Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 11, a coalition of 22 Democratic state Attorneys General responded to the CFPB’s proposed policy on No-Action Letters (NAL) and a new federal product sandbox, pushing back on the Bureau’s efforts to provide relief to financial institutions looking to implement new consumer financial products or services. (InfoBytes coverage on the proposal available here.) The Attorneys General argued that the Bureau “has no authority to issue such sweeping immunity absent formal rulemaking” and urged the Bureau to rescind the proposals, which the Bureau had stated were exempt from the notice and comment procedures of the Administrative Procedures Act.
In addition to challenging the Bureau’s authority to establish these policies, the Attorneys General asserted specific concerns with the NAL proposal, including (i) the fact that the proposed NAL policy would make NALs binding on the CFPB indefinitely; (ii) the streamlined application process and 60-day decision window, potentially causing the Bureau to render hasty, uninformed decisions; and (iii) the proposed NAL policy’s purported deviations from the policies of other federal agencies, such as the SEC.
As for the new product sandbox, the Attorneys General viewed the proposed policy as “even more troubling” than the NAL proposal, as it provides immunity from “enforcement actions by any Federal or State authorities, as well as from lawsuits brought by private parties.” The Attorneys General rejected the Bureau’s contention that the statutory safe harbors in TILA, ECOA, and the EFTA grant the authority to provide the broad enforcement relief and accused the Bureau of “abandoning its critical role in monitoring the risk that new and emergency technologies post to consumers in the financial marketplace.”
On February 11, the U.S. District Court for the District of New Jersey denied a motion to dismiss a putative class action against a debt collector and its legal counsel, holding that the plaintiff debtor made a plausible claim under the FDCPA that the debt collector was required by New Jersey’s Consumer Financing Licensing Act (NJCFLA) to be licensed as a consumer lender. According to the opinion, the plaintiff had defaulted on his credit card debt and, nine years later, received a letter from the defendant’s legal counsel seeking payment of the balance due. The plaintiff filed a proposed class action arguing that the letter violated the FDCPA because the debt collector had not been licensed with the New Jersey Department of Banking and Insurance prior to purchasing the debt, and therefore lacked the authority to collect on the debt. The defendant debt collector moved to dismiss the complaint, claiming, among other things, that it was exempt from the licensing requirements because it did not qualify as a “consumer loan business” under the NJCFLA. The debt collector argued that it never exceeded the state’s interest rate cap and therefore was exempt from the licensing requirements. However, the plaintiff argued that the defendant’s licensing violation arose from a second part of the “consumer loan business” definition, under which the licensing requirements apply because the defendant “directly or indirectly engag[es] . . . in the business of buying. . . notes.” The district court agreed with the plaintiff, stating that “[t]his statutory language does not narrow the category of lenders falling under that definition according to the interest rates that they charge.”
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
D.C. act provides eviction and foreclosure relief to federal employees and contractors impacted by shutdown
On February 6, the Mayor of the District of Columbia signed Act 23-5 (B23-0080) to protect federal workers, contractors, and employees of the District of Columbia Courts from eviction and foreclosure during federal government shutdowns. Among other things, the D.C. Superior Court will have the ability to grant motions to stay foreclosure and eviction proceedings for eligible impacted workers or their household members. The temporary stay would run until the earlier of “(i) 30 days after the effective date of an appropriations act or continuing resolution that funds a federal worker’s government agency; or (ii) 90 days after the date of the federal worker’s first unpaid payday” for government employees, with analogous terms for contractors. The act is effective immediately and expires on May 7.
On January 23, the U.S. District Court for the Middle District of Florida dismissed a putative class action suit, ruling that a national bank did not qualify as a debt collector under the FDCPA. According to the order, the three plaintiffs defaulted on loans that were originated (or acquired via merger) by the bank. The loans were ultimately satisfied by the proceeds of related short sales of the plaintiffs’ homes. Following the satisfaction of the loans, the bank sent the plaintiffs letters that stated it would not report any negative information regarding the plaintiffs’ loans to the credit bureaus or charge any late fees for a period of 90 days due to the plaintiffs’ residences being located in a FEMA-declared disaster area. The plaintiffs alleged that these letters violated the FDCPA and the Florida Consumer Collection Practices Act (FCCPA) because the bank “systematically misrepresent[ed] the status” of the plaintiffs’ satisfied loans as well as the plaintiffs’ “obligations under the loans.” The bank moved to dismiss arguing, among other things, that the FDCPA claims should be dismissed because the bank—as originator and owner of the loans—is not a debt collector under the FDCPA, and the complaint failed to contain any allegations supporting the assertion that the bank’s principal purpose as a business is the collection of debts. Moreover, the bank argued that the letters were sent purely for informational purposes, and as such, did not constitute an attempt to collect a debt under the FDCPA or FCCPA.
