Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On July 22, DFPI reported that California payday lenders made fewer than 6.1 million loans during the Covid-19 pandemic—a 40 percent decline from 2019. Key findings in the 2020 Annual Report of Payday Lending Activity Under the California Deferred Deposit Transaction Law, include: (i) nearly 61.8 percent of licensees reported serving consumers who received government assistance; (ii) borrowers who take out subsequent loans accounted for 69 percent of payday loans in 2020; (iii) licensees collected $250.8 million in payday loan fees, of which 68 percent came from borrowers who made at least seven transactions during the year; (iii) 49 percent of borrowers had average annual incomes of $30,000 or less, and 30 percent had average annual incomes of $20,000 or less; (iv) online payday loans made up one-third of all payday loans (41 percent of borrowers took out payday loans over the internet); and (v) cash disbursement continued to decrease in 2020, while other forms of disbursement, such as wire transfers, bank cards, and debit cards increased. DFPI also noted that during this time period the number of payday loan borrowers referred by lead generators declined by 69 percent, and that the number of licensed payday lending locations also dropped by 27.7 percent. DFPI acting Commissioner Christopher S. Shultz commented that the decrease in payday loans during the pandemic may be attributable to several factors, “such as stimulus checks, loan forbearances, and growth in alternative financing options,” adding that DFPI continues to closely monitor financial products marketed to consumer in desperate financial need.
On July 13, the Connecticut governor signed SB 716 to provide additional protections for student loan borrowers and impose new requirements on student loan servicers. Among other things, the act requires servicers to provide certain information to borrowers and cosigners regarding their rights and responsibilities, including cosigner release eligibility and the cosigner release application process. The law also prohibits a student loan servicer from engaging in an abusive act or practice when servicing a student loan and expands the definition of “servicing” in state student loan servicer law. The law provides a list of exempt persons, which includes banks and credit unions and their wholly-owned subsidiaries. The act states it took effect July 1.
On July 13, the New York governor signed S.3941, which expands the state’s definition of telemarketing to include marketing by text message. A press release issued by the governor noted that expanding the definition closes a loophole in state law that previously limited the definition to phone calls, including unwanted robocalls. “Electronic text messages to  mobile devices have become the newest unwelcomed invasive marketing technique. Consumers should not be burdened with excessive and predatory telemarketing in any form, including text messages,” the press release stated. The act takes effect 30 days after becoming law.
On July 12, Colorado enacted HB 1282, which creates the Colorado Nonbank Mortgage Servicers Act under Article 21 and provides additional consumer protections through the regulation of mortgage servicers. Under the act, a mortgage servicer does not include, among others: supervised financial organizations; certain regulated mortgage loan originators; a federal agency or department; a collection agency whose debt collection business involves collecting on defaulted mortgage loans; agencies, instrumentalities, or political subdivisions of the state; supervised lenders that do not service residential mortgages; servicers that service fewer than 5,000 residential mortgage loans annually; nonprofit organizations; government agencies; originators or servicers using a subservicer that does not act under their direction; and persons servicing loans held for sale. The act stipulates that on or after January 31, 2022, a person may not act as a mortgage servicer without providing notice to the administrator and paying the required fees within 30 days after it begins servicing in the state, and on or before January 31 annually thereafter. The act also outlines provisions related to renewal requirements, record retention, and compliance with federal laws and regulations. Under specified administrator powers and duties, the administrator is allowed to bring an enforcement action against a mortgage servicer, seek restitution and civil money penalties, and request an injunction. While the act provides a four-year statute of limitations, an additional one-year extension may be granted if it is proven that a mortgage servicer engaged in calculated conduct to delay commencement of the action. The act, however, does not create a private right of action or “affect any remedy that a borrower may have pursuant to law other than this Article 21.”
On July 6, the Connecticut governor signed HB 6607, which is intended to incentivize businesses to adopt cybersecurity standards. Among other things, the act provides a complete defense to punitive damages for a cause of action founded in tort claiming a business’ failure to “implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.” The defense is available when an action is brought under Connecticut law or in Connecticut state court and where a business’ cybersecurity program conforms to an “industry recognized cybersecurity framework,” including the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity and the Payment Card Industry Data Security Standard. A business can also take advantage of the defense if it is regulated by the state or federal government and is subject to, and conforms its cybersecurity program to, current versions of the following federal laws: (i) HIPAA; (ii) Title V of the Gramm-Leach-Bliley Act; (iii) the Federal Information Security Modernization Act; or (iv) the Health Information Technology for Economic and Clinical Health Act. Additionally, should one of the identified frameworks or provided laws be amended, a business has six months after publication to conform to the revisions. The act requires a business’ cybersecurity program to, among other things, protect both “restricted information” and “personal information,” and be based on a business’ size and complexity, the nature and scope of its conducted activities, the sensitivity of the protected information, and the cost and availability of tools to improve information security measures and reduce vulnerabilities. The defense will not apply if a business’ “failure to implement reasonable cybersecurity controls was the result of gross negligence or wilful or wanton conduct.” The act takes effect October 1.
