InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS releases best practices for promoting PSLF program and time-limited waiver
On July 13, NYDFS called on all federal student loan servicers to increase awareness of and enroll borrowers in public service loan forgiveness programs before a temporary waiver expires on October 31. NYDFS’s letter reminded servicers that under the Public Service Loan Forgiveness (PSLF) program, full-time government and certain non-profit employees may be eligible to have federal direct loans forgiven after making 120 qualifying monthly payments. Last October, the Department of Education announced temporary PSLF changes due to the Covid-19 pandemic. These changes provided qualifying borrowers a time-limited PSLF waiver, which allows all payments to count towards PSLF regardless of loan program or payment plan (covered by InfoBytes here). Expressing concerns that many borrowers may not learn of this opportunity before it expires in October, NYDFS encouraged servicers to adopt eight best practices to promote awareness of the PSLF Program and the waiver. These include “enhanced trainings for customer service staff, proactive communications with borrowers, and increased promotion of the PSLF program on servicer websites and on borrower account pages,” NYDFS said in its announcement.
The letter follows a December 2021 NYDFS request sent to federal student loan servicers asking for updates on steps taken to address the waived rules. NYDFS also reminded servicers that it “will diligently enforce all servicer legal requirements concerning the PSLF program and will consider the extent to which servicers engaged in proactive measures to promote the PSLF Waiver in future supervisory examinations.”
Florida appeals court: Injury required for FACTA standing
On July 13, a Florida District Court of Appeals affirmed the dismissal of Fair and Accurate Credit Transactions Act (FACTA) class claims brought against a defendant shoe company after determining that the lead plaintiff lacked standing because he suffered no “distinct or palpable” injury. The plaintiff first filed a class action suit in federal court, claiming a receipt he received from the company included 10 digits of his credit card number—a violation of FACTA’s truncation requirement, which only permits the last five digits to be printed on a receipt. The plaintiff did not allege that his credit card was used, lost, or stolen in any way, nor was evidence presented to show there was any danger of his credit card being used. The suit was stayed pending the resolution of a different FACTA dispute in the U.S. Court of Appeals for the Eleventh Circuit. As previously covered by InfoBytes, a split en banc 11th Circuit concluded that the plaintiffs in that separate action lacked standing because they did not allege any concrete harm and vacated a $6.3 million settlement. Specifically, the en banc majority rejected the named plaintiff’s argument that “receipt of a noncompliant receipt itself is a concrete injury,” and noted that “nothing in FACTA suggests some kind of intrinsic worth in a compliant receipt.”
Following the 11th Circuit decision, the parties agreed to dismiss the federal action and remanded a later-filed action to state court where the plaintiff argued that “state standing was plenary and therefore less restrictive than federal standing.” The trial court disagreed and granted the defendant’s motion to dismiss, ruling that “Florida requires a concrete injury to have standing,” and “alleging a mere statutory violation does not convey standing per se.” The trial court ruled that “obtaining a receipt in alleged violation of FACTA does not satisfy this requirement,” and the appeals court agreed, holding that, among other things, no actual damages occurred since nothing was alleged to have been charged to the plaintiff’s account, nor was there the imminent possibility of injury because the plaintiff retained possession of the receipt. In its opinion, the appellate court cited the U.S. Supreme Court’s decisions in Spokeo and TransUnion with approval, noting that “individuals ‘must allege some threatened or actual injury resulting from the putatively illegal action.’”
California’s privacy agency initiates formal CPRA rulemaking
On July 8, the California Privacy Protection Agency (CPPA) initiated formal rulemaking procedures to adopt proposed regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA), a law amending and building on the California Consumer Privacy Act (CCPA). As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020. Earlier this year, the CPPA provided an update on the CPRA rulemaking process, announcing its intention to finalize rulemaking in the third or fourth quarter of 2022 (covered by InfoBytes here). While the CPRA established a July 1, 2022 deadline for rulemaking, CPPA Executive Director Ashkan Soltani stated during a February meeting that the rulemaking process will extend into the second half of the year.
