InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
New York governor creates task force to study digital currency industry
On December 21, the New York governor signed A08783, which creates a digital currency task force to conduct a comprehensive review related to the regulation of cryptocurrencies in the state. The act requires the task force to issue a report by December 15, 2020, with recommendations to “increase transparency and security, enhance consumer protections, and to address the long-term impact related to the use of cryptocurrency.” The report will also contain a review of laws and regulations on digital currency, including those used by other states, the federal government, and foreign countries.
Maryland Court of Appeals holds state licensing requirement is a “statutory specialty” with 12-year statute of limitations
On December 18, the Court of Appeals of Maryland held that the licensing requirement, §12-302, of the Maryland Consumer Loan Law (MCLL) is a “statutory specialty” and causes of action under it are accorded a 12-year statute of limitations period. The decision results from a question of law posed to the appeals court by the U.S. District Court for the District of Maryland after consumers brought an action in the district court against a lender for alleged violations of the MCLL that occurred over three years before the lawsuit was filed. The lender claimed the action was time-barred under the state’s three-year general statute of limitations for civil actions, while the consumers argued the MCLL was an “other specialty,” which would provide a 12-year statute of limitations under state law. To answer the question, the appeals court applied a three-part test to determine whether the statute constituted an “other specialty”: (i) if the obligation sought to be enforced is imposed solely by statute; (ii) if the remedy pursued is authorized solely by statute; and (iii) if the civil damages sought are liquidated, fixed, or, by applying clear statutory criteria, are readily ascertainable. The appeals court analyzed the first and third prongs of the test as the parties agreed the second was not an issue. For the first prong, the court concluded that the MCLL’s licensing requirement was created and imposed solely by statute and not by common law. As for the third prong, the court agreed with the consumers that the need for fact-finding with regard to the monetary liability does not preclude “ready ascertainment.” Because all three elements of the test were satisfied, the court concluded the licensing requirement is a “statutory specialty” and is afforded a 12-year statute of limitations period.
Illinois amends Residential Mortgage License Act
On December 19, the Illinois governor signed HB 5542, which amends the state’s Residential Mortgage License Act of 1987 (the Act) to make various changes to state licensing requirements. Among other things, the amended Act (i) clarifies the definition of a “bona fide nonprofit organization”; (ii) provides a list of prohibited acts and practices; (iii) stipulates that a licensee filing a Mortgage Call Report is not required to file an annual report with the Secretary of Financial and Professional Regulation (Secretary) disclosing applicable annual activities; (iv) repeals a provision requiring the Secretary to obtain loan delinquency data from HUD as part of an examination of each licensee; (v) clarifies that the notice of change in loan terms disclosure requirements do not apply to any licensee providing notices of changes in loan terms pursuant to the CFPB’s Know Before You Owe mortgage disclosure procedure under TILA and RESPA, while removing the provision that previously excluded licensees limited to soliciting residential mortgage loan applications as approved by the Secretary from the requirements to provide disclosure of changes in loan terms; (vi) removes certain criteria concerning the operability date for submitting licensing information to the Nationwide Multistate Licensing System; and (vii) makes other technical and conforming changes. The amendments are effective immediately.
Massachusetts Attorney General settles with payment processor over data breach claims
On December 19, the Massachusetts Attorney General announced a $155,000 settlement with a California-based payment processor resolving allegations that the company exposed consumers’ personal information online in violation of consumer protection and data security laws. According to the announcement, the company employees accidently removed password protections from public-facing websites, which exposed consumers’ personal data, such as bank account and social security numbers, addresses, and driver’s license numbers. The Attorney General’s investigation claims that company employees appeared to know of the vulnerability for a year before fixing it. Under the terms of the settlement, the company has agreed to comply with Massachusetts laws and is required to (i) maintain a chief information security officer; (ii) conduct employee training on data security; and (iii) “assess and update information security policies relating to changes to its systems and to external vulnerabilities.”
NYDFS fines international bank $15 million after whistleblower investigation
On December 18, NYDFS announced a $15 million settlement with an international bank and its New York branch resolving allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program. According to the announcement, NYDFS’ investigation determined that several members of senior management failed to follow or apply the bank’s whistleblower policies and procedures, which allegedly allowed the bank’s CEO to attempt to identify the author(s) of two whistleblowing letters criticizing his and bank’s management’s roles in recruiting and employing a recently hired senior executive. Additionally, the investigation found that, in alleged violation of New York Banking Law, the bank (i) failed to devise and implement effective governance and controls with respect to the whistleblower program; and (ii) failed to submit a report to NYDFS immediately upon discovering misconduct.
NYDFS acknowledged the bank’s substantial cooperation in the investigation, including engaging an outside consultant to perform an independent review of the whistleblowing policies, processes, and controls. Additionally NYDFS stated the bank has already addressed certain deficiencies noted in the Consent Order, including implementing (i) procedures which recognize that concerns raised outside whistleblowing channels may nevertheless constitute whistleblows; (ii) procedures which would avoid escalating a whistleblow to the subject of the concern; and (c) procedures to preserve whistleblower anonymity. In addition to the $15 million penalty, the bank must create a written plan to improve compliance and oversight of the whistleblower program and submit a report to NYDFS that contains all instances of whistleblower complaints since January 2017, attempts to identify whistleblowers, and any reported or sustained instances of whistleblower retaliation.
