Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Appellate court reverses BIPA decision

    Privacy, Cyber Risk & Data Security

    On November 30, the Illinois Court of Appeal for the Fourth Appellate District reversed and remanded a trial court’s decision to grant a defendant plating company’s motion for summary judgment in a Biometric Information Privacy Act (BIPA) suit. The plaintiff began working for the defendant in 2014. From the beginning of his employment, the plaintiff clocked into his job using a fingerprint, but the defendant did not have a written retention-and-destruction schedule for biometric data until 2018. The plaintiff was subsequently terminated and then filed suit claiming that the defendant violated BIPA by failing to establish a retention-and-destruction schedule for the possession of biometric information until four years after it first possessed the plaintiff’s biometric data. The trial court granted the defendant’s motion for summary judgment, finding that section 15(a) of BIPA established no time limits by which a private entity must establish a retention-and-destruction schedule for biometric data. The plaintiff appealed.

    The appellate court reversed the trial court’s order, finding that Section 15(a) specified that a private entity “in possession of” biometric data must develop a written policy laying out its retention and destruction protocols, and the duty to develop a schedule is triggered by possession of the biometric data. The appellate court noted that its decision “is consistent with the statutory scheme, which imposes upon private entities the obligation to establish [BIPA]-compliant procedures to protect employees' and customers' biometric data.” The appellate court went on to note that it “can discern no rational reason for the legislature to have intended that a private entity ‘develop’ a ‘retention schedule and guidelines for permanently destroying’ (id. § 15(a)) biometric data at a different time from that specified in the notice requirement in section 15(b), which itself must inform the subject of the length of time for which the data will be stored (i.e., retained), etc.” The appellate court concluded “that the duty to develop a schedule upon possession of the data necessarily means that the schedule must exist on that date, not afterwards,” and stressed that this is “the only reasonable interpretation” in light of BIPA's “preventive and deterrent purposes.”

    Furthermore, the appellate court rejected the defendant’s argument that “the statutory duty is satisfied so long as a schedule exists on the day that the biometric data possessed by a defendant is no longer needed or the parties’ relationship has ended," stating that the statutory language “belies this interpretation.”

    Privacy, Cyber Risk & Data Security Courts Illinois BIPA Consumer Protection State Issues

    Share page with AddThis
  • CFPB says TILA does not preempt NY law on commercial disclosures

    Agency Rule-Making & Guidance

    On December 7, the CFPB issued a preliminary determination that New York’s commercial financing disclosure law is not preempted by TILA because the state’s statute regulates commercial financing transactions and not consumer-purpose transactions. The CFPB issued a Notice of Intent to Make Preemption Determination under the Truth in Lending Act seeking comments pursuant to Appendix A of Regulation Z on whether it should finalize its preliminary determination that New York’s law, as well as potentially similar laws in California, Utah, and Virginia, are not preempted by TILA. Comments are due January 20, 2023. Once the comment period closes, the Bureau will publish a notice of final determination in the Federal Register.

    Explaining that recently a number of states have enacted laws to require improved disclosures of information contained in commercial financing transactions, including loans to small businesses, in order to mitigate predatory small business lending and improve transparency, the Bureau said it received a written request to make a preemption determination involving certain disclosure provisions in TILA. While Congress expressly granted the Bureau authority to evaluate whether any inconsistencies exist between certain TILA provisions and state laws and to make a preemption determination, the statute’s implementing regulations require the agency to request public comments before making a final determination.

    While New York’s Commercial Financing Law “requires financial disclosures before consummation of covered transactions,” the Bureau pointed out that this applies to “commercial financing” rather than consumer credit. The request contended that TILA preempts New York’s law in relation to its use of the terms “finance charge” and “annual percentage rate”—“notwithstanding that the statutes govern different categories of transactions.” The request outlined material differences in how the two statutes use these terms and asserted “that these differences make the New York law inconsistent with Federal law for purposes of preemption.” As an example, the request noted that the state’s definition of “finance charge” is broader than the federal definition, and that the “estimated APR” disclosure required under state law “for certain transactions is less precise than the APR calculation under TILA and Regulation Z.” Moreover, “New York law requires certain assumptions about payment amounts and payment frequencies in order to calculate APR and estimated APR, whereas TILA does not require similar assumptions,” the request asserted, adding that inconsistencies between the two laws could lead to borrower confusion or misunderstanding.

