Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • NYDFS finds credit card underwriting showed no evidence of wrongdoing

    State Issues

    In March, NYDFS released a report detailing the findings of an investigation into whether a global technology company and a New York state-chartered bank allegedly discriminated against women when making underwriting decisions for a co-branded credit card. According to the report, in 2019, allegations were made that the bank offered lower credit limits to women applicants and unfairly denied women accounts. NYDFS launched a fair lending investigation into the allegations and reviewed underwriting data for nearly 400,000 New Yorker residents, but ultimately found no evidence of unlawful disparate treatment or disparate impact. Among other things, the report noted that the bank “had a fair lending program in place for ensuring its lending policy—and underlying statistical model—did not consider prohibited characteristics of applicants and would not produce disparate impacts.” The bank also identified the factors it used when making the credit decisions, including credit scores, indebtedness, income, credit utilization, missed payments, and other credit history elements, all of which, NYDFS stated, appeared to be consistent with its credit policy.

    State Issues NYDFS Credit Cards Discrimination Disparate Impact State Regulators

    Share page with AddThis
  • Illinois enacts 36 percent rate cap for consumer loans, creates state community reinvestment act

    State Issues

    On March 23, the Illinois Governor signed the Predatory Loan Prevention Act, SB 1792, which prohibits lenders from charging more than 36 percent APR on all non-commercial consumer loans under $40,000, including closed-end and open-end credit, retail installment sales contracts, and motor vehicle retail installment sales contracts. For purposes of calculating the APR, the act requires lenders to use the system for calculating a military annual percentage rate under the Military Lending Act. Any loan with an APR exceeding 36 percent will be considered null and void “and no person or entity shall have any right to collect, attempt to collect, receive, or retain any principal, fee, interest, or charges related to the loan.” Additionally, a violation constitutes a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act, and carries a potential fine up to $10,000. The act also contains an anti-evasion provision that prohibits persons or entities from “making loans disguised as a personal property sale and leaseback transaction; disguising loan proceeds as a cash rebate for the pretextual installment sale of goods or services; or making, offering, assisting, or arranging a debtor to obtain a loan with a greater rate or interest, consideration, or charge than is permitted by this Act through any method including mail, telephone, internet, or any electronic means regardless of whether the person or entity has a physical location in the State.”

    The same day, the governor also signed SB 1608, which, among other things, creates a state version of the Community Reinvestment Act. The act will allow the state to assess whether covered financial institutions, including state-chartered banks, credit unions and non-bank mortgage lenders, are meeting the needs of local communities, including low-income and moderate-income neighborhoods. Financial institutions’ lending practices and community development/redevelopment program investments will be examined by the Secretary of Financial and Professional Regulation, who is granted the authority to conduct examinations in compliance with other state and federal fair lending laws including, but not limited to, the Illinois Human Rights Act, ECOA, and HMDA.

    Both acts are effective immediately.

    State Issues State Legislation Interest Rate CRA Predatory Lending Consumer Finance

    Share page with AddThis
  • Utah creates certain affirmative defenses for data breaches

    State Issues

    On March 11, the Utah governor signed HB 80, which provides entities an affirmative defense for a data breach if they follow certain cybersecurity industry standards. Among other things, a “person that creates, maintains, and reasonably complies with a written cybersecurity program” that meets specific safeguard requirements to protect personal information and is in place at the time of the data breach has an affirmative defense to claims brought under Utah law or in the courts of the state that allege the person failed to implement reasonable information security controls that resulted in the data breach. A person also has an affirmative defense to claims regarding the failure to appropriately respond to a data breach or provide notice to affected individuals as long as the written cybersecurity program contained specific protocols at the time of the breach that “reasonably complied with the requirements for a written cybersecurity program” for responding to a data breach or for providing notice. HB 80 also outlines the components that a written cybersecurity program must include to be eligible for an affirmative defense, and is effective 60 days following adjournment of the legislature.

    State Issues State Legislation Data Breach Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • California again modifies CCPA regs; appoints privacy agency’s board

    State Issues

    On March 15, the California attorney general announced approval of additional regulations implementing the California Consumer Privacy Act (CCPA). The CCPA—enacted in June 2018 (covered by a Buckley Special Alert) and amended several times—became effective January 1, 2020. According to the announcement, the newly-approved amendments strengthen the language of CCPA regulations approved by OAL last August (covered by InfoBytes here). Specifically, the new amendments:

    • Require businesses selling personal information collected in the course of interacting with consumers offline to provide consumers about their right to opt out via offline communications. Consumers must also be provided instructions on how to submit opt-out requests.
    • Provide an opt-out icon for businesses to use in addition to posting a notice of right to opt-out. The amendments note that the opt-out icon may not be used in lieu of requirements to post opt-out notices or “do not sell my personal information” links.
    • Require companies to use opt-out methods that are “easy” for consumers to execute and that require “minimal” steps to opt-out. Specifically, a “business’s process for submitting a request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.” Additionally, except as otherwise permitted by the regulations, companies are prohibited from requiring consumers to provide unnecessary personal information to implement an opt-out request, and may not require consumers to click through or listen to reasons as to why they should not submit an opt-out request. The amendments also state that businesses cannot require consumers “to search or scroll through the text of a privacy policy or similar document or webpage to locate the mechanism for submitting a request to opt-out.”

