Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 20, DFPI announced it is seeking public comment before it begins its formal rulemaking process on its Digital Financial Assets Law (DFAL), which was enacted on October 13. As previously covered by InfoBytes, DFAL created a licensing requirement for businesses engaging in digital financial asset business activity and is effective on July 1, 2025.
For comments that recommend rules, DFPI encourages comments that “propose specific rule language and provide an estimate, with justification, of the potential economic impact on business and individuals that would be affected by the language.” Additionally, DFPI requests metrics, applicable information about economic impacts, or quantitative analysis to support comments. Among other topics, DFPI especially asks for comments related to (i) application fees and potential fee adjustments based on application complexity; (ii) surety bond or trust account factors; (iii) if capital minimums should vary by the type of activity requiring licensure; and (iv) its stablecoin approval process.
Comments must be received by January 12, 2024. On January 8, 2024, DFPI will host a Virtual Informal Listening Session with stakeholders to discuss feedback on this informal invitation for comments.
The Utah Court of Appeals affirmed a lower court’s ruling against a debt buyer that acquired a portfolio of bad debts from borrowers all over the country, including residents of Utah. The debt buyer collected on the portfolio of debts by retaining third-party debt collectors or, in some instances, attorneys to recover such debts by filing lawsuits. The debt buyer was not licensed under the Utah Collection Agency Act (UCAA). As such, the plaintiffs argued that the debt buyer’s collection efforts were “deceptive” and “unconscionable” under the Utah Consumer Sales Practices Act.
The lower court ruled for the debt buyer on the grounds that failure to obtain a license, without more, did not rise to the level of “deceptive” or “unconscionable” conduct. Further, the UCAA does not have a private right of action.
Utah recently repealed the collection agency’s license, effective May 3, 2023 (covered by InfoBytes here).
On October 24, CSBS released tips for licensees to prepare for NMLS renewal. As previously covered by InfoBytes, NMLS announced it will be rolling out a new version of its mortgage call report which will include new requirements for many licensees. Kelly O'Sullivan, the chair of the NMLS Policy Committee and deputy commissioner of the Montana Division of Banking and Financial Institutions, advises licensees to proactively update their information in NMLS and make use of available training and resources to address their queries before the renewal period begins. This is particularly crucial for those individuals who typically only engage with NMLS during the license renewal phase.
CSBS recommended five essential tips for licensees:
- Licensees should log into NMLS and thoroughly review and update their profile record to ensure accuracy;
- Licensees should reset their NMLS password in advance to have a current password ready for accessing NMLS when needed;
- Licensees should provide and maintain a current email address to receive essential updates from NMLS during the renewal process;
- Licensees should review state-specific renewal requirements, as state agencies typically begin publishing details, including deadlines and fees, in September;
- Licensees are encouraged to take advantage of the free, on-demand renewal training resources provided by CSBS to become familiar with the renewal process.
On October 13, 2023, the Conference of State Bank Supervisors (CSBS) announced the Nationwide Multistate Licensing System & Registry (NMLS) will be rolling out a new version of its Mortgage Call Report (MCR). In an effort to standardize mortgage company data at the state level, and minimize the amount of reporting outside the system, NMLS will be launching an updated version of the MCR, Version 6 (FV6) on March 16, 2024.
Licensees will see three main improvements in Version 6:
- FV6 eliminates standard and expanded forms and consolidates them into one form. All servicers will complete the servicer schedule and all lenders will complete the lender schedule. Lenders and servicers will file financials quarterly, and brokers will file financials annually.
- Commercial and consumer lending licensees will complete a separate state-specific form, removing the obligation to report mortgage information.
- The revision of line-item definitions will improve the overall quality of the data and help implement more completeness and accuracy checks.
FV6 will go into effect for all data collected on transactions dated on and after January 1, 2024. Additionally, NMLS will provide companies with the XML specifications no later than October 23. CSBS estimates that approximately 24,000 brokers, lenders, and servicers will experience reduced requirements, and approximately 3,100 lenders will have additional filing requirements.
The Mortgage Bankers Association sent a letter to CSBS in July, raising concerns with the new version, including (i) the lack of technical specifications needed for full consideration of the proposal and its implementation; and (ii) the significant expansion and burden of reporting requirements on smaller filers resulting from the replacement of standard and expanded forms in favor of the new and more detailed FV6. CSBS noted mortgage industry concerns surrounding the timing of the rollout of FV6 ahead of Q1 2024, and shared that details for leniency to the filing deadline will be provided in future communications. NMLS will provide regular updates on the Mortgage Call Report page, targeted learning opportunities and Q&A sessions.
