Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • New York AB 2672 goes into effect and establishes credit card surcharge provisions

    State Issues

    Recently, New York AB 2672 (the "Act") was enacted, and went into effect on February 11. The Act requires merchants that impose a credit surcharge fee to clearly and conspicuously post prices inclusive of a surcharge fee. The Act allows merchants to use a two-tier pricing system, in which two different prices display whether a consumer uses a credit card or another form of payment on a transaction. The Act also establishes a civil penalty not to exceed $500 for each violation. 

    State Issues Credit Cards New York Surcharge State Legislation

  • New York State Attorney General wins $77 million judgment against short-term lenders for predatory lending

    State Issues

    On February 8, New York State Attorney General (AG) Letitia James announced a more than $77 million judgment against three merchant cash advance (MCA) companies for usury and fraud based on allegations the lenders used short-term loans to charge illegally high-interest and undisclosed fees. 

    In a June 2020 announcement, Attorney General James detailed her office’s investigation, which concluded that the companies employed practices including (i) extending MCAs to small business owners at illegal interest rates over short durations; (ii) imposing undisclosed fees; (iii) withdrawing excess amounts from merchants’ bank accounts; and (iv) procuring judgments against merchants through the submission of falsified affidavits in New York State courts.

    The judgment follows a September 2023 court decision finding violations of New York’s prohibitions against, among other things, usury and predatory lending, and requiring the companies to cease collections and to repay thousands of small businesses the interest they paid. The companies were ordered to provide the full restitution and damages within 60 days to all merchants who entered into MCAs, including refunding all amounts taken from merchants or their guarantors in connection with the MCAs, minus the principal amounts funded to the borrowers. After the companies failed to pay the damages, the AG sought the entry of the monetary judgment from the court. 

    State Issues New York State Attorney General Enforcement Small Business Lending Interest Usury

  • California appeals court vacates a ruling on enjoining enforcement of CPRA regulations

    State Issues

    On February 9, California’s Third District Court of Appeal vacated a lower court’s decision to enjoin the California Privacy Protection Agency (CPPA) from enforcing regulations implementing the California Privacy Rights Act (CPRA).  The decision reverses the trial court’s ruling delaying enforcement of the regulations until March 2024, which would have given businesses a one-year implementation period from the date final regulations were promulgated (covered by InfoBytes here).

    The CPRA mandated the CPPA to finalize regulations on specific elements of the act by July 1, 2022, and provided that “the Agency’s enforcement authority would take effect on July 1, 2023,” a one-year gap between promulgation and enforcement. The CPPA did not issue final regulations until March of 2023, but sought to enforce the rules starting on the July 1, 2023, statutory date.  In response, in March 2023, the Chamber of Commerce filed a lawsuit in state court seeking a one-year delay of enforcement for the new regulations.  The trial court held that a delay was warranted because “voters intended there to be a gap between the passing of final regulations and enforcement of those regulations.” On appeal, the court emphasized that there is no explicit and unambiguous language in the law prohibiting the agency from enforcing the CPRA until at least one year after final regulations are approved, and that and found that while the mandatory dates included in the CPRA “amounts to a one-year delay,” such a delay was not mandated by the statutory language. The court further found that there is no indication from the ballot materials available to voters in passing the statute that the voters intended such a one-year delay. The court explained that the one-year gap between regulations could have been interpreted to give businesses time to comply, or as a period for the agency to prepare for enforcing the new rules, or there may also be other reasons for the gap.

    Accordingly, the appellate court held that Chamber of Commerce “was simply not entitled to the relief granted by the trial court.” As a result of the court’s decision, businesses are now required to commence implementing the privacy regulations established by the agency. 

    State Issues Privacy Courts California Appellate CPPA CPRA

  • California DFPI proposes new regulations under the Debt Collection Licensing Act

    State Issues

    On February 9, the California Department of Financial Protection and Innovation (DFPI) published a proposed rule to adopt new regulations under the Debt Collection Licensing Act (DCLA). Under the DCLA, a debt collector licensee is required to pay the DFPI Commissioner its “pro rata share of all costs and expenses incurred in the administration” of the DCLA, which is calculated in part based on the licensee’s “net proceeds generated by California debtor accounts,” but the term “net proceeds” was not defined in the statute. The proposed rule defines “net proceeds generated by California debtor accounts” to mean “the amount retained by a debt collector from its California debt collection activity.” The proposed rule also specifies the formulas used in calculating the net proceeds depending on the party, including a debt buyer, purchaser of debt that has not been charged off or in default, third-party collector, and first-party collector.

    Additionally, the proposed rule requires licensees to file an annual report with the DFPI and specifies the information required in the annual report, including (i) the number of California debtor accounts collected on in the previous year; (ii) the number of California debtor accounts in the licensee’s portfolio as of December 31 of the preceding year; and (iii) the number and dollar amount of California debtor accounts for which collection was attempted, but not successfully collected or resolved during the previous year. Comments to the proposed rule must be submitted by March 27.

    State Issues California Agency Rule-Making & Guidance Debt Collection Licensing Act

  • SEC, DFPI charge unregistered crypto platform


    On February 7, the SEC and DFPI announced charges against a Florida-based crypto platform, for failing to register the offer and sale of a crypto lending product that allowed U.S. investors to deposit or purchase crypto assets into an account in exchange for promised interest payments.  

    The SEC found that crypto asset accounts with the “interest feature” were offered and sold by the company as securities in the form of investment contracts but failed to register its offer and sale as required by law. Despite voluntarily halting the offering of the interest feature in 2022, the company agreed to pay a $1.5 million penalty to settle the SEC's charges. The SEC also noted that the company announced its intention to terminate all crypto-related products and services in the U.S. on February 22.   

    In addition, DFPI also entered a consent order with the platform to settle an investigation into the platform’s interest-earning program. The resolution is part of a multistate settlement facilitated by a task force led by California and Washington, comprising of eight state securities regulators. The investigation found that from 2020 through 2022, the platform engaged in the unregistered offer and sale of securities through its crypto interest-earning program. The platform offered the program to investors, allowing them to passively earn interest on crypto assets loaned to the platform. The platform maintained “total discretion” over revenue-generating activities to generate returns for investors, DFPI added. As part of the settlement with DFPI, the company agreed to pay a $1.5 million penalty to the DFPI on behalf of 51 U.S. jurisdictions, mirroring a similar settlement with the SEC for the same amount. 

    Securities DFPI SEC Registration Securities Exchange Commission Consent Order Digital Assets

  • Washington State Attorney General wins two suits under medical billing practices

    State Issues

    On February 1, the Attorney General from Washington State successfully sued a large healthcare group to pay over $158 million for settlement of funds under the state’s Consumer Protection Act (CPA). The Washington AG stated that the healthcare group violated state law which requires hospital management to notify patients about financial assistance and to screen them for eligibility before trying to collect payment. The healthcare group has been ordered to pay $20.6 million in patient refunds and will forgive $137.2 million in medical debts; it will also pay $4.5 million to cover the attorney general’s costs. Among others, the consent decree includes several injunctions to be engaged in or refrained from for five years, including maintaining charity care policies, and not collecting payment for medical services unless presented with either of two stated stipulations. Lastly, the consent decree states that if the healthcare group violates a condition, it would have to pay up to $125,000 per violation. The defendants do not admit the allegations of the complaints filed in the first lawsuit from February 2022. 

    Similarly, on February 2 the Washington AG successfully entered into a motion for partial summary judgment against a medical debt collection agency working within the healthcare group for sending 82,729 debt collection notices under the Collection Agency Act (CAA). The court agreed with the AG’s finding that the agency’s debt collection notices failed to make the required disclosures under the CAA. Damages have not yet been awarded. 

    State Issues Medical Debt FDCPA Washington State Attorney General

  • Connecticut Attorney General reports on Connecticut Data Privacy Act

    State Issues

    On February 1, Connecticut’s Attorney General (AG) released a report on the Connecticut Data Privacy Act (CTDPA) including information on the law and how the state enforces it. Enacted in May 2022, the CTDPA is a comprehensive consumer data privacy law which took effect on July 1, 2023. The CTDPA gives consumers in Connecticut a set of rights regarding their personal information and privacy standards for businesses handling such data. Connecticut residents can: (i) see what data companies have on them; (ii) ask for corrections on inaccurate information; (iii) request the deletion of their data; and (iv) choose not to have their personal information used for selling products, targeted advertisements, or profiling. The report noted that within the first six months the CTDPA has been in effect, the AG issued dozens of violations towards a number of information requests. It added that companies generally responded positively to the notices and updated quickly their privacy policies and consumer rights mechanisms. According to the report, while some companies initially went below the CTDPA threshold, they made changes to meet it later while a few went beyond identified areas in the notices by strengthening their disclosures. 

