InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Mass AG proposes legislation to combat “junk fees”
On November 30, the Massachusetts Attorney General’s office proposed regulations to combat so-called “junk fee” practices and make business payment methods more transparent, according to this press release
The purpose of the new rules is to help define unfair and deceptive practices for imposing fees as well as establishing standards for automatic renewal or continuous service contracts. Under the proposed regulations, the following acts performed by a business would be considered an “unfair and deceptive practice”: failing to disclose the total price of a product; failing to disclose any fees, interest, charges, or other expenses related to a product; and failing to disclose the total price before requiring a consumer to provide any personal information. The proposed regulations also state that, for recurring fees and trial offers, companies must provide a means of contact so that a consumer may cancel and must offer a way for a consumer to terminate a trial period in the same way it was entered.
The AG’s office will be holding a public hearing on the proposal on December 20 and is accepting public comments until then. If enacted, Massachusetts would be only the second state (following California) to issue a rule specifically targeting “junk fees.”
Massachusetts AG settles with household goods rental company for unfair debt collection practices
On November 28, the State AG of Massachusetts filed an assurance of discontinuance with a household goods rental company for unfair and deceptive debt collection practices. The company offers household goods under a rent-to-own payment contract as part of its business model. According to the assurance, customers would rent a good and then pay it off over several months to several years to obtain ownership; however, the assurance of discontinuance alleges that, for customers who failed to make payment or never returned the item, the company resorted to aggressive tactics: sending employees out to collect payments by making house visits, “pounding on doors, turning doorknobs to see if they were unlocked, and demanding to be let in.”
In addition to these collection tactics, the assurance of discontinuance states that the company would file criminal complaints. The AG of Massachusetts finds this to be an improper use of “the criminal process, [such as] the threat of arrest or prosecution, as a [d]ebt collection tool.” Additionally, if a customer failed to make timely payments or return the rented property, the company would file a criminal complaint alleging their customers were committing larceny. In the assurance, the company agrees to pay $8.75 million, and the company must cease filing criminal complaints against customers.
NYDFS settles with title insurance company for $1 million
On November 27, the NYDFS entered into a consent order with a title insurance company, which required the company to pay $1 million for failing to maintain and implement an effective cybersecurity policy and correct a cybersecurity vulnerability. The vulnerability allowed members of the public to access others’ nonpublic information, including driver’s license numbers, social security numbers, and tax and banking information. The consent order indicates the title insurance company discovered the vulnerability as early as 2018. The title insurance company’s failure to correct these changes violated Section 500.7 of the Cybersecurity Regulation.
In May 2019, a cybersecurity journalist published an article on the existence of a vulnerability in the title insurance company’s application, that led to a public exposure of 885 million documents, some found through search engine results. The journalist noted that “replacing the document ID in the web page URL… allow[ed] access to other non-related sessions without authentication.” Following the cybersecurity journalist’s article, and as required by Section 500.17(a) of the Cybersecurity Regulation, the title insurance company notified NYDFS of its vulnerability, at which point NYDFS investigated further. The title insurance company has been ordered to pay the penalty no later than ten days after the effective date.
DFPI shares trends in consumer crypto complaints
DFPI recently published a report on consumer crypto-related complaints collected through its new online complaint portal. According to the third-quarter 2023 CSO report, some of the most common complaints include (i) consumers being scammed into transferring digital assets from a legitimate crypto account to a fraudulent platform; (ii) consumers losing access to funds after transferring to an unknown wallet; (iii) consumers who invest in sham crypto investments by sending US dollars to a scammer’s platform, wallet, or bank; (iv) consumers making additional investments to scammers after receiving the first and only return; (v) consumers with concerns regarding their account activity on legitimate crypto platforms; and (vi) consumers approached by scammers via text message and social media. DFPI shared tips on how consumers can protect themselves against scams as well, noting that “[i]f it seems too good to be true, it probably is.”
DFPI orders desist and refrain against investment firm
On November 16, under California Corporations Code § 25532, the California Division of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a securities investment platform for allegedly making false representations and material omissions to investors.