Visit here for additional guidance on FV6 from APPROVED.
On October 13, the California Governor signed AB 39, which will create a licensing requirement for businesses engaging in digital financial asset business activity. Crypto businesses will need to apply for a license with California’s Department of Financial Protection and Innovation (DFPI). The bill, among other things, (i) empowers DFPI to conduct examinations of a licensee; (ii) defines “digital financial asset” as “a digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender, whether or not denominated in legal tender, except as specified”; (iii) empowers DFPI to conduct enforcement actions against a licensee or a non-licensed individual who engages in crypto business with, or on behalf of, a California resident for up to five years after their activity; (iv) allows DFPI to assess civil money penalties of up to $20,000 for each day a licensee is in material violation of the law, and up to $100,000 for each day an unlicensed person is in violation; and (v) requires licensees to provide certain disclosures to California clientele, such as when and how users may receive fees and charges, and how they are calculated. The new law exempts most government entities, certain financial institutions, most people who solely provide connectivity software, computing power, data storage or security services, and people engaging with digital assets for personal, family, household or academic use or whose digital financial asset business activity is reasonably expected to be valued at no more than $50,000 per year. In September of last year, the California Governor vetoed a similar bill because creating a licensing framework was “premature” considering conflicting efforts.
Also effective on July 1, 2025 is SB 401, which was also enacted on October 13. SB 401 establishes regulations for crypto kiosks under the DFPI’s authority. It will, among other things, prohibit kiosk operators from accepting or dispensing more than $1,000 in a single day to or form a customer via a kiosk. Operators would be required to furnish written disclosures detailing the transaction's terms and conditions as well as transaction details. Kiosk operators will also be obligated to provide customers with a receipt for any transaction at their kiosk, including both the amount of a digital financial asset or USD involved in a transaction and, in USD, any fees, expenses, and charges collected by the kiosk operator. Finally, operators will be required to provide DFPI with a list of all its crypto kiosks in California, and such list will be made public.
On July 27, the governor of Oregon signed HB 2052 (the “Act”) into law, effective upon passage. The Act provides that a “data broker” cannot collect, sell or license brokered personal data within Oregon unless they first register with the Department of Consumer and Business Services. Brokered personal data includes, among other things, name (or the name of a member of the individual’s immediate family or household), data or place of birth, maiden name of the individual’s mother, biometric information, social security or other government-issued identification number, or other information that can “reasonably be associated” with the individual. A data broker does not include consumer reporting agencies, financial institutions, and affiliates or nonaffiliated third parties of financial institutions that are subject to Title V of the Gramm-Leach-Bliley Act, among others. There are certain exceptions to the requirement, including, among others, selling the assets of a business entity a single time, The Act stipulates a civil penalty in an amount less than or equal to $500 for each violation of Act or for each day in which violation continues. Civil money penalties are capped at $10,000 per calendar year.
On July 25, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter concluding that a company that merely receives payment instructions, orders, or directions to transmit money or monetary value does not constitute “receiving money for transmission” requiring licensure under the California Money Transmission Act (MTA).
Citing the California regulations, DFPI states that to “receive money for transmission,” a person must actually or constructively receive, take possession, or hold money or monetary value for transmission; merely receiving instructions, orders, or directions to transmit money or monetary value does not constitute “receiving money for transmission.”
As described in the letter, the data processor facilitated payments made by customers to contracting merchants in exchange for goods and services sold by merchants. The data processor forwards customer account and transaction details to partner financial institutions for debiting the customer’s account, and also facilitates refunds initiated by the merchants, including sending ACH instructions to the partner financial institution. However, the data processor at no point handles transferred funds or has custody or legal ownership of the rights to the transferred funds. DFPI, based on several factors and not solely limited to the services described, determined that the inquiring data processor’s payment system does not constitute money transmission or require an MTA license.
On July 3, the Hawaii governor signed HB 1027 (the “Act”) into law, amending several provisions relating to the Money Transmitters Modernization Act. The Act adds and amends several definitions. Changes include defining “money,” “receiving money or monetary value for transmission,” and “tangible net worth.” The definition of “money transmission” has also been amended to clarify its connection to business done in Hawaii, and “stored value” has been amended to mean monetary value “that represents a claim against the issuer evidenced by an electronic or digital record and that is intended and accepted for use as a means of redemption for money or monetary value, or payment for goods or services.” Stored value does not include “a payment instrument or closed loop stored value, or stored value not sold to the public but issued and distributed as part of a loyalty, rewards, or promotional program.”
