommend appropriate action by the regulator.
On September 17, the DOJ and the CFPB filed a brief with the U.S. Supreme Court arguing that the for-cause restriction on the president’s authority to remove the Bureau’s single Director violates the Constitution’s separation of powers. The brief was filed in response to a petition for a writ of certiorari by a law firm, contesting the May decision by the U.S. Court of Appeals for the Ninth Circuit, which held that (i) the Bureau’s single-director structure is constitutional, and that (ii) the district court did not err when it granted the Bureau’s petition to enforce a law firm’s compliance with a 2017 civil investigative demand (CID) (previously covered by InfoBytes here). The brief cites to a DOJ filing in opposition to a 2018 cert petition, which also concluded that the Bureau’s structure is unconstitutional by infringing on the president’s responsibility to ensure that federal laws are faithfully executed, but urged the Court to deny that writ as the case was a “poor vehicle” for the constitutionality consideration (previously covered by InfoBytes here).
In contrast to the December brief, the DOJ now asserts that the present case is a “suitable vehicle for resolving the important question,” noting that only the constitutional question was presented to the Court and the 9th Circuit has stayed its CID mandate until final disposition of the case with the Court. Moreover, the government argues that until the Court resolves the constitutionality question of the Bureau’s structure, “those subject to the agency’s regulation or enforcement can (and often will) raise the issue as a defense to the Bureau’s efforts to implement and enforce federal consumer financial law.” While the Bureau previously defended the single-director structure to the 9th Circuit, the brief notes that since the May decision was issued, “the Director has reconsidered that position and now agrees that the removal restriction is unconstitutional.”
On the same day, Director Kraninger sent letters (here and here) to House Speaker Nancy Pelosi (D-Calif.) and Senate Majority Leader Mitch McConnell (R-Ky.) supporting the argument that the for-cause restriction on the president’s authority to remove the Bureau’s single Director, violates the Constitution’s separation of powers. Kraninger notes that while she is urging the Court to grant the pending petition for certiorari to resolve the constitutionality question, her position on the matter “does not affect [her] commitment to fulfilling the Bureau’s statutory responsibilities” and that should the Court find the structure unconstitutional, “the [Consumer Financial Protection Act] should remain ‘fully operative,’ and the Bureau would ‘continue to function as before,’ just with a Director who “may be removed at will by the [President.]’”
On September 18, the CFPB published a notice in the Federal Register seeking comments on the use of Tech Sprints—forums which gather “regulators, technologists, financial institutions, and subject matter experts from key stakeholders for several days to work together to develop innovative solutions to clearly-identified challenges”—as a means to encourage regulatory innovation and collaborate with stakeholders on forming solutions to regulatory compliance challenges. The Bureau notes that Tech Sprints have been successfully used by the U.K.’s Financial Conduct Authority, which has organized seven Tech Sprints since 2016, resulting in a pilot project on digital regulatory reporting. The Bureau is interested in using Tech Sprints to, among other things: (i) leverage cloud solutions and other developments that may reduce or modify the need for regulated entities to transfer data to the Bureau; (ii) continue to innovate the HMDA data submission process; (iii) identify new technologies and approaches that can be used by the Bureau to provide more cost-effective oversight of supervised entities; and (iv) reduce other unwarranted regulatory compliance burdens. Comments must be received by November 8.
On September 24, the Washington State Department of Financial Institutions (DFI) will hold a rulemaking hearing to discuss amendments concerning mortgage loan originators (MLOs) as well as provisions related to student loan servicers. The proposed amendments will amend rules impacting Washington’s Consumer Loan Act and the Mortgage Broker Practices Act, including those related to the regulation of student loan servicers under a final rule that went into effect January 1. (See previous InfoBytes coverage on DFI’s adoption of amendments concerning student loan servicers here.) According to DFI, the proposed amendments are currently scheduled to take effect November 24.