New York Attorney General settles with five companies over mobile app security failures
On December 14, the New York Attorney General announced settlements with five companies, including a global payment processor, a credit reporting agency, and a credit score company, whose mobile apps allegedly failed to secure sensitive user data. As part of the Attorney General’s initiative to uncover vulnerabilities before a data breach, the office tested dozens of mobile apps that handled consumer information such as credit card and bank account numbers. After testing, the Attorney General determined that certain versions of the five companies’ apps failed to properly authenticate the “SSL/TLS” certificates, which are used to verify the computer’s identity attempting to establish a connection to the mobile device. According to the Attorney General, this failure could allow an attacker to impersonate the companies’ servers and intercept information, including credit card information, entered into the app by the user. The settlement requires the companies to implement a comprehensive security program to protect their users’ information.
Washington State Department of Financial Institutions adopts amendments concerning student education loan servicers
On December 3, the Washington State Department of Financial Institutions (DFI) issued a final rule adopting amendments including student education loan servicing and servicers as activities and persons regulated under the state’s Consumer Loan Act. According to DFI, the amendments will provide consumers with student education loans a number of consumer protections and allow DFI to monitor servicers’ activities. Among other things, the amendments (i) change the definition of a “borrower” to include consumers with student education loans; (ii) specify that collection agencies and attorneys licensed in the state collecting student education loans in default do not qualify as student education loan servicers; and (iii) stipulate that businesses must either qualify for specific exemptions or possess a consumer loan license in order to lend money, extend credit, or service student education loans. In addition, the amendments provide new requirements for servicers concerning the acquisition, transfer, or sale of servicing activities, and specify borrower notification rights. Servicers who engage in these activities for federal student education loans in compliance with the Department of Education’s contractual requirements are exempt.
The amendments take effect January 1, 2019.
Illinois Attorney General settles with bank over pre-crisis marketing and sale of RMBS
On December 4, the Illinois Attorney General announced a $17.25 million settlement with a national bank resolving allegations of misconduct in the marketing and sale of residential mortgage backed securities (RMBS) dating back to before the 2008 mortgage crisis. According to the announcement, the bank’s $17.25 million settlement will be distributed to the Teachers Retirement System of the State of Illinois, the State Universities Retirement System of Illinois, and the Illinois State Board of Investment. Additional details on the settlement have not been made available by the state.
Virginia Attorney General joins bipartisan coalition to stop or reduce robocalls
On December 6, Virginia Attorney General Mark Herring announced he is joining a bipartisan group of 40 state Attorneys General to stop or reduce “annoying and dangerous” robocalls. The multistate group is reviewing, through meetings with several major telecom companies, the technology the companies are pursuing to combat robocalls. According to the announcement, the working group’s goals are to (i) develop an understanding of the technology that is feasible to combat unwanted robocalls; (ii) encourage the major telecom companies to expedite a technological solution for consumers; and (iii) determine if the states should make further recommendations to the FCC. As previously covered by InfoBytes, in October, a group of 35 Attorneys General, including Herring, submitted reply comments to the FCC in response to a public notice seeking ways the FCC could create rules that would enable telephone service providers to block more illegal robocalls. In their comments to the FCC, the coalition encouraged the FCC to implement rules and additional reforms that go beyond the agency’s 2017 call-blocking order, which allows phone companies to proactively block illegal robocalls originating from certain types of phone numbers.
California DBO requests comments on future rulemaking for commercial financing disclosures
On December 4, the California Department of Business Oversight (DBO) released an invitation for comments from interested stakeholders in the development of regulations to implement the state’s new law on commercial financing disclosures. As previously covered by InfoBytes, on September 30, the California governor signed SB 1235, which requires non-bank lenders and other finance companies to provide written consumer-style disclosures for certain commercial transactions, including small business loans and merchant cash advances. Most notably, the act requires financing entities subject to the law to disclose in each commercial financing transaction —defined as an “accounts receivable purchase transaction, including factoring, asset-based lending transaction, commercial loan, commercial open-end credit plan, or lease financing transaction intended by the recipient for use primarily for other than personal, family, or household purposes”—the “total cost of the financing expressed as an annualized rate” in a form to be prescribed by the DBO.
The act requires the DBO to first develop regulations governing the new disclosure requirements, addressing, among other things, (i) definitions, contents, and methods of calculations for each disclosure; (ii) requirements concerning the time, manner, and format of each disclosure; and (iii) the method to express the annualized rate disclosure and types of fees and charges to be included in the calculation. While the DBO has formulated specific topics and questions in the invitation for comments covering these areas, the comments may address any potential area for rulemaking. Comments must be received by January 22, 2019.