InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S. Supreme Court vacates decision on interest for escrow accounts, orders further review
On May 30, the U.S. Supreme Court vacated and remanded for further proceedings a 2022 decision by the Second Circuit that held that the National Bank Act preempted a New York state law requiring the payment of interest on mortgage escrow accounts. The plaintiff borrowers obtained home mortgage loans from a national bank and were required to make monthly deposits into escrow accounts for the payment of property taxes and insurance. New York law required the payment of interest on such accounts. When the national bank, relying on federal preemption, did not pay such interest, the borrowers sued. The district court rejected the bank’s preemption argument, but the 2nd Circuit reversed, holding that the state law significantly interfered with the bank’s exercise of its authorized power to create and fund escrow accounts (covered by InfoBytes here). The Supreme Court granted certiorari to resolve a split between the 2nd Circuit’s decision and an earlier decision of the 9th Circuit (covered by InfoBytes here).
The Supreme Court held that the 2nd Circuit did not properly apply the applicable preemption standard created by the Dodd-Frank Act. The Dodd-Frank Act preempts state law “only if” the state law (i) discriminates against national banks as compared to state banks; or (ii) “prevents or significantly interferes with the exercise by the national bank of its powers,” as determined “in accordance with the legal standard for preemption in the Supreme Court’s decision in Barnett Bank of Marion County, N. A. v. Nelson, Florida Insurance Commissioner, et al.”
Because the state law did not discriminate against national banks, the Court focused its analysis on the Barnett Bank/significant interference test. The Court held that “Barnett Bank did not purport to establish a clear line to demarcate when a state law ‘significantly interfere[s] with the national bank’s exercise of its powers[,]’” but instead “analyzed the Court’s precedents on that issue.” Stating that those precedents “furnish content to Barnett Bank’s significant interference test—and therefore also to Dodd-Frank’s preemption standard,” the Court then proceeded to analyze those same precedents, identifying cases that illustrate the types of state laws that do and do not constitute a “significant interference” with national bank powers. The Court ultimately concluded that a “court applying [the] Barnett Bank standard must make a practical assessment of the nature and degree of the interference caused by a state law.” In a footnote, the Court added that in “Barnett Bank and each of the earlier precedents, the Court reached its conclusions about the nature and degree of the state laws’ alleged interference with the national banks’ exercise of their powers based on the text and structure of the laws, comparison to other precedents, and common sense.”
Because the 2nd Circuit had not analyzed the preemption issue “in a manner consistent with Dodd-Frank and Barnett Bank,” the Court vacated its decision and remanded the case for further proceedings.
OCC releases enforcement actions for May 2024
On May 23, the OCC released a list of recent enforcement actions against national banks, federal savings associations, and individuals affiliated with such entities (defined as institution-affiliated parties, or IAPs). The actions against two individual banks include two formal agreements in which the OCC alleged that the banks engaged in unsafe or unsound practices related to risk governance and internal controls for one bank; and capital planning, strategic and succession planning, and liquidity risk management for the other bank. The announcement also included five enforcement actions against IAPs to “deter, encourage correction of, or prevent violations, unsafe or unsound practices, or breaches of fiduciary duty.” Specifically, the announcement included four prohibition orders and one notice of charges against IAPs, mainly individuals, for criminal activity. More information on the OCC’s enforcement action types can be found here.
FHA issues reporting requirements on significant cybersecurity incidents
On May 23, HUD issued Mortgagee Letter (ML) 2024-10 titled “Significant Cybersecurity Incident (Cyber Incident) Reporting Requirements” which required FHA-approved mortgagees to notify HUD when a “Cyber Incident” occurs. A Cyber Incident would be any unauthorized event that could harm information or computer systems, breaching security rules, and affecting a mortgagee’s ability to meet FHA program requirements. It also would include actions that threaten data confidentiality, integrity, or availability, potentially disrupting mortgage operations. Mortgagees must report all suspected Cyber Incidents to HUD's FHA Resource Center and Security Operations Center within 12 hours of detection. The report must include several details, including the mortgagee's name and ID, contact information, a description of the incident (including the date, cause, and impact to PII, login credentials, and IT systems), any affected subsidiary or parent companies, and the status of the mortgagee’s incident response, including whether law enforcement has been notified. The provisions of this ML are effective immediately and will be reflected in a forthcoming update to the HUD Handbook 4000.1.
