Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 12, California Governor Gavin Newsom issued a joint statement along with the California Senate president pro tempore and Assembly speaker related to the tax treatment of Paycheck Protection Program (PPP) loans. California intends to delay those portions of Assembly Bill 1577 that was signed into law on September 9, 2020 relating to forgiven PPP loans, pending detailed guidance from the U.S. Treasury Department regarding certain provisions in the American Rescue Plan Act.
On March 9, NYDFS sent a letter on behalf of a multi-state coalition of financial regulators inviting recently confirmed Department of Education Secretary Dr. Miguel Cardona to partner with the states to ensure protections for student loan borrowers. Specifically, the letter urges Secretary Cardona to reverse two policies instituted by former Secretary Betsy DeVos that the coalition claims “undermine state supervision of private companies that service federal student loans.” The first is a 2018 interpretation (covered by InfoBytes here), which takes the position that state regulation of servicers of loans made under the William D. Ford Federal Direct Loan Program and the Federal Family Education Loan Program is preempted by federal law. The coalition argues that the Department’s 2018 preemption interpretation has made “state-level oversight of student loan servicers more burdensome.” As such, the coalition urges Secretary Cardona to promulgate a regulation rejecting federal preemption of state consumer protection laws to ensure borrowers can “benefit from state oversight of student loan servicers.” The letter also discusses former Secretary DeVos’s attempt to use the Privacy Act of 1974 “as a shield from necessary state oversight”—an action the coalition claims leaves states “with no choice but litigation” to obtain documents needed for industry oversight.
On March 1, the New York attorney general entered into an agreement with an Ohio-based bank resolving an investigation into the bank’s alleged deceptive advertising practices. According to the AG, the bank introduced a check-cashing program advertised to consumers in the state as a method to cash government and payroll checks at a low cost. The program, which was intended to assist the underbanked and unbanked in low- and middle-income (LMI) communities, allowed consumers who did not have deposit accounts with the bank to participate in the program. The AG alleged, however, that the program was not being implemented as promoted and was not available in branches where it was advertised, nor was it allegedly available to testers who tried to use the program. While neither admitting nor denying the allegations, the bank has agreed to provide $5 million to be used as down payment and home-closing cost assistance for LMI New Yorkers, and it will apply to become a participating lender with the State of New York Mortgage Agency. The bank has also agreed to originate $145 million in mortgage loans to LMI homebuyers in the state over the next five years and will waive certain fees associated with the loans.
On March 11, the California Department of Financial Protection and Innovation (DFPI) released a statement discussing the regulator’s expanded consumer protection efforts during the Covid-19 pandemic. Among other things, DFPI noted that it is “aggressively exercising its new authority to regulate a large group of newly covered financial services, including debt collectors, credit reporting and credit repair agencies, debt relief agencies and others,” and verifying compliance with state and federal laws protecting homeowners from “coronavirus-related foreclosures.” DFPI also stated it issued a cease-and-desist order filed against a student loan debt relief company (covered by InfoBytes here), and launched an investigation of lender efforts to evade state interest rate caps.
New York governor signs bill setting forth eviction and foreclosure protections for small businesses
On March 9, the New York governor signed the COVID-19 Emergency Protect Our Small Businesses Act of 2021 (S471A/A3207), which sets forth eviction and foreclosure protections for small businesses. Among other things, the act prohibits removal of a commercial tenant prior to May 1, 2021, except by eviction proceedings. The act also prohibits the initiation of eviction proceedings until May 1, 2021 and stays pending eviction proceedings for a certain period of time depending on whether an eviction warrant or judgment of possession or ejectment has been issued. The act further requires landlords to provide certain pre-eviction notices. The press release notes that the act builds on prior state moratoriums on residential and commercial evictions.
On March 4, the Virginia attorney general announced a settlement with an open-end credit plan lender, resolving allegations that the company violated Virginia consumer finance laws by (i) imposing a $100 origination fee on loans during a statutorily-mandated finance charge-free grace period; (ii) “[e]ngaging in a pattern of repeat transactions and ‘rollover’ loans with thousands of consumers who were required to close accounts that they paid down to a $0 balance,” but were then allowed to open new accounts for which new fees were charged on a monthly basis; and (iii) charging interest on accounts at an annual rate of 273.75 percent, far exceeding the 36 percent limit that open-end credit lenders are allowed to charge. Under the terms of the settlement, the company is permanently enjoined from further violating Virginia’s consumer finance laws, and is required to pay $850,000 in restitution and $150,00 in attorneys’ fees and settlement costs. The company must also provide more than $10 million in debt forbearance on “accounts that remain unpaid and that were not converted to a separate loan program in October 2018.”
