InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Maryland enacts new powers for regulators to examine third parties
On May 9, the Governor of Maryland approved HB 250 (the “Act”) which will authorize the Commissioner of Financial Regulation to examine third parties that service entities under the supervision of the state’s Office of Financial Regulation (OFR). Such licensed entities include both depository and non-depository financial institutions. Currently, the OFR lacks the authority to examine third parties until the Act goes into effect. The Act will define third-party service providers as a “person who performs activities relating to financial services on behalf of a regulated entity for that regulated entity’s customers,” and include data processing centers, activities that support financial services, and internet-related services. On enforcement, the Act will authorize the OFR to enforce the law against any third party that refuses to submit to an examination, refuses to pay a fee, or engages in “unsafe or unsound” behaviors as determined by the OFR. The Act will outline several authorities of the OFR, including notifying the licensed person, which information the OFR can access, and levying fees. Following a notice and hearing, the Commissioner may issue a cease-and-desist order, suspend or revoke a violator’s license, or issue a penalty of up to $10,000 for the first violation and up to $25,000 for each subsequent violation. The Act takes effect on October 1.
Connecticut becomes latest state to ban medical debts in credit reporting
On May 9, the Governor of Connecticut approved SB 395 (the “Act”) banning health care providers from reporting medical debt to credit rating agencies. Further, the Act will prohibit hospitals and collection agents from reporting a patient to a credit rating agency, as well as initiating an action to foreclose a lien where the lien was filed to secure payment for health care (retroactive from October 1, 2022), and from garnishing wages for health care collections (also retroactive from October 1, 2022). The Act will go into effect on July 1. The CFPB wrote in favor of this bill’s enactment after the CFPB promulgated its NPRM to prohibit creditors from using medical bills in underwriting decisions, as covered by InfoBytes here.
NYDFS releases its Cybersecurity Program Template
On May 13, NYDFS issued a guidance letter informing licensed entities about its Cybersecurity Program Template. NYDFS created the Template to help individual licensees and individually owned businesses licensed by NYDFS to develop a cybersecurity program as required by its cybersecurity regulation (23 NYCRR Part 500). The Template was prepared based on the version of the NYDFS Cybersecurity Regulation in effect as of November 1, 2023 (covered by InfoBytes here). The template does not need to be submitted to NYDFS or any other state agencies for approval.
Maryland updates prohibited items reported on consumer credit reports
On May 9, the Governor of Maryland approved SB 41 (the “Act”) which will change the requirements on prohibitions for consumer reporting agencies as to what information they may include in consumer credit reports.
The Act will prohibit consumer reporting agencies from reporting bankruptcies more than 10 years before the credit report would be issued, suits and judgments of more than seven years, paid tax liens greater than seven years, accounts placed for collection of more than seven years, arrest records or other crime reports of greater than seven years, and “any other adverse information that predates the report” by more than seven years. These reporting prohibitions do not apply to credit transactions with a principal amount of at least $150,000, as well as both the underwriting of life insurance with a face value of at least $150,000 or the employment of someone with a salary of at least $75,000. The Act will go into effect on October 1.
11th Circuit rejects a proposed TCPA class action settlement
On May 13, the U.S. Court of Appeals for the Eleventh Circuit vacated and remanded a proposed TCPA class action settlement agreement. The class, consolidated from three class actions, accused the defendant, the “world’s largest services platform for entrepreneurs,” of violating the TCPA by using an automatic telephone dialing system to send unwanted calls and text messages to promote its products. The $35 million settlement and attorney’s fees, up to $10.5 million, was approved preliminarily in 2020.
According to the appellate court’s opinion, the district court abused its discretion in approving a proposed $35 million settlement because it: (i) did not consider the 2018 amendments to Rule 23(e)(2); (ii) overlooked possible collusion in the settlement agreement; and (iii) inadequately informed class members about the case. Additionally, the court incorrectly calculated the attorneys’ fees and wrongly treated the settlement as a common fund rather than a claims settlement. The class’s counsel was criticized for appearing to represent their own interests over those of the class since they were supposed to receive $10.5 million in fees. The court also found issues with the opt-out process, which was deemed overly complex and likely to discourage class members from opting out. As a result, the judgment was vacated.
District Court denies mortgage lender’s motion to dismiss against CFPB
On May 2, the U.S. District Court for the Southern District of Florida denied a mortgage lender’s motion to dismiss. The CFPB sued the lender in October 2023 for violating HMDA and Regulation C by intentionally misreporting data regarding borrower race, ethnicity, and sex pursuant to a data reporting requirement from a prior consent order. In a sample of the defendant’s data reporting submission, the CFPB allegedly found 51 data errors across seven data fields. The court sided with the CFPB on all four grounds raised in the lender’s motion to dismiss. First, the court found that the CFPB pleaded a plausible violation of the HMDA, sufficient to survive a motion to dismiss. Second, the court rejected the lender’s arguments that HMDA and Regulation C are “unconstitutionally vague” because they established a standard for covered loan data that meets a constitutional standard. Third, the court sided again with the CFPB in finding that the injunctive relief at issue did not qualify as an “obey the law” injunction since it provided reasonable clarity of what was required of the lender. And fourth, the court upheld the funding structure of the CFPB as constitutional, therein following guidance from the Second Circuit in upholding the structure as constitutional.
Court grants summary judgment for lack of disputed debt evidence
On May 7, the U.S. District Court for the Western District of Oklahoma entered into an order granting summary judgment in favor of the defendant, a debt recovery agency, on the basis that the plaintiff, an individual, failed to prove that the defendant knowingly provided false information to credit agencies in violation of the FDCPA. In this case, the plaintiff alleged violations of the FDCPA due to the defendant’s failure to report his debt as disputed to credit agencies.
The plaintiff claimed that he disputed the debt during a phone call with the defendant by questioning the balance owed on his account. Upon reviewing the call recording and other evidence, the Court found that the plaintiff did not actually dispute the debt during the call and instead asked about the charges. Since there was no evidence of an actual dispute, the Court granted summary judgment in the defendant’s favor.
CFPB and Fed adjust dollar thresholds for Regulation CC
On May 13, the CFPB and the Fed announced inflation-adjusted changes to Regulation CC, which governed the availability of customer funds from bank deposits. The final rule altered the minimum amounts that must be made available for withdrawal by the next business day for certain types of check deposits and modified the funds from certain checks deposited into new accounts that are subject to next-day availability. Mandated by Dodd-Frank, these adjustments were based on the five-year change in the CPI for Urban Wage Earners and Clerical Workers from July 2018 to July 2023. The updated thresholds will go into effect on July 1, 2025.
FTC’s Safeguards Rule notification requirement under GLBA now in effect
On May 14, the FTC published a business blog post announcing the Safeguards Rule, an amendment to the GLBA, is in effect as of May 13. The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and aims to protect customers' private personal information through data breach reporting requirements.
Additional revisions to the Rule related to data breach reporting were announced in October 2023, with amendments requiring covered companies to notify the FTC within 30 days of a security breach impacting at least 500 consumers. For reporting, businesses must use a new online form provided by the FTC. The Rule complements existing business security measures and does not negate other state and federal legal obligations. Businesses can refer to FTC guidance for further details on the rule and compliance requirements.
FSOC releases report on nonbank mortgage servicing
On May 10, the Financial Stability Oversight Council (FSOC) released a report analyzing the growing nonbank mortgage servicing sector. The report discussed the sector’s significant market share, strengths and vulnerabilities particularly in financial stress scenarios. The FSOC emphasized the potential for these vulnerabilities to affect financial stability including income, balance sheets, and access to credit simultaneously, and the need for enhanced resilience measures. To combat these issues, the FSOC suggested a series of recommendations to promote safe and sound operations, address liquidity pressures in the event of stress, and ensure continuity of servicing operations.
The FSOC’s recommendations included urging state regulators to improve oversight and prudential standards, suggesting Congress grant FHFA and Ginnie Mae greater authority to enforce safety and soundness standards. Furthermore, the report suggested that Congress would authorize Ginnie Mae and encourage state regulators to share information with each other and with Council member agencies. The Council also recommended that Congress would consider legislation to provide Ginnie Mae with the authority to expand the Pass-Through Assistance Program into a more effective liquidity backstop for mortgage servicers participating in the program during periods of severe market stress. The report further proposed the creation of a fund to support servicing continuity in times of servicer failure, including loss-mitigation activities for borrowers and the advancement of monthly payments to investors.
The Director of the CFPB, Rohit Chopra, released a statement in response to the FSOC’s report. Chopra emphasized the importance of the mortgage market to the economy, and the significant role played by nonbank mortgage companies. He expressed concern about the lack of oversight of nonbanks in comparison to banks and said that the Bureau will soon propose a rule “to strengthen certain homeowner protections.” He also mentioned that regulators were concerned about nonbanks’ lack of supervision and sensitivity to market volatility given their often-limited cash reserves and heavy dependence on bank borrowing.
If a large nonbank mortgage company were to fail, Chopra said that borrowers could face chaos: payment issues, no customer service, and foreclosure risks, as well as generally limited access to credit, especially for low- and moderate-income households. Chopra also mentioned that the report does not discuss specific measures for addressing these risks within the FSOC and suggested appropriate tools for managing such risks will be a future effort. Chopra expressed concern that current rules do not sufficiently protect borrowers exposed to foreclosure and “junk fees” and stated that the CFPB will conduct a thorough evaluation to determine if any significant nonbank mortgage firms would meet the criteria for heightened supervision and regulation by the Fed as well as work on a proposed rule to mitigate losses by including foreclosure protections from the earliest stage of mortgage servicing, even if the servicer does not yet have all the documents.