    In making its preliminary determination, the Bureau concluded that the state and federal laws do not appear “contradictory” for preemption purposes based on the request’s assertions. The Bureau explained that the statutes govern different transactions and disagreed with the argument that New York’s law impedes the operation of TILA or interferes with its primary purpose. Specifically, the Bureau stated that the “differences between the New York and Federal disclosure requirements do not frustrate these purposes because lenders are not required to provide the New York disclosures to consumers seeking consumer credit.”

    Agency Rule-Making & Guidance Federal Issues CFPB State Issues New York Commercial Finance Disclosures TILA Regulation Z Preemption

    Share page with AddThis
  • California appellate court upholds judgment in RFDCPA suit


    On November 23, the California Court of Appeal for the Fourth Appellate District upheld a summary judgment ruling for a creditor over allegations that it violated the Rosenthal Fair Debt Collection Practices Act (RFDCPA). The plaintiff, the widow of a former patient of the defendant doctor, asserted claims against the doctor and his professional corporation (collectively, “defendants”) alleging that they were debt collectors within the meaning of the RFDCPA. The plaintiff alleged that the defendants violated the RFDCPA by sending “multiple bills and making incessant” phone calls seeking payment for services provided to her husband before he died. The plaintiff requested that the defendants stop contacting her and seek payment through insurance and the hospital. The defendants used two different companies for its third-party billing services, and those companies sent invoices to the plaintiff, who responded that payment inquiries for her deceased husband should only be submitted to the insurance company and the medical center. The trial court granted the defendants’ motion for summary judgment, ruling they did not meet the statute’s definition of a debt collector.

    The appellate court affirmed, finding that “a medical service provider that exclusively uses an unaffiliated, third-party billing service to collect payment for services rendered to patients” is not a “debt collector” within the meaning of the RFDCPA. The court found that although the RFDCPA “applies to those who collect debts on behalf of themselves,” the law still requires that a defendant “must regularly and in the ordinary course of business ‘engage in’ debt collection” for liability to attach. The appellate court emphasized that it was not holding that “a creditor may never be vicariously liable for the actions of a debt collector on an agency theory.” Instead, the plaintiff carried “the burden to demonstrate a triable issue of material fact on the existence of such an agency relationship, and she failed to do so on this record.”

    Courts State Issues Appellate California Debt Collection Rosenthal Fair Debt Collection Practices Act

    Share page with AddThis
  • NYDFS proposes virtual currency firms to pay supervision fees

    Recently, NYDFS announced it is seeking public comment on a proposed rule establishing how certain licensed virtual currency businesses would be assessed for the costs of their supervision and examination. According to NYDFS, the proposed regulation establishes a provision in the state budget granting NYDFS new authority to collect supervisory costs from virtual currency businesses that are licensed pursuant to the Financial Services Law, and will permit NYDFS “to continue adding top talent to its virtual currency regulatory team.” The proposed regulation states that it will apply only to licensed persons engaged in virtual currency business activity and that the fees will only cover the costs and expenses associated with NYDFS's oversight of each licensee. Specifically, the draft regulation states that a licensee's total annual assessment fee will be the “sum of its supervisory component and its regulatory component” and that each licensee will be billed five times per fiscal year. According to the regulation, there will be four quarterly fees, each approximately 25 percent of the anticipated annual amount, and a final fee based on the actual total operating cost for the fiscal year. The proposed regulation is subject to a 10-day pre-proposal comment period, followed by a 60-day comment period upon publication in the State Register.

    Licensing State Issues Agency Rule-Making & Guidance Digital Assets New York NYDFS Virtual Currency Supervision

    Share page with AddThis
  • NY passes crypto mining bill

    State Issues

    On November 22, the New York governor signed AB 7389, which establishes a moratorium on cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transaction. Among other things, the bill also establishes a section on the moratorium on air permit issuance and renewal that states that the state cannot approve a new application, or issue a new permit, for an electric generating facility that utilizes carbon-based fuel and that provides behind-the-meter electric energy consumed or utilized by cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transactions. The bill is effective immediately.

    State Issues Digital Assets State Legislation New York Cryptocurrency Climate-Related Financial Risks Blockchain

    Share page with AddThis
  • Arizona establishes new limits on consumer debt collection

    State Issues

    Recently, the Arizona governor approved Proposition 209, which decreases the maximum lawful annual interest rate on “medical debt” from 10 percent to three percent. Among other things, the proposition defines “medical debt” as “a loan, indebtedness, or other obligation arising directly from the receipt of health care services or of medical products or devices.” Accordingly, in addition to judgments on medical debt, the three percent annual rate limit applies to loans or other financing for health care services or medical products or devices. The proposition also decreases the share of borrowers’ wages that lenders can garnish. The current limit is 25 percent, but that percentage will decrease to 10 percent for many consumers, and to five percent for consumers dealing with extreme economic hardship. Additionally, the proposition increases various exemption amounts, including: (i) $400,000 (up from $150,000) for the homestead exemption; and (ii) $15,000 (up from $6,000) for household furniture, furnishing, goods, and appliances. The proposition is effective immediately.