Among the various exemptions, the Act also provides for an exemption for an agent of the payee to collect and process a payment from a payor to the payee for goods or services, other than money transmission services, provided certain criteria is met. Additional exemptions include certain persons acting as intermediaries, persons expressly appointed as third-party service providers to an exempt entity, and registered futures commission merchants and securities broker-dealers, among others. Anyone claiming to be exempt from licensing may be required to provide information and documentation demonstrating their qualification for the claimed exemption.
The amendments outline numerous licensing application and renewal procedures, including largely adopting the net worth, surety bond, and permissible investment requirements set forth in the Money Transmission Modernization Act. Several other states have also recently enacted provisions relating to the licensing and regulation of money transmitters (see InfoBytes coverage here and here).
The Act took effect July 1.
On June 30, HB 2325 (the “Act”) was signed by the Illinois governor to amend The Residential Mortgage License Act of 1987. According to the amendments, residential mortgage licensees in Illinois must register every physical office where they conduct business with the Secretary of Financial and Professional Regulation. However, they are allowed to permit mortgage loan originators to work from a remote location if certain conditions are fulfilled. Conditions include but are not limited to: (i) the licensee must have written policies and procedures for supervising remote mortgage loan originators; (ii) access to company platforms and customer information must comply with the licensee's information security plan; (iii) mortgage originators' residences cannot be used for in-person customer interactions unless the residence is a licensed location; (iv) physical records cannot be stored at remote locations; and (v) electronics used at remote locations must be able to securely access the company’s systems. Moreover, "remote location" is not considered a full-service office as defined by the regulations. If the loan originator works remotely, their primary office is the office registered on the Nationwide Multistate Licensing System and Registry record, unless they choose another licensed branch.
The Act is effective January 1, 2024.
The Nevada governor recently signed SB 290 (the “Act”) outlining several requirements for providers of earned wage access (EWA) products. EWA products allow individuals to access their earned income before receiving their regular paycheck. To operate such services in Nevada, providers must obtain a license from the Nevada Commissioner of Financial Institutions. The licensing requirements apply to both “employer-integrated” services, where the provider receives verified data directly from the employer or the employer’s payroll service to deliver unpaid wages, and “direct-to-consumer” services where the provider delivers unpaid wages after verifying the earned income based on data not obtained from the employer or their payroll service. Notably, the Act specifies that EWA products are not loans or money transmissions under Nevada law and are not subject to existing laws governing these products. The Act outlines application and fee requirements (licenses will be issued via the Nationwide Multistate Licensing System and Registry) and requires licensed EWA providers to submit annual reports to the commissioner by April 15 of each year.
Providers of EWA products are also subject to certain prohibitions, which include: (i) sharing any fees, voluntary tips, gratuities, or other donations with an employer; (ii) the use of credit reports or credit scores to determine eligibility for an EWA service; (iii) the imposition of late fees or penalties for nonpayment by users; (iv) the reporting of a user’s nonpayment to a consumer reporting agency or a debt collector; (v) coercion of users to make payments through civil action; and (vi) restrictions on using a third-party collector or debt buyer to pursue collections from a user.
Additionally, EWA providers must, among other things, (i) implement policies and procedures to respond to questions and complaints raised by users (responses must be provided within 10-business days of receipt); (ii) disclose to the user his or her rights, as well as all related fees, prior to entering an agreement; (iii) allow users to cancel their EWA agreements at any time without being charged a fee; (iv) conspicuously disclose that any tips, gratuities, or donations paid by the user do not directly benefit any specific employee of the EWA provider or any other person (providers must also allow users to select $0 as an amount for such a tip); (v) comply with the EFTA when seeking payment of outstanding proceeds, fees, or other payments from a user’s depository account; and (vi) reimburse users for any overdraft or non-sufficient funds fees incurred as a result of the provider attempting to collect payment on a date earlier than disclosed to the user or in an amount different from what was disclosed.
On or before September 30, the commissioner is required to prescribe application requirements. EWA providers who were engaged in the offering of EWA services as of January 1, 2023, may continue to provide services until December 31, 2024, if the provider submits an application for licensure by January 1, 2024, and otherwise complies with the Act’s provisions. The Act becomes effective immediately for the purpose of adopting any regulations and performing any preparatory administrative tasks that are necessary to carry out the provisions of the Act and on July 1, 2024, for all other purposes.