The DFPI alleges the investment platform sold securities in California on its website and the platform referred to them as “certificates.” The platform claimed that the certificates paid investors returns ranging from 2.5 percent to five percent in addition to guaranteed monthly returns. To solicit investors, the platform allegedly engaged in a multi-level marketing (MLM) structure that would have investors influence others to send money. DFPI alleged that the certificates were not qualified under the California Corporate Securities Law. DFPI also alleged that the platform omitted material information to investors, which included (i) falsely representing that the platform was partnered with a particular forex broker; (ii) representing that it was a licensed bank (while omitting that the “license” was granted by a “fictitious regulator”); (iii) using the terms “bank” and “banking” while omitting that it was not authorized to engage in the business of banking in California; (iv) misrepresenting profits and risk of loss; and (v) failing to disclose that its securities were not qualified in California.
NYDFS introduces guidelines for coin-listing and delisting policies in virtual currency entities
On November 15, NYDFS announced new regulatory guidance which adopts new requirements for coin-listing and delisting policies of DFS-regulated virtual currency entities, updating its 2020 framework for each policy. After considering public comments, the new guidance aims to enhance standards for self-certification of coins and includes requirements for risk assessment, advance notification, and governance. It emphasizes stricter criteria for approving coins and mandates adherence to safety, soundness, and consumer protection principles. Virtual currency entities must comply with these guidelines, requiring DFS approval for coin-listing policies before self-certifying coins, and submitting detailed records for ongoing compliance review. The guidance also outlines procedures for delisting coins and necessitates virtual currency entities to have an approved coin-delisting policy.
As an example under coin listing policy framework, the letter states that a virtual currency entity risk assessment must be tailored to a virtual currency entity's business activity and can include factors such as (i) technical design and technology risk; (ii) market and liquidity risk; (iii) operational risk; (iv) cybersecurity risk; (v) illicit finance risk; (vi) legal risk; (vii) reputational risk; (viii) regulatory risk; (ix) conflicts of interest; and (x) consumer protection. Regarding consumer protection, NYDFS says that virtual currency entities must “ensure that all customers are treated fairly and are afforded the full protection of all applicable laws and regulations, including protection from unfair, deceptive, or abusive practices.”
Similar to the listing policy framework, the letter provides a fulsome delisting policy framework. The letter also stated that all virtual currency entities must meet with the DFS by December 8 to preview their draft coin-delisting policies and that final policies must be submitted to DFS for approval by January 31, 2024.
NY AG report reveals racial disparities in homeownership and offers proposed solutions
On October 31, New York AG Letitia James released a report detailing racial disparities in homeownership and access to home financing in New York. The report states that Black and Latino New Yorkers are “underrepresented” among mortgage applicants, and white households are overall more likely to own homes than Black, Latino, or Asian households. The report also found that regardless of credit score, income, size of the loan and other factors, all applicants of color are denied mortgages at a higher rate than white applicants. In addition, the report found that disparities between white borrowers and borrowers of color persist in the context of refinance transactions and are also present in loans made by “[n]ew private-sector, non-depository lenders.”
The report identified policy solutions that could reduce these disparities, including (i) subsidizing down payments and interest rates for first-generation homebuyers; (ii) increasing state funding for nonprofit financial institutions that support underserved communities of color; (iii) passing the New York Public Banking Act, which would create a regulatory framework for the establishment of public banks, thereby expanding access to affordable financial services in underserved areas; (iv) bolstering resources for government agencies to conduct fair lending investigations and enhancing New York’s Human Rights Law to explicitly prohibit discriminatory lending practices; and (v) exploring options for offering state-provided banking services in accessible locations to increase access to traditional banking services.
DFPI orders deceptive debt collectors to desist and refrain, pay penalties
On October 23, DFPI announced enforcement actions against four debt collectors for engaging in unlicensed debt collection activity, in violation of Debt Collection Licensing Act and unfair, deceptive, or abusive acts or practices, in violation of the California Consumer Financial Protection Law. In its order against two entities, the department alleged that the entities contacted at least one California consumer and made deceptive statements in an attempt to collect a payday loan-related debt, among other things. In its third order against another two entities, DFPI alleged that a consumer was not provided the proper disclosures in a proposed settlement agreement to pay off their debts in a one-time payments. Additionally, DFPI alleged that the entity representatives made a false representation by communicating empty threats of an impending lawsuit.