    On December 7, a state court granted a temporary restraining order, which stopped the enactment of the approved measure. An evidentiary hearing is set to happen in December where the plaintiffs are seeking to have the proposition nullified. 

    State Issues State Legislation Arizona Interest Consumer Finance Medical Debt Debt Collection

    Share page with AddThis
  • States ask FTC to increase consumer data privacy protections

    Privacy, Cyber Risk & Data Security

    On November 17, the Massachusetts attorney general announced that a coalition of more than 30 state AGs sent a letter to the FTC urging the Commission to consider the heightened sensitivity around consumers’ medical data, biometric data, and location data, along with other dangers that arise from data brokers and the surveillance of consumers in response to the FTC’s August advanced notice of proposed rulemaking (ANPR). As previously covered by InfoBytes, in August the FTC announced the ANPR covering a wide range of concerns about commercial surveillance practices, specifically related to the business of collecting, analyzing, and profiting from information about individuals. In the letter, the AGs expressed that they share the FTC’s concern about “the alarming amount of sensitive consumer data that is amassed, manipulated, and monetized.” The AGs noted, among other things, that many consumers are not even aware that their location information is being collected, and when a consumer wishes to disable location sharing, their options are quite limited. The coalition also urged the FTC to consider the risks of commercial surveillance practices that use or facilitate the use of facial recognition, fingerprinting, or other biometric technologies. The letter stated that “consumers provide this information to companies for security purposes or personal pursuits, such as to learn about their ancestry,” but are not always aware of when and how their data is collected. The AGs emphasized the persistent dangers of data brokers, and warned that data brokers profile consumers by scouring their information and use it to create profiles of certain consumers who are susceptible to certain advertising or are likely to buy certain products. In regard to data minimization, the letter emphasized that it is “vital that the Commission consider data minimization requirements and limitations.” The AGs encouraged the FTC “to examine the approach taken in the California, Colorado, Connecticut, Utah and Virginia consumer privacy laws,” and further explained that “each statute mandates that businesses tie and limit the collection of personal data to what is ‘reasonably necessary’ in relation to specified purposes.”

    Privacy, Cyber Risk & Data Security State Issues FTC Consumer Protection State Attorney General

    Share page with AddThis
  • New York enacts protections for consumers with medical debt

    State Issues

    On November 23, the New York governor signed S6522A/A7363A to prohibit certain hospitals and healthcare providers from placing liens on the primary residences of individuals with unpaid medical debts or garnishing wages to collect on unpaid bills or satisfy judgments arising from a medical debt lawsuit. “No one should face the threat of losing their home or falling into further debt after seeking medical care,” Governor Kathy Hochul said in an announcement. “I’m proud to sign legislation today that will end this harmful and predatory collection practice to help protect New Yorkers from these unfair penalties. The bill is effective immediately.

    State Issues State Legislation Debt Collection Garnishment Medical Debt Consumer Finance New York

    Share page with AddThis
  • CSBS says FDIC board nominees lack state bank regulatory expertise

    Federal Issues

    On November 29, the Conference of State Bank Supervisors sent a letter to Senator Sherrod Brown (D-OH), Chairman of the Senate Banking Committee, and Rep. Pat Toomey (R-PA), Ranking Member of the House Financial Services Committee, to express their disappointment that none of the nominees to the FDIC Board of Directors have state bank supervisory experience. Last month, President Biden nominated Martin Gruenberg, who has been serving as acting chairman, to serve as chair and member of the board, and in September, Travis Hill and Jonathan McKernan were nominated to fill the board’s two vacant seats (covered by InfoBytes here and here). At the time of the announcement, CSBS President and CEO James M. Cooper issued a statement encouraging the U.S. Senate to ask nominees how they intend to work with state bank regulators. Cooper reiterated in his follow-up letter that the FDI Act requires that at least one board member have state bank supervisory experience, especially since having the Comptroller of the Currency seated on the board represents the interest of national banks. According to Cooper, fulfilling this statutory requirement “can only be met by a person who has worked in state government as a supervisor of state-chartered banks, and as the legislative history notes, [is] someone with ‘state bank regulatory expertise and sensitivity to the issues confronting the dual banking system.’” Cooper asked that the slate of nominees confirmed by the Senate includes at least one individual who fulfills this requirement.