CSBS seeks comments on its 2025 NMLS fee increases proposals
On May 20, CSBS requested public feedback on a proposal to raise NMLS fees for the first time since the registry’s launch in 2008. This proposed fee increase will ensure NMLS remains functional and up to date while balancing the need for cost-effectiveness for its 600,000 users. The proposed fee hikes will impact companies, individual licensees, and branches, across industries like mortgage, debt, consumer finance, and money services. For example, the annual processing fee for state licensure would increase from $100 to $120 for companies, from $20 to $25 for branches, and from $30 to $35 for individuals. NMLS fees for federal registration will experience similar price hikes. The proposed fee structure will also include adjustments for initial set-up fees, annual processing fees, and fees associated with changes in sponsorship or employment.
Michigan requires annual reporting on payday lending from director
On May 22, Michigan enacted HB 4343 (the “Act”) to include new reporting requirements regarding payday lending for the director or the Michigan Department of Insurance and Financial Services (the Department). By October 31 of each year, from 2025 to 2031, the director of the Department must submit a report to the relevant senate and house committees tasked with the oversight of banking and financial services issues. The report must cover various aspects of the payday lending business in the state, including the number of licensed providers, program fees received by the Department, and local and statewide statistics on provider locations, transaction volumes and amounts, and customer usage patterns. The Act will require the Department to include the names and addresses of all licensees, the number of complaints filed against both licensees and non-licensees arising from transactions conducted in the state, and any additional information deemed relevant by the director. According to the Act, the purpose of this reporting will be to enforce and regulate the payday lending industry. The Act will go into effect after the 91st day after the final adjournment of the 2024 regular session.
NYDFS issues loss mitigation guidance for property insurance
On May 23, NYDFS issued Insurance Circular Letter No. 3 (2024) which encouraged all insurers – authorized to write property/casualty insurance in New York – to offer loss mitigation tools and services to the insured for free or at a reduced fee. Insurers are encouraged to offer devices like smart water monitors and provide discounts for the installation of loss prevention systems, such as smoke alarms and sprinkler systems. Additionally, the letter reminded insurers of their obligation to provide an actuarially appropriate reduction in rates for the installation of hurricane/storm shutters and hurricane-resistant windows and doors. It opined that any such tools or services offered by an insurer that are $25 or less in market value need not be specified in the insurance policy, while those exceeding $25 must be. This initiative, the letter stated, will aim to create a more affordable and resilient insurance market.
Colorado enacts consumer protections for artificial intelligence
On May 17, Colorado enacted SB 24-205 (the “Act”) concerning consumer protections in interactions with artificial intelligence (AI) systems. The Act requires developers of “high-risk” AI systems—defined as AI systems that make “consequential” decisions relating to education, employment, financial or lending services, housing, or insurance, etc.—to take reasonable care to protect consumers from “any known or reasonably foreseeable risks of algorithmic discrimination” that could arise from the use of such systems. The Act grants the Attorney General (AG) rule-making authority to implement and enforce the associated requirements.
Beginning in February 2026, developers must provide deployers with comprehensive documentation comprising a general statement of the AI system’s foreseeable uses and known harmful or inappropriate applications, high-level summaries of the training data, known or reasonably foreseeable limitations and risks, the system’s purpose, and its intended benefits and uses. Furthermore, developers must share how the AI system was evaluated for performance and algorithmic discrimination mitigation, the data governance measures applied to its data sets and sources, the intended outputs, the measures taken to mitigate risks, and the guidelines on the proper use and monitoring of the system.