    The AG’s press release also notes that the California Privacy Rights Act (CPRA), which was approved by voters last November and sought to amend the CCPA, will transfer some of the AG’s responsibilities to the California Privacy Protection Agency (CPPA), covered by InfoBytes here; however, the AG will retain the authority to go to court to enforce the law. Enforcement of the CPRA will begin in 2023.

    Additionally, on March 17, the California governor announced appointments to the five-member inaugural board for the CPPA, consisting of experts in privacy, technology, and consumer rights. The CPPA is tasked with protecting the privacy rights of consumers over their personal information, and “will have full administrative power, authority, and jurisdiction to implement and enforce” the CCPA and the CPRA, including bringing enforcement actions before an administrative law judge.

    State Issues State Regulators CCPA State Attorney General Privacy/Cyber Risk & Data Security CPRA CPPA Consumer Protection

    Share page with AddThis
  • States reach data breach settlement with debt collector

    State Issues

    On March 11, a coalition of 41 state attorneys general, led by the New York attorney general, announced a settlement with a bankrupt debt collection agency to resolve a multistate investigation into a 2019 data breach that allegedly exposed the personal information of more than 21 million individuals, including Social Security numbers, payment card information, and in certain instances, medical test names and diagnostic codes. According to the proposed consent order, an unauthorized user accessed the company’s internal system and accessed consumers’ personal information. The AGs claimed that “[d]espite numerous warnings from banks that processed its payments about a potential breach, [the company] failed to detect the intrusion.” Under the terms of the settlement, the company has agreed to implement data security practices to strengthen its information security program and safeguard consumers’ personal information. These measures include: (i) creating and implementing an information security program that includes an incident response plan; (ii) employing a chief information security officer to oversee data safety practices; and (iii) hiring a third-party assessor to conduct an information security assessment. Additionally, should the company fail to honor the injunctive terms of the settlement it may be liable for as much as $21 million.

    State Issues State Attorney General Data Breach Privacy/Cyber Risk & Data Security Settlement

    Share page with AddThis
  • California begins accepting applications for their Covid-19 rent relief program

    State Issues

    On March 15, California launched their CA COVID-19 Rent Relief Program to aid landlords and renters who have unpaid rental debt due to Covid-19. In order to be eligible, a tenant must have “suffered a financial hardship” as a result of Covid-19 and have 80% or less of the area median income for their location. Landlords with eligible tenants may receive up to 80% of a tenant’s unpaid rent if they agree to waive the remaining 20%.

    State Issues California Covid-19 Mortgages Tenant Rights

    Share page with AddThis
  • Nevada Dept. of Business and Industry extends work from home guidance

    State Issues

    On March 15, the Nevada Department of Business of Industry, Division of Mortgage Lending extended its provisional guidance allowing licensed mortgage loan originators to work from home (previously covered herehere, and here) until June 30, 2021.

    State Issues Covid-19 Nevada Mortgages Mortgage Licensing Licensing Mortgage Origination

    Share page with AddThis
  • Michigan regulator urges institutions to protect stimulus payments from overdrafts, fees

    State Issues

    On March 15, the Michigan Department of Insurance and Financial Services issued a bulletin “strongly” encouraging financial institutions to protect payments made to customers under the American Rescue Plan from overdrafts and fees. The bulletin further instructs that if a financial institution’s system automatically applies such a payment to a preexisting overdraft, the institution should reverse the application of the direct payment as promptly as possible.

    State Issues Covid-19 Michigan Bank Compliance Overdraft Financial Institutions

    Share page with AddThis
  • Michigan regulators, business associations urge underserved businesses to apply for PPP loans

    State Issues

    On March 15, the Michigan Department of Insurance and Financial Services, the Michigan Bankers Association, Community Bankers of Michigan, the Michigan Credit Union League and the National Business League urged minority-owned and other underserved businesses in Michigan to apply for forgivable loans through the Paycheck Protection Program (PPP) prior to the March 31, 2021 deadline. The announcement highlighted that community development financial institutions offer specialized support to underserved communities and can assist customers with limited or no credit history to obtain a PPP Loan.

    State Issues Covid-19 Michigan Lending

    Share page with AddThis
  • Colorado governor extends suspension of regulatory statutes

    State Issues

    On March 15, the Colorado governor issued an executive order extending numerous previous executive orders for 30 days. Among other things, the previous orders suspended certain aspects of Colorado statutes concerning foreign entity qualifications to conduct business in Colorado.

    State Issues Colorado Covid-19

    Share page with AddThis

Pages

Upcoming Events