    The report also mentioned that beginning on January 1, 2025, businesses are required to acknowledge universal opt-out signals, reflecting consumers’ choice to opt out of targeted advertising and the sale of personal data. This mandatory provision was emphasized during Connecticut's legislative process to alleviate the consumer burden, and it has been enacted into law. Finally, the report discusses possible expansions and clarifications to the CTDPA for the legislature to consider.  

    State Issues Connecticut State Attorney General Privacy, Cyber Risk & Data Security

  • Texas resolves securities fraud case with decentralized finance lending platform

    State Issues

    Recently, a decentralized finance crypto lending platform and its owners (respondents) entered into a settlement agreement with a Texas regulatory agency, resolving an emergency cease-and-desist action brought in June 2023. The Texas State Securities Board alleged that respondents committed securities fraud in connection with the offers and sales of investments, falsely denied the platform’s impending bankruptcy, and “secretly” transferred customer funds to a crypto exchange, as well as offered unregistered securities. Under the terms of the settlement, respondents have agreed to, among other things, (i) inform clients of its plan for asset return within seven days of the settlement and provide a seven-day window for clients to withdraw assets through the app; (ii) continue to provide customer support to prior customers; (iii) pay an administrative fine; and (iv) cease-and-desist from selling unregistered securities in the state without admitting or denying the allegations. Texas also agreed to dismiss its emergency cease-and-desist order as part of the settlement.  

    State Issues Texas Enforcement Cryptocurrency Lending

  • Colorado Attorney General fines debt collector $500,000 for collecting on illegal loans

    State Issues

    On January 16, the Colorado State Attorney General (AG) reached a settlement agreement with a third-party debt collection company that is ordered to pay $500,000 to the State. The company previously contracted to collect debt from consumers on behalf of unlicensed lending entities associated with Native American tribes, or Tribal Lending Entities (TLEs). According to the settlement agreement, none of the TLEs were licensed Colorado lenders and all of their loan agreements with consumers contained finance charge terms that exceeded the Uniform Consumer Credit Code’s 12 percent finance charge cap on unlicensed lenders—with most having interest rates that exceeded 500 percent APR and some up to 900 percent APR. The AG alleged that, between 2017 and 2022, the company violated the Colorado Fair Debt Collection Practices Act by using “unfair or unconscionable means” to collect on defaulted TLE-issued loans by representing to consumers that the entire loan balance was owed to the TLEs, that the company was legally authorized to collect the payments, and that consumers were legally obligated to pay the full amount. The company denies that its conduct violated any state law and otherwise denies all allegations of wrongdoing. Along with the penalty, the company will be barred from collecting on any debt where the loan’s APR exceeded the 12 percent cap and will provide the State with a list of affected consumers within 30 days. 

    State Issues Colorado State Attorney General Enforcement Consumer Finance

  • Illinois proposes rule to evaluate mortgage community reinvestment

    State Issues

    Recently, the Illinois Department of Financial and Professional Regulation issued a proposed rule pursuant to the Illinois Community Reinvestment Act (ILCRA). The ILCRA is modeled off the Community Reinvestment Act but expands its scope of covered financial institutions to include credit unions and licensed entities. The proposed rule will help the Department administer and enforce the ILCRA in an equitable manner. The rule establishes a framework and criteria by which the Department will evaluate a covered mortgage licensee’s record of helping to meet the mortgage credit needs of Illinois, including low- and moderate-income neighborhoods and individuals, through different tests and performance standards depending on the number of loans made by a covered mortgage licensee. Tests and considerations for evaluating licensees’ record include a lending test, service test, performance record, data collection and reporting, and content and recordkeeping of information received from the public.

    To mitigate the impact on small businesses, a licensee that has made less than 200 home mortgage loans in Illinois in the last calendar year will not be subject to the service test. Furthermore, licensees that made less than 100 home mortgage loans in Illinois in the previous calendar year will have less frequent examinations than those with more than 100. Based on the licensee’s performance under the lending and service tests, the proposed rule specifies that a licensee’s rating of “outstanding”; “satisfactory”; “needs to improve”; or “substantial noncompliance” will affect how frequent they are evaluated. Compliance with the proposed rule is required six months from its effective date, and comments are due by February 26. 

    State Issues Illinois Agency Rule-Making & Guidance Mortgage Origination CRA Consumer Finance


Upcoming Events