On July 1, the Virginia governor signed SB 1410, which, among other things, amends the state’s anti-discrimination statutes to prohibit discrimination in public accommodations, employment, and housing based on military status. The bill amends the Virginia Fair Housing Law to prohibit discrimination in the sale or rental of dwellings by any person or entity, and prohibit discrimination by “any person or other entity, including any lending institution, whose business includes engaging in residential real estate-related transactions.” The bill also provides that “the term ‘residential real estate-related transaction’ means any of the following: [t]he making or purchasing of loans or providing other financial assistance (i) for purchasing, constructing, improving, repairing, or maintaining a dwelling or (ii) secured by residential real estate; or [t]he selling, brokering, insuring, or appraising of residential real property.” The bill is effective immediately.
On July 7, the Colorado governor signed SB 91, which, among other things, repeals a prior ban on surcharges for credit or debit card transactions. The bill limits the maximum surcharge amount per transaction to 2 percent of the payment amount or the actual fee. Merchants are required to display a specified notice regarding the surcharge on their premises or, for online purchases, before a customer’s completion of the transaction. The act becomes effective July 1, 2022.
On July 12, the Division of Banks of the Massachusetts Office of Consumer Affairs and Business Regulations (Division) issued guidance that authorizes its licensees and registrants to continue permitting their personnel to operate remotely from non-licensed locations subject to certain conditions and restrictions. Among other things, the licensee or registrant: (i) cannot hold the unlicensed location out to the public as a place of business; (ii) must ensure that the individual working remotely only engages in activities that can be completed safely and in compliance with all applicable laws, regulations, and Division guidance; (iii) must ensure that the individual working remotely is strictly prohibited from engaging in any in-person customer interactions at the remote location; (vi) must have established security protocols to securely access systems through a virtual privacy network or other secure system; (v) must have policies and procedures to protect data; (vi) must protect sensitive customer information; and (vii) must ensure adequate supervision of remote personnel. The guidance also notes that the work location for mortgage loan originators (MLOs) has been the subject of various inquiries over the years and clarifies that MLOs are not required to live within a certain distance of a branch office and that “the Division will look to determine that the [branch] manager is able to provide adequate supervision for the given number and location of MLOs under his/her supervision.” The guidance replaces any previous guidance issued by the Division regarding telework and will continue, unless modified or withdrawn.
On June 29, the Florida governor signed SB 1120, which prohibits telephone solicitations and sales calls involving an “automated system for the selection or dialing of telephone numbers or the playing of a recorded message” without first receiving the prior express written consent of the called party. Among other things, the act (i) provides a “rebuttable presumption that a telephonic sales call made to any area code in this state is made to a Florida resident or to a person in this state at the time of the call”; (ii) provides a private right of action to enjoin such violations or recover the greater of actual damages or $500; and (iii) authorizes a court to increase the amount of the award for willful and knowing violations. Additionally, Florida law is amended to provide that it is an unlawful act or practice to, among other things, make “[m]ore than three commercial telephone solicitation phone calls from any number to a person over a 24-hour period on the same subject matter or issue, regardless of the phone number used to make the call.” Additionally, companies may not use technology to “deliberately display a different caller identification number than the number the call is originating from to conceal the true identity of the caller.” The act takes effect July 1.
On June 29, NYDFS announced settlements with two New York banks to resolve allegations that the banks violated New York Executive Law § 296-a while engaged in indirect automobile lending. NYDFS alleged that the banks’ practices resulted in members of protected classes paying higher interest rates that were not based on creditworthiness. According to NYDFS, the banks failed to monitor “dealers that were charging members of protected classes, namely race and ethnicity, more in discretionary Dealer Markups than borrowers identified as non-Hispanic White.”
Under the terms of the first consent order, the bank—which had voluntarily discontinued its indirect auto lending program in November 2017—agreed to pay a $275,000 civil money penalty, provide restitution to eligible impacted borrowers, and make a $50,000 contribution to local community development organizations. The second bank agreed to “move to a flat-fee business model in connection with indirect auto lending,” provide restitution to impacted borrowers, and undertake fair lending compliance remediation efforts to increase its monitoring of dealers participating in its indirect auto lending program. The consent order also requires the payment of a $350,000 civil money penalty.
- Jeffrey P. Naimon to provide “Fair lending update” at the Colorado Mortgage Lenders Association Operational and Compliance Forum
- Jonice Gray Tucker to discuss “Justice for all: Achieving racial equity through fair lending” at CBA Live
- Warren W. Traiger to discuss “On the horizon for CRA modernization” at CBA Live
- Jonice Gray Tucker to discuss "Fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss “State law regulatory and enforcement trends” at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute