Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Bipartisan Senate legislation would offer stronger ISA protections

    Federal Issues

    On January 31, Senators Mark Warner (D-VA), Todd Young (R-IN), Marco Rubio (R-FL), and Chris Coons (D-DE) reintroduced legislation to strengthen protections for students who enter into income share agreements (ISAs). The senators explained that ISAs are an innovative way for students to finance postsecondary education and serve as an alternative to high-interest student loans. Under an ISA, students agree to pay a percentage of their income over an agreed upon time period in exchange for tuition payments from nongovernmental sources. When the time period ends, students stop payments regardless of whether they have paid back the full amount.

    The ISA Student Protection Act of 2023 would, among other things, (i) prevent ISA providers from requiring payments higher than 20 percent of a student’s income; (ii) exempt students from making payments towards their ISA should their income fall below an affordability threshold; (iii) establish a maximum number of payments and limit payment obligations to the end of a fixed window; (iv) set a minimum number of voluntary payment relief pauses; (v) require ISA providers to give detailed payment disclosures to students who may be considering entering into an ISA (including how payments under an ISA compare to payments under a comparable loan); (vi) provide strong bankruptcy protections for students who enter into an ISA “by omitting the higher ‘undue hardship’ standard for discharge required under private loans”; (vii) prevent funders from accelerating defaulted ISAs; (viii) ensure that ISA obligations end in the event of death or total and permanent disability; (ix) ensure that ISAs fall under federal consumer protection laws, including the FCRA, FDCPA, MLA, SCRA, and ECOA; (x) grant regulatory authority over ISAs to the CFPB; and (xi) clarify how ISA contributions should be treated for tax purposes for both funders and recipients.

    Federal Issues Federal Legislation Student Lending Consumer Finance Income Share Agreements U.S. Senate

  • Luetkemeyer accuses DOJ of incomplete BSA/AML data

    Federal Issues

    On February 1, Representative Blaine Luetkemeyer (R-MO) sent a letter to Attorney General Merrick Garland asking for an explanation as to why the DOJ has not complied with a provision in the 2021 National Defense Authorization Act (2021 NDAA), which requires the Department to report metrics on its use of Bank Secrecy Act (BSA) data to the Treasury Department. According to Luetkemeyer, section 6201 of the 2021 NDAA requires the DOJ to also report “on the use of data derived from financial institutions reporting under the [BSA]” in order to increase transparency on the usefulness of BSA data filed with FinCEN from financial institutions and ensure bad actors are not using the U.S. financial system to fund illicit activities.

    Specifically, the DOJ is required by the 2021 NDAA to examine how often the reported data contains actionable information, the number of legal entities and individuals identified within the reported data, and information on investigations resulting from the reported data that are conducted by state and federal authorities, the letter said. Citing a Government Accountability Office report (which found that the DOJ’s report failed to “include new statistics on the use and impact of BSA reports, including the summary statistics required under the act”), Luetkemeyer claimed the lack of transparency “begs the question if the burdensome reporting is worthwhile” and prevents “FinCEN and Congress from determining the effectiveness of the U.S. anti-money laundering regime.” Luetkemeyer asked the DOJ for an explanation as to why it failed to provide the required information.

    Federal Issues Financial Crimes U.S. House DOJ Anti-Money Laundering Bank Secrecy Act FinCEN Illicit Finance

  • New York FY 2024 budget proposes to end unfair overdraft practices

    State Issues

    On February 1, the New York governor released the state’s FY 2024 budget proposal, which includes measures for ending certain bank overdraft and insufficient fee practices. Specifically, the proposed legislation would amend section 9-y of the banking law to grant authority to the NYDFS superintendent to promulgate regulations related to (i) supervised banking organizations’ transaction processing practices; (ii) the charges (including overdraft and insufficient funds fees) that banks may impose in connection with dishonored transactions; and (iii) associated disclosures provided to consumers regarding how transactions are processed and any associated fees. In an accompanying budget briefing book, the governor said the proposed measures are part of “nation-leading legislation that comprehensively addresses abusive bank fee practices, which tend to disproportionally harm low- and moderate-income New Yorkers.” Proposed actions include “stopping the opportunistic sequencing of transactions in a way designed to maximize fees charged to consumers, ending other unfair overdraft and non-sufficient funds fee practices, and ensuring clear disclosures and alerts of any permissible bank processing charges.”