On March 5, Illinois Governor JB Pritzker issued Executive Order 2021-05, which extends several executive orders through April 3, 2021 (previously covered here, here, here, here, here, and here). Among other things, the order extends: (i) Executive Order 2020-07 regarding in-person meeting requirements, (ii) Executive Order 2020-23 regarding actions by individuals licensed by the Illinois Department of Financial and Professional Regulation engaged in disaster response, (iii) Executive Order 2020-25 regarding garnishment and wage deductions (previously covered here), (iv) Executive Order 2020-30 regarding residential evictions (previously covered here), and (v) Executive Order 2020-72 regarding the residential eviction moratorium (previously covered here and here).
On March 3, NYDFS announced a settlement with a mortgage lender to resolve allegations that the lender violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to report it was the subject of a cyber breach in 2019. Under Part 500.17, regulated entities are required to provide timely notice to NYDFS when a cybersecurity event involves harm to customers (see FAQs here). A July 2020 examination revealed that the cyber breach involved unauthorized access to an employee’s email account, which could have provided access to personal data, including social security and bank account numbers. NYDFS also claimed that the lender allegedly failed to implement a comprehensive cybersecurity risk assessment as required by 23 NYCRR Part 500. Under the terms of the consent order, the lender will pay a $1.5 million civil monetary penalty, and will make further improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged that the mortgage lender had controls in place at the time of the cyber incident and implemented additional controls since the incident. NYDFS also acknowledged the mortgage lender’s “commendable” cooperation throughout the examination and investigation and stated that the lender had demonstrated its commitment to remediation.
On March 1, the New York attorney general issued two alerts warning investors about the “extreme risk” facing New Yorkers investing in virtual or “crypto” currency. The first investor alert directs investors to take caution when investing in virtual currencies because, among other reasons, virtual currency trading platforms provide limited protection from fraud as “[m]ost platforms are subject to little or no oversight.” The second industry alert is directed towards broker-dealers, salespersons, and investment advisors, and provides a reminder that “people and entities dealing in virtual or ‘crypto’ currencies that are commodities or securities in the state of New York, and who do not qualify for an exemption, must register with the Office of the Attorney General,” and that failing to do so will expose them to both civil and criminal liability. The alerts follow an agreement entered last month (covered by InfoBytes here) between the AG and the operators of a virtual currency trading platform and a “tether” virtual currency issuer, along with their affiliated entities, which resolved allegations that the companies deceived clients by overstating available reserves and hiding $850 million in co-mingled client and corporate funds.
On March 2, the Virginia governor enacted the Consumer Data Protection Act (CDPA), which establishes a framework for controlling and processing consumers’ personal data in the Commonwealth. Virginia is now the second state in the nation to enact a comprehensive consumer privacy law. In 2018, California became the first state to put in place significant consumer data privacy measures (covered by a Buckley Special Alert). As previously covered by InfoBytes, under the CDPA, consumers will be able to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.” The CDPA also outlines controller responsibilities, including a requirement that, among other things, controllers must enter into data processing agreements with data processors that outline instructions for processing personal data and require the deletion or return of personal data once a service is concluded. While the CDPA explicitly prohibits a private right of action, it does grant the state attorney general excusive authority to enforce the law and seek penalties of no more than $7,500 per violation. Additionally, upon discovering a potential violation of the CDPA, the attorney general must give the data controller written notice and allow the data controller 30 days to cure the alleged violation before the attorney general can file suit. The CDPA takes effect January 1, 2023.
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- APPROVED Webcast: Staying in the know with Buckley regtech solutions
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jeffrey P. Naimon to discuss "What to expect: The new administration and regulatory changes" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Steven R. vonBerg to discuss "LO comp challenges" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss “The False Claims Act today” at the Federal Bar Association Qui Tam Section Roundtable