    The following day, during the Senate Banking Committee’s nomination hearing, Republican senators questioned Gruenberg’s role in a dispute between Democratic board members and former Chairwoman Jelena McWilliams related to a joint request for information seeking public comment on revisions to the FDIC’s framework for vetting proposed bank mergers. McWilliams eventually announced her resignation at the end of last year (covered by InfoBytes here). Senator Pat Toomey (R-PA) called Gruenberg’s participation in the dispute “very disturbing,” and expressed concerns that his actions, along with some of his colleagues, “really undermines the [] FDIC and could have lasting implications.” Gruenberg countered that under the FDI Act, “the authority of the agency explicitly is vested in the board of directors, and the majority of the board has the authority to place items before the board.”

    Some Republican senators also raised concerns with Gruenberg’s past involvement in Operation Choke Point, with Senator Steve Daines (R-MT) requesting that Gruenberg commit to actively preventing FDIC employees from “criticizing, discouraging or prohibiting banks from lending or doing business with any industries or customers that are operating in accordance with the law.” Gruenberg agreed to do so, saying this has been the FDIC’s policy. The FDIC’s current approach to cryptocurrency was also addressed, while Senator Cynthia Lummis (R-WY) took issue with the fact that none of the board nominees fulfill the Biden administration’s push for diversity and inclusion.

    Federal Issues State Issues Senate Banking Committee CSBS FDIC Biden

    Share page with AddThis
  • Senators demand answers on collapsed cryptocurrency exchange; NYDFS seeks tougher crypto approach

    Federal Issues

    On November 16, Senator Elizabeth Warren (MA-D) and Senator Richard Durbin (IL-D) sent a letter to the ex-CEO and his successor of a cryptocurrency exchange that filed for bankruptcy. In the letter, the senators requested a series of files from the cryptocurrency exchange, including copies of internal policies and procedures regarding the relationship between the firm and its affiliated crypto hedge fund. The senators stated that the cryptocurrency exchange’s customers and Americans “fear that they will never get back the assets they trusted to [the cryptocurrency exchange] and its subsidiaries.” Additionally, the senators argued that “the apparent lack of due diligence by venture capital and other big investment funds eager to get rich off crypto, and the risk of broader contagion across the crypto market that could multiply retail investors’ losses, ‘call into question the promise of the industry.’” The senators emphasized that “the public is owed a complete and transparent accounting of the business practices and financial activities leading up to and following the cryptocurrency lending firm's collapse and the loss of billions of dollars of customer funds.” Among other things, the senators asked the cryptocurrency exchange to provide requested information by November 28, including: (i) complete copies of all the firm’s and its subsidiaries’ balance sheets, from 2019 to the present; (ii) an explanation of how “a poor internal labeling of bank-related accounts” resulted in the firm’s liquidity crisis; (iii) a list of all the firm’s transfers to its affiliated crypto hedge fund; (iv) copies of all written policies and procedures regarding the relationship between the firm and its affiliated crypto hedge fund; and (v) an explanation of the $1.7 billion in the firm’s customer funds that were allegedly reported missing.

    The same day, NYDFS Superintendent Adrienne Harris participated in a “fireside chat” before the Brooking Institute’s event, Digital asset regulation: The state perspective - Effective regulatory design and implementation for virtual currency. During the chat, Harris expressed her support for a national framework similar to what New York has because she believes that “it is proving itself to be a very robust and sustainable regime.” Harris also discussed NYDFS priorities regarding digital assets for the future, stating that crypto companies can expect more guidance on a number of key regulatory issues. Specifically, Harris disclosed that NYDFS will “have more to say on capitalization,” and “on consumer protection, disclosures, advertising … [and] complaints, making sure these companies have an easy way for consumers to complain.” She also warned that NYDFS will “bolster and broaden” its authority, adding that there is “lots of work for us to do to make clear the expectations that we have already, and to make sure that the things we have on the books equip us well to keep up with this marketplace.”

    Senators Warren and Sheldon Whitehouse (D-RI) also sent a letter to the DOJ asking that the former CEO and any complicit company executives be held personally accountability for wrongdoing following the cryptocurrency exchange’s collapse. 

    On December 13, the House Financial Services Committee will hold a hearing to discuss the cryptocurrency exchange’s collapse and the possible implications for other digital asset companies.

    Federal Issues Digital Assets State Issues Fintech Cryptocurrency NYDFS Bank Regulatory U.S. Senate DOJ House Financial Services Committee

    Share page with AddThis