    State Issues New York Overdraft NSF Fees Consumer Finance State Legislation NYDFS Bank Regulatory

  • OFAC offers more guidance on price caps for Russian petroleum

    Financial Crimes

    On February 3, the U.S. Treasury Department’s Office of Foreign Assets Control published additional guidance on the implementation of the price cap policy for crude oil and petroleum products of Russian Federation origin. As previously covered by InfoBytes, last November, OFAC published a Determination Pursuant to Executive Order (E.O.) 14071 stating that the prohibitions of E.O. 14071 apply to U.S. persons providing covered services (including (i) trading/commodities brokering; (ii) financing; (iii) shipping; (iv) insurance, including reinsurance and protection and indemnity; (v) flagging; and (vi) customs brokering) as they relate to the maritime transport of Russian Federation crude oil, provided, however, that such covered services are authorized if the Russian oil is purchased at or below the price cap.

    The new determination—published pursuant to section 1(a)(ii), 1(b), and 5 of E.O. 14071—establishes that, effective February 5, the price cap on discount to crude petroleum products of Russian Federation origin will be $45 per barrel, and the price cap on premium to crude petroleum products of Russian Federation origin will be $ 100 per barrel. OFAC also published another determination, which outlines prohibitions on certain categories of services as they relate to the maritime transportation of petroleum products of Russian Federation origin, including trading/commodities brokering, financing, shipping, insurance, flagging, and customs brokering. Specifically, unless authorized by law or licensed or otherwise authorized by OFAC, “the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of any of the Covered Services to any person located in the Russian Federation” are prohibited. These determinations do not authorize transactions otherwise prohibited by the Russian Harmful Foreign Activities Sanctions Regulations.

    In conjunction with these determinations, OFAC also published additional guidance, as well as Russia-related General Licenses 56A and 57A.

    Secretary of the Treasury Janet Yellen applauded the G7’s price cap announcement, stating that the agreement helps limit Russia’s key revenue generator for funding its war against Ukraine, while promoting stable global energy markets.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Russia Ukraine Invasion

  • OFAC sanctions senior executives of Iranian UAV manufacturer

    Financial Crimes

    On February 3, the U.S. Treasury Department’s Office of Foreign Assets Control announced sanctions pursuant to Executive Order 13382 against eight senior executives of an Iran-based firm that was previously sanctioned by the U.S. and EU for manufacturing unmanned aerial vehicles (UAVs) for Iran’s Islamic Revolutionary Guard Corps (IRGC) Aerospace Force. OFAC also designated two Islamic Republic of Iran Navy vessels as property in which the Government of Iran has an interest. “Iranian entities continue to produce UAVs for Iran’s IRGC and military. More broadly, Iran is supplying UAVs for Russia’s combat operations to target critical infrastructure in Ukraine,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. “The United States will continue to aggressively target all elements of Iran’s UAV program.”

    As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the designated individuals or entities may themselves be exposed to sanctions, and “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today pursuant to E.O. 13382 could be subject to U.S. sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions SDN List Iran Russia Ukraine Invasion

  • FTC bans health vendor from sharing consumer info with advertiser

    Federal Issues

    On February 1, the DOJ filed a complaint on behalf of the FTC against a telehealth and prescription drug discount provider for allegedly violating the FTC Act and the Health Breach Notification Rule by failing to notify consumers that it was disclosing their personal health information to third parties for advertising purposes. As a vendor of personal health records, the FTC stated that the company is required to comply with the Health Breach Notification Rule, which imposes certain reporting obligations on health apps and other companies that collect or use consumers’ health information (previously covered by InfoBytes here).

    According to the complaint filed in the U.S. District Court for the Northern District of California, the company—which allows users to keep track of their personal health information, including saving, tracking, and receiving prescription alerts—shared sensitive personal health information with advertisers and other third parties for years, even though it allegedly promised users that their health information would never be shared. The FTC maintained that the company also monetized users’ personal health information and used certain shared data to target its own users with personalized health- and medication-specific advertisement on various social media platforms. The company also allegedly: (i) permitted third parties to use shared data for their own internal purposes; (ii) falsely claimed compliance with the Digital Advertising Alliance principles (which requires companies to obtain consent prior to using health information for advertising purposes); (iii) misrepresented its HIPAA compliance; (iv) failed to maintain sufficient formal, written, or standard privacy or data sharing policies or procedures to protect personal health information; and (v) failed to report the unauthorized disclosures.

    Under the terms of the proposed court order filed by the DOJ, the company would be required to pay a $1.5 million civil penalty, and would be prohibited from engaging in the identified alleged deceptive practices and from sharing personal health information with third parties for advertising purposes. The company would also be required to implement several measures to address the identified violations, including obtaining users’ affirmative consent before disclosing information to third parties (the company would be prohibited from using “dark patterns,” or manipulative designs, to obtain consent), directing third parties to delete shared data, notifying users about the breaches and the FTC’s enforcement action, implementing a data retention schedule, and putting in place a comprehensive privacy program to safeguard consumer data.

    Federal Issues FTC Enforcement Privacy, Cyber Risk & Data Security Advertisement Consumer Protection FTC Act Health Breach Notification Rule Dark Patterns

  • Agencies remind banks of HMDA reporting changes on closed-end mortgages

    On February 1, the OCC reminded banks and OCC examiners that the loan origination threshold for reporting HMDA data on closed-end mortgages has changed due to a court decision issued last year, which addressed challenges made by a group of consumer fair housing associations to changes made in 2020 by the CFPB that permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit under HMDA (covered by InfoBytes here.) Due to a court order vacating the 2020 HMDA Final Rule as to the loan volume reporting threshold for closed-end mortgage loans, the OCC explained that the loan origination threshold for reporting HMDA data on closed-end mortgage loans reverted to the threshold established by the 2015 HMDA Final Rule.

    According to Bulletin 2023-5, the threshold for reporting HMDA data is now 25 closed-end mortgage loans originated in each of the two preceding calendar years rather than the 100-loan threshold set by the 2020 HMDA Final Rule. “Banks that originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years (referred to collectively as affected banks) may need to make adjustments to policies and procedures to comply with reporting obligations,” the OCC said. The agency added that it does not plan to assess penalties for failures to report closed-end mortgage loan data on reportable transactions conducted in 2022, 2021 or 2020 for affected banks that meet other coverage requirements under Regulation C.

    The FDIC and Federal Reserve Board also issued similar guidance (see FIL-06-2023 and CA 23-1).

    Bank Regulatory Federal Issues OCC FDIC HMDA Loan Origination Mortgages Regulation C CFPB Federal Reserve

  • NYDFS finalizes commercial financing disclosures

    State Issues

    On February 1, NYDFS adopted a final regulation (23 NYCRR 600) outlining disclosure requirements for commercial financing transactions in the state. Under the state’s Commercial Finance Disclosure Law (CFDL)—which was enacted at the end of December 2020—providers of commercial financing, which include persons and entities who solicit and present specific offers of commercial financing on behalf of a third party, are required to give consumer-style loan disclosures to potential recipients when a specific offering of finance is extended for certain commercial transactions of $2.5 million or less.

    The final regulation took into consideration comments received on revised proposed regulations published in 2021 and 2022 (covered by InfoBytes here and here), and provides specific instructions for providers on how to comply with the CFDL. Among other things, the final regulation:

    • Outlines detailed definitions for terms used within the CFDL and in the regulation;
    • Clarifies the definition of “finance charge” with respect to commercial financing transactions, and explains how the finance charge and annual percentage rate should be calculated; 
    • Describes allowed tolerances and specifies occurrences where providers or financers will not assume liability for disclosure errors or inadvertent disclosures;
    • Lays out formatting and content requirements for disclosures required by the CFDL for the following types of financing: (i) sales-based financing; (ii) closed-end financing; (iii) open-end financing; (iv) factoring transaction financing; (v) lease financing; (vi) general asset-based financing; and (vii) all other commercial financing transactions that do not fall within the aforementioned categories; 
    • Clarifies specific itemization disclosure requirements for when the amount financed is greater than the recipient funds;
    • Outlines signature requirements;
    • Describes how the CFDL’s disclosure threshold of $2,500,000 is calculated; 
    • Explains how providers should calculate required disclosures for commercial financing transactions with multiple payment options/balances payable on demand;
    • Details certain duties of financers and brokers involved in commercial financing; 
    • Prescribes a process under which certain providers that use the opt-in method of calculating an estimated annual percentage rates will report data to the superintendent; and
    • Specifies provisions related to the assignment of commercial financing agreements.

    23 NYCRR 600 will take effect upon publication of the Notice of Adoption in the State Register. The compliance date is six months after the Notice of Adoption is published.

    State Issues NYDFS State Regulators Commercial Finance Disclosures Bank Regulatory 23 NYCRR 600

  • Illinois Supreme Court sets five-year SOL for section 15 BIPA violations

    Privacy, Cyber Risk & Data Security

    On February 2, the Illinois Supreme Court held that under the state’s Biometric Information Privacy Act (BIPA), individuals have five years to assert violations of section 15 of the statute. The plaintiff sued his former employer claiming that by scanning his fingerprints, the company violated section 15(a) of BIPA (which provides for the retention and deletion of biometric data), as well as sections 15(b) and 15(d) (which provide for the consensual collection and disclosure of biometric identifiers and biometric information). According to the plaintiff, the defendant allegedly failed to implement and adhere to a publicly available biometric information retention and destruction policy, failed to obtain his consent to collection his biometric data, and disclosed his data to third parties without his consent. The defendant moved to dismiss the complaint as untimely, arguing that “claims brought under [BIPA] concern violations of privacy, and therefore, the one-year limitations period in section 13-201 of the [Code of Civil Procedure (Code)] should apply to such claims under [BIPA] because section 13-201 governs actions for the ‘publication of matter violating the right of privacy.’”