Among other proposed changes impacting MLOs are additional disclosure requirements concerning interest rate locks. Under the proposed amendments, MLOs will be required to provide a new interest rate lock agreement to a borrower within three business days of a locked interest rate change. Valid reasons for a change in a locked interest rate include changes in loan value, credit score, or other factors that may directly affect pricing. The amendments will also permit MLOs to include a prepayment penalty or fee on an adjustable rate residential mortgage loan provided “the penalty or fee expires at least sixty days prior to the initial reset period.” Among other provisions, the amendments also stipulate that a loan processor may work on files from an unlicensed location provided the processor accesses the files directly from the licensed mortgage broker’s main computer system, does not conduct any of the activities of a licensed MLO, and the licensed MLO has in place safeguards to protect borrower information.
The proposed amendments also contain several changes applicable to student loan servicers regulated under the Consumer Loan Act, including that: (i) licensees servicing student loans for borrowers in the state “may apply to the director to waive or adjust the annual assessment amount”; (ii) licensees are required to disclose to all service members their rights under state and federal service member laws and regulations connected to their student loans; and (iii) student loan servicers must review all student loan borrowers against the Department of Defense’s database to ensure borrower entitlements are applied appropriately, and maintain written policies and procedures for this practice. The proposed amendments also state that compliance with federal law is sufficient for complying with several Washington requirements applicable to student loan servicers, including borrower payment provisions.
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13850 against three individuals and 16 entities connected to two previously sanctioned Colombian nationals (covered by InfoBytes here) for enabling the Maduro regime “to corruptly profit from imports of food aid and distribution in Venezuela.” According to OFAC, the designated individuals are immediate family members with business connections to the sanctioned Colombian nationals “who are responsible for or complicit in, or have directly or indirectly engaged in, any deceptive or corrupt transaction or series of transactions with the Government of Venezuela or projects or programs administered by the Government of Venezuela.” The 16 designated entities, OFAC noted, are either owned or controlled by the designated individuals or one of the sanctioned Colombian nationals. As a result of the sanctions, “all property and interests in property of the individuals and entities designated today, and of any entities that are owned, directly or indirectly, 50 percent or more by those individuals or entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated entities and individuals. OFAC also referred financial institutions to Financial Crimes Enforcement Network advisories FIN-2019-A002, FIN-2017-A006, FIN-2017-A003, and FIN-2018-A003 for further information concerning the efforts of Venezuelan government agencies and individuals to use the U.S. financial system and real estate market to launder corrupt proceeds, as well as human rights abuses connected to corrupt foreign political figures and their financial facilitators.
On September 5, the CFPB filed an amicus brief in a case on appeal to the U.S. Court of Appeals for the Seventh Circuit concerning a debt collector’s use of language or symbols other than the collector’s address on an envelope sent to a consumer. Under section 1692f(8) of the FDCPA, debt collectors are barred from using any language or symbol other than the collector’s address on any envelope sent to the consumer, “except that a debt collector may use his business name if such name does not indicate that he is in the debt collection business.” In the case at issue, a consumer received a debt collection letter enclosed in an envelope stamped with the words “TIME SENSITIVE DOCUMENT” in bold font. The consumer filed a complaint against the defendant asserting various claims under the FDCPA, including that inclusion of “TIME SENSITIVE DOCUMENT” on the envelope was a violation of section 1692f(8). The defendant argued that an exception should be carved out for “benign” language in this instance, and the district court agreed, ruling that the language “‘does not create any privacy concerns for [the consumer] or expose potentially embarrassing information by giving away the fact that the letter is from a debt collector.’”