The July proposed regulations modify definitions in the CCPA regulations; outline restrictions on the collection and use of personal information; provide disclosure and communications requirements; describe requirements for submitting CCPA requests and obtaining consumer consent; amend required privacy notices; provide instructions for the Notice of Right to Limit Use of Sensitive Personal Information; amend methods for handling consumer requests to delete, correct, and know; set forth requirements for opt-out preference signals; and address consumer requests for limiting the use and disclosure of sensitive personal information. Comprehensive details of the modified provisions and proposed regulations are available in previous InfoBytes coverage here.
The CPPA stated in its notice of proposed rulemaking that the proposed regulations serve three primary purposes: to (i) “update existing CCPA regulations to harmonize them with CPRA amendments to the CCPA”; (ii) “operationalize new rights and concepts introduced by the CPRA to provide clarity and specificity to implement the law”; and (iii) “reorganize and consolidate requirements set forth in the law to make the regulations easier to follow and understand.” The CPPA emphasized that the proposed regulations are designed to factor in privacy laws in other jurisdictions and “implement compliance with the CCPA in such a way that it would not contravene a business’s compliance with other privacy laws, such as the General Data Protection Regulation (GDPR) in Europe and consumer privacy laws recently passed in Colorado, Virginia, Connecticut, and Utah.” This design, the CPPA said, will simplify compliance for businesses operating across jurisdictions and avoid unnecessary confusion for consumers who may not understand which laws apply to them.
A hearing on the proposed regulations is scheduled for August 24 and 25. Comments are due August 23.
NYDFS issues overdraft and NSF fee guidance
On July 12, NYDFS issued guidance in an industry letter to regulated banking institutions, calling into question bank practices that can cause consumers to receive multiple overdraft and non-sufficient funds (NSF) fees from a single transaction. The industry letter identifies three specific types of fee practices as unfair or deceptive:
- Charging overdraft fees for “authorize positive, settle negative” transactions, where consumers are charged an overdraft fee even if they have sufficient money in their account when a bank approves a transaction, but the balance is negative when the payment is settled. Per NYDFS, imposing an overdraft fee in this situation is unfair because, among other things, consumers “have no control over or involvement in” when or how their debit transactions get settled.
- Charging “double fees” to consumers for a failed overdraft protection plan transfer, which occurs when a bank goes to transfer money from one deposit account to another deposit account to cover an overdraft transaction, but the first account lacks sufficient funds to cover the overdraft. Per NYDFS, double fees injure consumers “by imposing fees for a transfer that provides no value to the consumer and is not reasonably avoidable by consumers, who have no reason to expect that they will be charged a fee for an overdraft protection transfer that does not in fact protect them against an overdraft.”
- Charging NSF representment fees when a merchant tries several times to process a transaction that is deemed an overdraft and the bank charges a fee for each blocked representment without adequate disclosure. Banks that currently charge multiple NSF fees should “make clear, conspicuous, and regular disclosure to consumers that they may be charged more than one NSF fee for the same attempted debit transaction,” NYDFS stated. Additionally, banks are advised to consider other steps to mitigate the risk that consumers are charged multiple NSF fees, including limiting time periods for when multiple NSF fees may be charged, performing periodic manual reviews to identify instances of multiple NSF Fees, and offering refunds to affected consumers. NYDFS “ultimately expects [i]nstitutions will not charge more than one NSF fee per transaction, regardless of how many times that transaction is presented for payment,” the industry letter said.
NYDFS informed regulated entities that it will evaluate whether they “are engaged in deceptive or unfair practices with respect to overdraft and NSF fees in future Consumer Compliance and Fair Lending examinations.”
Ohio AG, FCC take action against robocall operation
On July 7, the Ohio attorney general filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation. The complaint, filed in the U.S. District Court for Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” Specifically, the complaint alleged that the defendants “initiated over 77 million robocalls per day for the purpose of generating sales leads, many times in relation to the sale of Vehicle Service Contracts (‘VSCs’) that are deceptively marketed as ‘car warranty’ plans,” totaling at least 800 million call attempts. The defendants allegedly violated the TSR, the Ohio Consumer Sales Practices Act, and the Ohio Telephone Solicitation Sales Act by, among other things: (i) deceptively representing the subject of the call; (ii) misrepresenting caller IDs, or “spoofing”; and (iii) acting as telephone solicitors without having registered as telephone solicitors with the Ohio AG’s Office, as required by law, and without having obtained and filed the required surety bond. The lawsuit coincided with the FCC’s announcement of actions taken to decrease robocalls, including sending cease and desist letters to several carriers in an attempt “to cut off a flood of possibly illegal robocalls marketing auto warranties targeting billions of consumers.” The announcement also noted that the FCC has authorized “all U.S.-based voice service providers to cease carrying any traffic originating from the [named] operation consistent with FCC regulations,” as detailed in a public notice to all U.S.-based voice service providers.