    The circuit court disagreed, stating that the lawsuit was timely filed because the five-year limitations period codified in section 13-205 of the Code applied to violations of BIPA. While the circuit court agreed that BIPA is a privacy statute, it said section 13-201 of the Code applies to privacy claims where “publication” is an element of the complaint. Because the plaintiff’s complaint does not involve the publication of biometric data and does not assert invasions of privacy or defamation, the one-year limitations period should not apply, the circuit court said, further adding that BIPA is not intended “to regulate the publication of biometric data.” The circuit court also concluded that the five-year limitations period applied in this case because BIPA itself does not contain a limitations period.

    The defendant amended his complaint and eventually appealed. The appellate court ultimately concluded that the one-year limitations period codified in section 13-201 of the Code applies to claims under section 15(c) and 15(d) of BIPA “where ‘publication or disclosure of biometric data is clearly an element’ of the claim,” and that the five-year limitations period codified in section 13-205 of the Code governs actions brought under section 15(a), 15(b), and 15(e) (which provides data safeguarding requirements) of BIPA “because ‘no element of publication or dissemination’ exists in those claims.” The defendant continued to argue that BIPA is a privacy statute and as such, claims brought under section 15 of BIPA should be governed by the one-year limitations period codified in section 13-201 of the Code.

    In affirming in part and reversing in part the judgment of the appellate court, the Illinois Supreme Court applied the state’s “five-year catchall limitations period” to claims brought under BIPA. “[A]pplying two different time limitations periods or time-bar standards to different subsections of section 15 of [BIPA] would create an unclear, inconvenient, inconsistent, and potentially unworkable regime as it pertains to the administration of justice for claims under [BIPA],” the Illinois Supreme Court wrote.

    Privacy, Cyber Risk & Data Security Courts Illinois BIPA Statute of Limitations Class Action

  • District Court dismisses CFPB redlining action against nonbank lender

    Courts

    On February 3, the U.S. District Court for the Northern District of Illinois dismissed with prejudice claims that a Chicago-based nonbank mortgage company and its owner violated ECOA by engaging in discriminatory marketing and applicant outreach practices. The CFPB sued the defendants in 2020 alleging fair lending violations, including violations of ECOA and the CFPA, predicated, in part, on statements made by the company’s owner and other employees during radio shows and podcasts from 2014 through 2017. (Covered by a Special Alert.) The complaint (which was later amended) marked the first time a federal regulator has taken a public enforcement action against a nondepository institution based on allegations of redlining.

    The Bureau claimed that the defendants discouraged African Americans from applying for mortgage loans from the company and redlined African American neighborhoods in the Chicago area by (i) discouraging their residents from applying for mortgage loans from the company; and (ii) discouraging nonresidents from applying for loans from the company for homes in these neighborhoods. The defendants moved to dismiss with prejudice, arguing that the Bureau improperly attempted to expand ECOA’s reach “beyond the express and unambiguous language of the statute.” The defendants explained that while the statute “regulates behavior towards applicants for credit, it does not regulate any behavior relating to prospective applicants who have not yet applied for credit.” The Bureau countered that courts have consistently recognized Regulation B’s discouragement prohibition even when applied to prospective applicants.

    In dismissing the action with prejudice, the court applied step one of Chevron framework (which is to determine “whether Congress has directly spoken to the precise question at issue”) when reviewing whether the Bureau’s interpretation of ECOA in Regulation B is permissible. Explaining that ECOA’s plain text “clearly and unambiguously prohibits discrimination against applicants”—defined as a person who applies for credit—the court concluded (citing to case law in support of its decision) that Congress’s directive only prohibits discrimination against applicants and does not apply to prospective applicants. The court stressed that the agency’s authority to enact regulations is not limitless and that the statute’s use of the term “applicant” clearly marks the boundary of ECOA.

    The court also rejected the Bureau’s argument that ECOA’s delegation of authority to the Bureau to adopt rules to prevent evasion means the anti-discouragement provision must be sustained provided it reasonably relates to ECOA’s objectives. The Bureau pointed to the U.S. Supreme Court’s decision in Mourning v. Fam. Publ’ns Serv., Inc. (upholding the “Four Installment Rule” under similar delegation language in TILA), but the court held that Mourning does not permit it to avoid Chevron’s two-step framework. Because the anti-discouragement provision does not survive the first step, the court did not reach whether the provision is reasonably related to ECOA’s objectives and dismissed the action with prejudice. The remaining claims, which depend on the ECOA claim, were also dismissed with prejudice.

    The firm will be sending out a Special Alert in the next few business days providing additional thinking on this decision.

    Courts Enforcement Redlining Consumer Finance Fair Lending CFPB CFPA ECOA Discrimination Regulation B

Pages

Upcoming Events