The court agreed with the bank, finding that the bank was “exempt from the definition of a debt collector” due to its status as the originator of the loans, and dismissed the FDCPA claims with prejudice. The court also dismissed plaintiffs’ FCCPA claims, finding that it lacked original jurisdiction over these claims because the plaintiffs failed to file a motion for class certification within 90 days of filing the complaint, as required under local rules.
On January 31, NYDFS issued Supplement No. 2 to Insurance Circular Letter No. 1 (2003), which provides guidance to the title insurance industry following a January 15 unanimous decision by the Appellate Division of the New York State Supreme Court to uphold Insurance Regulation 208. The Appellate Division’s decision vacated the majority of a trial court order annulling Regulation 208, which limits title insurers’ ability to offer inducements to obtain business. (See previous InfoBytes coverage here.)
The NYDFS supplement highlighted three critical holdings from the Appellate Division’s decision. First, the court upheld Regulation 208’s ban on inducements for future title insurance business, recognizing that NYDFS had found that lavish gifts were routinely offered to intermediaries such as lawyers in anticipation of receiving business. Second, the appellate court held that Insurance Law § 6409(d), which prohibits a commission, rebate, fee, or “other consideration or valuable thing,” is not limited to a prohibition on quid pro quo exchanges for specific business. Third, the court annulled Regulation 208’s ban on certain closer fees and fees for ancillary searches.
NYDFS’ cybersecurity FAQs provide process for covered entities that no longer qualify for exemptions
On February 2, NYDFS updated its answers to FAQs regarding 23 NYCRR Part 500, which established cybersecurity requirements for banks, insurance companies, and other financial services institutions. (See here for previous InfoBytes coverage on updates to the FAQs.) Among other things, the update outlines the procedures covered entities must follow if the entity ceases to qualify for exemptions under Section 500.19. Covered entities who no longer qualify for an exemption will have 180 days from the end of their most recent fiscal year to comply with all applicable requirements of 23 NYCRR Part 500. NYDFS further notes that covered entities may be required to periodically refile their exemptions to ensure qualification.
New Jersey Department of Banking and Insurance adjusts maximum dollar amount of 2019 high-cost home loans
On January 31, as part of the annual review required under the Home Ownership Security Act of 2002 (the Act), the New Jersey Department of Banking and Insurance issued Bulletin 19-02, which addresses the definition of a “high cost home loan.” The bulletin adjusts the maximum principal amount of a loan that may be considered a “high cost home loan” from $487,618.86 to $498,610 and is effective for all completed loan applications subject to the Act received by a lender on or after January 1.
Linda Lacewell, New York Governor Andrew Cuomo’s nominee to replace outgoing Superintendent Maria Vullo as superintendent of NYDFS, is now listed on the department’s website as the acting superintendent. Ms. Lacewell—who previously served as chief of staff and counselor to the governor and served as both a state and federal prosecutor—built and implemented the state’s first system for ethics, risk and compliance in agencies and authorities, and has a history in ethics and law enforcement matters. According to published reports, Acting Superintendent Lacewell assumed her role on February 4.
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services institutions regulated by NYDFS are required to implement a cybersecurity program to protect consumer data. The last step in the implementation timeline requires covered entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such third parties. NYDFS also reminded regulated entities that the deadline to file their second certification of compliance via NYDFS’ cybersecurity portal is February 15.
Previously InfoBytes coverage on NYDFS’ cybersecurity regulation are available here.
- Kathryn L. Ryan to discuss "NMLS usage" at the NMLS Annual Conference & Training
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program