Developers must share publicly a summary statement on their website or in a public use case inventory summarizing the types of high-risk AI systems that developers have developed or substantially modified and how they manage the potential risks of algorithmic discrimination associated with these systems. Additionally, deployers of high-risk AI systems must notify consumers of a system’s involvement in significant decision making, allow consumers to correct inaccurate personal data, and establish an appeal process for adverse determinations which, if technically feasible, allows for human review.
Finally, developers of high-risk AI systems are required to disclose any known or reasonably foreseeable risks of algorithmic discrimination to the AG and all known deployers or other developers of the system. Such disclosure must occur without unreasonable delay and no later than 90 days after a developer becomes aware of the risk. Furthermore, under the Act, the AG has the authority to request documentation or statements from developers to ensure compliance.
Colorado extends and amends law for debt-management service providers
On May 22, the Governor of Colorado approved HB 1251 (the “Act”) which will extend the regulation of debt-management service providers through September 1, 2035 (without legislative action, the relevant law would have been repealed on September 1 of this year). The Act will require debt-management service providers to provide personal finance management education to consumers and keep records of such education, require settlements between a consumer and creditor to be made in writing, and allow the Colorado Attorney General’s office to use the administrative process (instead of the rulemaking process) to establish reasonable fees to be paid by debt-management service providers. The Act will go into effect 90 days following the adjournment of the state assembly, provided no referendum would be filed.
Massachusetts’ Attorney General settles with lender for alleged usury claims
On May 21, the Massachusetts Attorney General (AG) released an Assurance of Discontinuance against a lender for allegedly violating the state’s Consumer Protection Act (CPA) provision on unfair and deceptive acts and practices. Specifically, the AG stated that the lender made loans with “usurious interest rates” from May 30, 2018, to December 29, 2022. The AG also alleged that, although the CPA prohibited charging interest greater than 20 percent per year, the lender’s Massachusetts loans had an average APR above 100 percent and that the interest on these loans exceeded 20 percent “uniformly.” The lender neither admitted nor denied any of the AG’s findings.
Under the Assurance of Discontinuance the lender will perform a self-audit of all Massachusetts loans and pay a pro-rata refund to affected consumers totaling $625,000. The lender agreed to not “collect, attempt to collect, or assign any right to collect payment” on all defaulted and active loans. The lender must also submit a report based upon its self-audit to the AG.
Florida appellate court reverses crypto-asset company’s money license suspension
On May 22, a Florida appellate court set aside the state’s Office of Financial Regulation (OFR) Emergency Suspension Order (ESO), suspending a Florida-based digital assets company’s (Petitioner) money services business (MSB) license. The OFR issued the ESO because Petitioner’s controlling shareholder and CEO had entered into federal plea agreements for BSA/AML violations. Under Fla. Stat. § 120.60(6), the OFR “may” suspend an MSB’s license if the OFR finds the licensee posed an “immediate serious danger” to “public health, safety, or welfare.” However, the OFR may only take such action by procedure that would be “fair under the circumstances,” and must describe its “reasons” for concluding that the procedure was fair. Petitioner argued that the ESO, among other things, did not meet this standard, and the Court agreed.
The OFR’s ESO did not state specific reasons for concluding that its procedures were fair, and instead merely relied on § 120.60(6) for blanket authorization. According to the court, the ESO should have offered an explanation as to why less drastic measures were insufficient or acknowledged the potential harm to Florida consumers. To comply with the ESO, for example, Petitioner would need to liquidate all digital asset holdings for all Florida customers, with a total of 170,000 accounts, which would threaten financial harm and might create “unplanned and extensive” tax liabilities to customers. Because the ESO did not discuss the OFR’s reasoning or alternative remedies, the court held the ESO was not fair under the circumstances. As such, the court set aside the ESO, but stayed its order pending timely and authorized motions for rehearing.