Under their orders (see here, here, and here), the entities must desist and refrain from engaging in illegal and deceptive practices, including (i) failing to identify as debt collectors; (ii) making false and misleading statements about payment requirements; (iii) threatening unlawful action, such as a lawsuit, because of nonpayment of a debt; (iv) contacting the consumer at a forbidden time of day; (iv) making false claims of pending lawsuits or legal process and the character, amount, or legal status of the debt; (v) failing to provide a “validation notice” ; and (vi) threatening to sue on time-barred debt.
The entities are ordered to pay a combined $87,500 in penalties for each of the illegal and deceptive practices.
FTC and Wisconsin sue auto dealer group for alleged discrimination and illegal fees
The FTC and the State of Wisconsin announced that they filed a complaint in the District Court for the Western District of Wisconsin against an auto dealer group, and its current and former owners, and general manager, alleging that the defendants deceived consumers by tacking hundreds or even thousands of dollars in illegal junk fees onto car prices and discriminated against American Indian customers by charging them higher financing costs and fees relative to similarly situated non-Latino whites.
The complaint also notes the disparity only increased since a change of ownership in 2019. Specifically, the complaint alleges that the defendants regularly charged many of their customers junk fees for “add-on” products or services without their consent, which resulted in additional fees and interest on the customers’ loans. Further, the defendants allegedly discriminated against American Indian customers in the cost of financing by adding more “markup” to their interest rates. This additional markup cost American Indian customers, on average, $401 more compared to non-Latino white customers.
The complaint resulted in two proposed settlements. The proposed settlement with the auto dealer, its current owners, and the general manager requires the company to stop deceiving consumers about whether add-ons are required for a purchase and obtain consumers’ express informed consent before charging them for add-ons. The settlement will also the require the defendants to establish a comprehensive fair lending program that, among other components, will allow consumers to seek outside financing for a purchase and cap the additional interest markup the auto dealer can charge consumers. The current owners and general manager will also be required to pay $1 million to be used to refund affected consumers.
Separately, the former owners agreed to pay $100,000 to be used to refund affected consumers.
California enacts licensing requirements for digital asset businesses, regulation of crypto kiosks
On October 13, the California Governor signed AB 39, which will create a licensing requirement for businesses engaging in digital financial asset business activity. Crypto businesses will need to apply for a license with California’s Department of Financial Protection and Innovation (DFPI). The bill, among other things, (i) empowers DFPI to conduct examinations of a licensee; (ii) defines “digital financial asset” as “a digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender, whether or not denominated in legal tender, except as specified”; (iii) empowers DFPI to conduct enforcement actions against a licensee or a non-licensed individual who engages in crypto business with, or on behalf of, a California resident for up to five years after their activity; (iv) allows DFPI to assess civil money penalties of up to $20,000 for each day a licensee is in material violation of the law, and up to $100,000 for each day an unlicensed person is in violation; and (v) requires licensees to provide certain disclosures to California clientele, such as when and how users may receive fees and charges, and how they are calculated. The new law exempts most government entities, certain financial institutions, most people who solely provide connectivity software, computing power, data storage or security services, and people engaging with digital assets for personal, family, household or academic use or whose digital financial asset business activity is reasonably expected to be valued at no more than $50,000 per year. In September of last year, the California Governor vetoed a similar bill because creating a licensing framework was “premature” considering conflicting efforts.
Also effective on July 1, 2025 is SB 401, which was also enacted on October 13. SB 401 establishes regulations for crypto kiosks under the DFPI’s authority. It will, among other things, prohibit kiosk operators from accepting or dispensing more than $1,000 in a single day to or form a customer via a kiosk. Operators would be required to furnish written disclosures detailing the transaction's terms and conditions as well as transaction details. Kiosk operators will also be obligated to provide customers with a receipt for any transaction at their kiosk, including both the amount of a digital financial asset or USD involved in a transaction and, in USD, any fees, expenses, and charges collected by the kiosk operator. Finally, operators will be required to provide DFPI with a list of all its crypto kiosks in California, and such list will be made public.