11th Circuit: Statements indicating accrual of debt balance following settlement are enough to state a claim
On July 1, the U.S. Court of Appeals for the Eleventh Circuit overturned a district court’s dismissal of an FDCPA case, holding that statements sent to plaintiffs indicating that a debt balance was accruing after a settlement had been reached is enough to state a claim. According to the opinion, the plaintiffs defaulted on a mortgage and a servicer sued for foreclosure. While the foreclosure suit was pending, the defendant took over servicing of the loan. A “disagreement” arose, which led the plaintiffs to sue the defendant. A settlement was reached and it was agreed that the plaintiffs owed $85,790.99, which was to be paid in one year. However, four months later, the defendant sent a mortgage statement notifying the plaintiffs that their loan had “been accelerated” because they were “late on [their] monthly payments.” On the defendant’s “fast-tracked timetable,” the plaintiff owed $92,789.55 to be paid in a month, and if they did not pay, the defendant’s statement stated that they risked more fees and “the loss of [their] home to a foreclosure sale.” The plaintiffs continued to receive statements and the amount due increased monthly. The plaintiffs sued, saying the defendant violated the FDCPA by sending statements with incorrect balances. A district court ruled the periodic statements were unrelated to debt collection because the defendant was required to send monthly updates under TILA. The district court further determined that the plaintiffs failed to state an FDCPA claim, declined to exercise supplemental jurisdiction over the Florida law claims, and dismissed the complaint.
On appeal, the 11th Circuit ruled that statements must comply with the FDCPA, even if they are not required to be sent under the statute. The 11th Circuit reiterated that the respective requirements of TILA and the FDCPA can be approached in a “harmonized” fashion, stating that “a periodic statement mandated by [TILA] can also be a debt-collection communication covered by the FDCPA.” The appellate court reversed the district court’s dismissal because “the complaint here plausibly alleges that the periodic statements sent to the plaintiffs aimed to collect their debt.”
Collection agency to pay $10,000 for operating without a license in Connecticut
On June 24, the Connecticut Department of Banking issued a consent order against a company for operating as a consumer collection agency without obtaining the proper license. According to the order, the company filed a consumer collection agency license application in Connecticut in June 2020. However, during its review of the company’s application, the Department of Banking discovered that it had been operating as a consumer collection agency without a license in the state since 2019. Under the terms of the consent order, the company must pay a civil penalty fine of $10,000, and pay $800 to cover licensing fees.
Louisiana lets financial institutions, trust companies provide virtual currency custody
Recently, the Louisiana governor signed HB 802, which permits financial institutions or trust companies to provide customers with virtual custody services so long as there are “adequate protocols in place to effectively manage risks and comply with applicable laws.” A “trust company” is defined as “a corporation or a limited liability trust company organized in accordance with this Title, the laws of another state, or pursuant to the laws of the United States, including a trust company organized pursuant to the laws of this state before June 27, 2003, or an entity chartered to act as a fiduciary that is neither a depository institution nor a foreign bank.”
Before offering virtual currency custody services, a financial institution or trust company must conduct a “methodical self-assessment” to examine the risks involved in offering such services. Should it decide to offer such services, the financial institution or trust company must: (i) “[i]mplement effective risk management systems and controls to measure, monitor, and control relevant risks associated with custody of digital assets such as virtual currency”; (ii) confirm adequate insurance coverage for such services is in place; and (iii) “[m]aintain a service provider oversight program to address risks to service provider relationships as a result of engaging in virtual currency custody services.” A financial institution or trust company may provide virtual currency custody services in either a fiduciary or non-fiduciary capacity, consistent with its charter. If such services are provided in a nonfiduciary capacity, the financial institution or trust company will “take possession of the customer’s asset for safekeeping while legal title remains with the customer” (i.e., “the customer shall retain direct control over the keys associated with his virtual currency”). Should services be provided in a fiduciary capacity, a financial institution or trust company must “require customers to transfer their virtual currencies to the control of the financial institution or trust company by creating new private keys to be held by the financial institution or trust company.” In its fiduciary capacity, a financial institution or trust company has the “authority to manage virtual currency assets as it would any other type of asset held in such capacity.” Additionally, a financial institution or trust company may also provide virtual currency custody services through third-party service providers. HB 802 takes effect August 1.
Louisiana enacts student loan servicer provisions, establishes requirements for private education lenders
On June 18, the Louisiana governor signed HB 610, which defines terms and outlines provisions related to student loan servicers. Among other things, the act prohibits servicers from misleading student loan borrowers or engaging in any unfair, abusive, or deceptive trade practice. Servicers are also prohibited from making misrepresentations or omitting information related to fees, payments, repayment options, loan terms and conditions, or borrower obligations. Moreover, servicers may not “[a]llocate a nonconforming payment in a manner other than as directed by the student loan borrower” under certain circumstances. The act also outlines duties related the furnishing of information to consumer reporting agencies, providing that a servicer may not (i) submit inaccurate information to a consumer reporting agency; (ii) refuse to correct inaccurately furnished information; (iii) fail to report a borrower’s favorable payment history at least once a year; (iv) refuse to communicate with a borrower’s authorized representative; and (v) make false statements or omit material facts connected to a state or local agency investigation. Additionally, the act specifies responsibilities related to responding to written inquires and complaints from consumers.
The same day, the governor also signed HB 789, which establishes a private student loan registry and outlines provisions related to private education lenders. The act stipulates that all private education lenders operating in the state must register with the commissioner, which may include the payment of fees and registration through the Nationwide Multistate Licensing System and Registry. However, the act allows the commissioner to prescribe an alternative registration process and fee structure for postsecondary education providers. These registration requirements are not applicable to banks, savings banks, savings and loan associations, or credit unions operating pursuant to authority granted by the commissioner. Private education lenders will also be required to comply with certain reporting requirements, including providing information related to the schools where the lender has made loans to students residing in the state, the total number and dollar amount of loans made annually, interest rate ranges, borrower default rates, copies of promissory notes and contracts, and cosigner loan statistics, among others.
Both acts take effect August 1.
DFPI concludes MTA licensure not required for donations to NPOs
Recently, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter covering aspects of the California Money Transmission Act (MTA) related to certain agent of payee requirements. The redacted opinion letter examines whether the inquiring company’s product for donations to nonprofit organizations (NPOs) is exempt from the MTA. DFPI also reviewed whether: (i) money held by the company in an operating account, related to MTA-exempt activities such as NPO donations, is stored value; and (ii) closed loop transactions, and specific bank-issued open-loop gift cards without cash access, are exempt from the MTA. The Washington state-headquartered company sells reward programs to businesses that are used to incentivize purchases by their customers, reward customer loyalty, and reward employee performance. The opinion letter does not address closed loop gift cards and open loop gift cards, as DFPI previously issued an opinion letter regarding these products on February 19, 2020, nor does it address a yet-to-be introduced reward program that deposits cash into a recipient’s account or provides credit to a specified credit card as the company already acknowledges that this service constitutes regulated activity under the MTA.
However, the opinion letter does address circumstances when an NPO donation is selected by a recipient from the company’s reward options. In this instance, the reward amount is transferred from the company’s operating account to its custodial bank account designated “For the Benefit Of Customers” held at a national bank. The company then “aggregates contributions to each NPO and distributes these amounts, less its 8% administrative fee, directly to the NPOs on a weekly basis.” According to the company, “[f]unds do not move out of the NPO Account until these payments are made and the NPO Account is not used for any purposes other than NPO Donations.” DFPI concluded that the company’s current NPO agreement satisfies the agent of payee requirements for exemption from the MTA, and that as such, NPO donations are not a regulated activity. Specifically, the company’s NPO agreement provides that the company is appointed as the NPO’s agent and is obligated to remit all funds collected on the NPO’s behalf to the NPO. Receipt of the funds from the company’s client “constitutes receipt by the NPO, even if the NPO does not receive the funds from [the client].” The company, and not the client or recipient, is solely responsible to the NPO, DFPI said, adding that “[c]lient funds temporarily being held in [the company’s bank] operating account in prepayment for closed loop gift cards, bank-issued open loop gift cards, and NPO donations are not stored value.”