On appeal, the 7th Circuit invited the Bureau to file an amicus brief on whether there is a benign language exception to section 1692f(8)’s prohibition, and, if so, whether the phrase “TIME SENSITIVE DOCUMENT” falls within that exception. The Bureau asserted that there is no benign language exception, and stressed that while section 1692f(8) recognizes that debt collectors may be permitted to include language and symbols on an envelope that facilitate the mailing of an envelope, section 1692f(8), by its own terms, does not allow for benign language. Additionally, the Bureau commented that section 1692f’s prefatory text does not “provide a basis for reading a ‘benign language’ exception into section 1692f(8),” nor does the prefatory text suggest that the prohibition applies only in instances where it may be “‘unfair or unconscionable’” in a general sense. Moreover, if Congress wanted to allow for markings on envelopes provided they did not reveal the debt-collection purpose, then it would have done so, the Bureau argued, concluding that if the court did adopt a benign language exception, then whether “TIME SENSITIVE DOCUMENT” would fall within that exception would be a question of fact.
On September 16, the OCC issued Bulletin 2019-43, “Appraisals: Appraisal Management Company Registration Requirements,” which reminds covered institutions of the new registration requirement for appraisal management companies (AMC) that became effective on August 10. Specifically, under 12 CFR 34, subpart H, AMCs are now required to register with the state or states in which they do business; however, an AMC that is owned and controlled by an insured depository institution and regulated by the OCC, Federal Reserve Board, or FDIC is not subject to the registration requirement. The Bulletin reminds covered institutions that they should conduct sufficient due diligence to confirm that third-party AMCs are registered as required, including (i) checking the Appraisal Subcommittee of the Federal Financial Institutions Examination Council’s (ASC) national AMC registry; (ii) checking the relevant state’s AMC registry if the AMC is not listed on the national registry; and (iii) if no electronic registry check is available, requesting evidence of registration directly from the AMC. Moreover, if a covered institution determines that a federally related transaction is in a state that is not registering AMCs, an institution may instead use an individual appraiser, a staff appraiser employed by the institution, a smaller AMC not subject to the regulation, or a federally regulated AMC.
On September 16, the CFTC announced the approval of final revisions to the Volker Rule (the Rule) to simplify and tailor compliance with Section 13 of the Bank Holding Company Act’s restrictions on a bank’s ability to engage in proprietary trading and own certain funds. As previously covered by InfoBytes, the final revisions were approved by the OCC and FDIC at the end of August, and the Federal Reserve Board and the SEC are expected to adopt the changes in the near future. The CFTC’s vote to approve the final revisions was 3-2, with Commissioner Tarbert stating that the final revisions would provide banking entities and their affiliates with “greater clarity and certainty about what activities are permitted under” the Rule as well as reduce compliance burdens.
In voting against the approval, Commissioner Behnam issued a dissenting statement expressing, among other things, concerns about “narrowing the scope of financial instruments subject to the  Rule,” which would limit the Rule’s scope “so significantly that it no longer will provide meaningful constraints on speculative proprietary trading by banks.” Commissioner Berkovitz also dissented, arguing that the revisions “will render enforcement of the [R]ule difficult if not impossible by leaving implementation of significant requirements to the discretion of the banking entities, creating presumptions of compliance that would be nearly impossible to overcome, and eliminating numerous reporting requirements.” Commissioner Berkovitz also criticized the rulemaking process that led to the final revisions, arguing that a number of the changes were not adequately discussed in the notice of proposed rulemaking process, including amendments to the “accounting prong” and the rebuttable presumption of proprietary trading.
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Consenting views: Achieving positive outcomes from consent order recovery" at the ACAMS AML & Financial Crime Conference
- APPROVED Webcast: Preparing for 2020 license renewals
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Daniel P. Stipano to discuss "AML developments: The latest trends, challenges and opportunities" at the American Conference Institute Financial Crime Executive Roundtable
- Marshall T. Bell and Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Amanda R. Lawrence and Michael A. Rome to discuss "California Consumer Privacy Act compliance" at the Capital Area Compliance Roundtable
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Daniel P. Stipano to discuss "Customer identification program/customer due diligence/enhanced due diligence" at a National Association of Federal Credit Unions webinar
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Kathryn L. Ryan and Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference