InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Nevada approves regulation on earned wage access
On June 20, the Nevada Secretary of State approved Regulation NAC 604D, LCB File No. R096-23 (the Regulation), issued by the Nevada Department of Business and Industry, Financial Institutions Division, which established provisions to implement SB 290 (the Act) relating to earned wage access (covered by InfoBytes here).
The Regulation established the commissioner’s interpretation of the term “indirectly” as used in the definition of “employer-integrated earned wage access services” in the Act. As the Legislative Counsel’s Digest for the Regulation explained, “S.B. 290 defines employer-integrated earned wage access services to mean the delivery to a user of access to earned but unpaid income determined based on employment, income or attendance data obtained directly or indirectly from an employer.” In this context, the Regulation provided that data obtained “indirectly” from an employer means “verified data of the employment, income, or attendance of the user that is:” (i) “Obtained from an integrated system”; (ii) “Not directly obtained from the system of an employer”; and (iii) “Not directly obtained from the user.” The Regulation further provides that an “owner” was “a person who holds an ownership interest of at least 10 percent or more in an applicant for the issuance of a license as a provider that is a business entity.” The Regulation also clarified that providers are prohibited from charging cancellation fees of any kind.
The Regulation set forth $1,000 fees each for (i) the initial application for a license; (ii) the initial issuance of a license as a provider; (iii) the annual renewal of such a license; and (iv) the reinstatement of an expired license. Furthermore, the Regulation provided that each application for licensure by a provider that is a business entity must be accompanied by a list consisting of each person who holds an ownership interest in the applicant.
Pursuant to the Regulation, licensees will be required to report specific activity-based information to the state, including, non-exhaustively, the (i) total number and value of fees and expedited delivery fees paid by users within the prior year; (ii) the number of users with outstanding proceeds at the time of reporting and the value of such outstanding proceeds; (iii) the total number of requests for reimbursement of overdraft or NSF fees in the prior year; and (iv) voluntary tips received. Licensees will also be required to submit audited financial statements by April 15 each year (or, if not available, unaudited financial statements by April 15, followed by audited financial statements by June 30 of that same year). Licensees must retain records for at least six years and must not engage in misleading advertising. With respect to supervision, the Regulation establishes an hourly fee of $75 that the commissioner will charge for any supervision, examination, audit, investigation or hearing conducted pursuant to the provisions of the Act and provided that the commissioner can revoke or suspend licenses for any violations and has broad authority to request information during examinations or investigations.
This Regulation will go into effect on July 1.
DFPI proposes amendments to regulations under the California Debt Collection Licensing Act
On June 17, the California DFPI proposed to amend the California Code of Regulations relating to requirements under the Debt Collection Licensing Act (DCLA) and will be accepting comments through July 3. The proposed amendments would define the phrase "net proceeds generated by California debtor accounts" and also clarify annual reporting requirements for DCLA licensees.
Specifically, “net proceeds generated by California debtor accounts” will mean the amount retained by a debt collector from its California debt collection activity, and depending on the business activities of the licensee, will be further defined as follows: (i) for debt buyers, net proceeds are the amount collected minus the prorated purchase price paid for the debt, before deducting costs and expenses; (ii) for purchasers of non-charged-off or non-defaulted debt, net proceeds are calculated in the same fashion as debt buyers; and (iii) for all other debt collectors, net proceeds are the amount the collector receives from its clients, before deducting costs and expenses (where “client” means the company on whose behalf the debt collector has been contracted to collect on an account).
The proposed regulations also clarified annual reporting requirements and defined terms used within the report for DCLA licensees. Specifically, the regulations confirmed that licensees must submit an annual report, signed by a principal officer attesting to its accuracy and completeness, and that the report must be submitted electronically. Additionally, when completing the data requested in the report, licensees must count each California debtor account separately and the number of California debtor accounts collected in the preceding year (which is defined as the calendar year – January 1 through December 31) shall be the sum of (i) the total number of accounts collected in full; (ii) the total number of accounts resolved for less than the full amount; and (iii) the total number of accounts where partial payments were made but a balance remains due. The report must also include the total number and dollar amount of accounts for which collection was attempted but no payments were collected or resolved within the year.
The “total dollar amount of California debtor accounts purchased in the preceding year” and the “face value dollar amount of California debtor accounts in the licensee’s portfolio in the preceding year” were defined and must also be reported, excluding any added fees or charges. Additional information required includes the number of California debtor accounts and the number of California debtors in the licensee's portfolio as of the end of the year.
FTC refers ROSCA case against software company and executives to DOJ
On June 17, the FTC announced an enforcement action against a software company and two of its executives for its practices related to its subscription model. According to the redacted complaint filed by the DOJ (upon referral from the FTC), defendant allegedly failed to adequately disclose to consumers the terms associated with its year-long subscription, and allegedly failed to obtain the consumer’s express informed consent before charging them. Defendant’s “Annual, Paid Monthly” subscription plan allegedly included early termination fees (ETF) that were not clearly disclosed to consumers upon enrollment. In particular, the ETF disclosures were buried on the company’s website in small print or required consumers to hover over small icons to find the disclosures. The DOJ also alleged defendant used the early termination fees to discourage consumers from canceling their plans, which was also difficult for consumers to do. Defendant’s practices allegedly violated the Restore Online Shoppers’ Confidence Act (ROSCA). The DOJ will be seeking injunctive relief, civil penalties, equitable monetary relief, as well as other relief.
New York Attorney General issues judgment against crypto-asset firm
On June 14, the New York Attorney General, Letitia James, announced a stipulation and consent to judgment against a crypto-asset company for allegedly misleading investors on the risks of its program. Under the order, the defendants agreed to distribute all digital assets through its platform as restitution on an in-kind, “coin-for-coin” basis, with distributions to be made in the same amount and types of crypto-assets loaned by the investors. The stipulation followed a May 20 settlement with the company worth $2 billion.
The defendants were permanently restrained and enjoined from engaging in any conduct under the Martin Act and Executive Law § 63(12), as well as offering a cryptocurrency lending product in New York State. However, the order specified that if future state or federal legislation permitted crypto lending in the state, the defendant may seek permission from the New York AG to lift the ban. The defendants further agreed to fully cooperate with the New York AG as it continued to investigate the matter. The order also required the defendants to disclose to consumers within thirty days of its execution that the defendant is not registered with the SEC or the CFTC, along with detailing risk factors, among other disclosure requirements. The defendants neither admitted nor denied the allegations in the complaint, aside from admitting to personal and subject matter jurisdiction.
SEC charges communications company with accounting control failure
On June 18, the SEC issued a cease-and-desist order (order) against a Delaware-based business communication and marketing service provider (respondent) to settle allegations of cybersecurity controls violations related to a 2021 ransomware attack.
According to the order, the SEC alleged respondent did not have adequate controls to ensure cybersecurity incidents were reported to its management and did not respond to alerts indicating unusual network activity in a timely manner. Among other allegations, the order contended that respondent relied on a third-party vendor to review and escalate the large volume of alerts issued by its cybersecurity detection systems but did not implement procedures or controls to effectively confirm that the vendor’s review and escalation of alerts were consistent with the respondent’s expectations. The order noted that respondent cooperated with the investigation, reported the cybersecurity incident promptly, and took steps to enhance its cybersecurity technology and controls. Without admitting the SEC’s allegations, respondent agreed to a $2,125,000 civil money penalty.
Notably, in addition to alleged violation of Exchange Act Rule 13a-15(a) requiring public companies to maintain disclosure controls and procedures designed to ensure timely disclosure of incidents in compliance with the Commission’s rules, the order also alleged that respondent’s failure to design effective procedures to ensure escalation and timely decisions regarding potential security incidents violated Section 13(b)(2)(B) of the Securities Exchange Act of 1934. Section 13(b)(2)(B) required covered companies to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances, among other things, that access to company assets was permitted only in accordance with management’s general or specific authorization.”
In a statement responding to the order, SEC Commissioners Pierce and Uyeda took issue with the Commission’s application Section 13(b)(2)(B). Specifically, the commissioners argued that the requirement to maintain internal accounting controls ensuring “that access to company assets” must be authorized by management and was intended to protect the accuracy of corporate transactions for the use and disposition of assets in transactions. They noted that “[w]hile [respondent’s] computer systems constitute an asset in the sense of being corporate property, computer systems are not the subject of corporate transactions,” and that faulting respondent’s internal accounting controls in the context of a ransomware attack “breaks new ground with its expansive interpretation of what constitutes an asset under Section 13(b)(2)(B)(iii).”
FINRA issues guidance on broker-dealers using generative AI tools
On June 27, FINRA issued Regulatory Notice 24-09 that discussed the implications to broker-dealers in their use of artificial intelligence (AI), including large language models (LLMs) and other generative AI tools. Although FINRA stated that while AI offered broker-dealers opportunities to improve their services and enhance their operational and compliance efficiencies, it also reminded firms that its rules and federal securities laws continue to apply. In discussing use cases, FINRA noted that AI tools can analyze financial data, summarize documents, and assist in investor education, but also raise concerns about accuracy, privacy, bias, and security.
When using these tools, FINRA reminds firms that: (1) they must have appropriate supervisory systems and governance in place, whether those tools are developed in-house or provided by third parties; and (2) they should evaluate AI tools before use to ensure compliance with FINRA rules. FINRA also stated that in some instances, it could issue further guidance for specific use cases. FINRA encouraged firms to seek interpretive guidance where ambiguous rule applications may exist and have ongoing discussions with their Risk Monitoring Analyst.
NYDFS issues guidance insurers regarding discrimination in affordable housing market
On June 24, Gov. Kathy Hochul announced guidance issued by NYDFS in Circular Letter No. 6 (2024) informing insurers and related parties that, under the new Insurance Law § 3462, making coverage decisions based on a property’s status as an affordable housing development or on the amount or source of a tenant’s income will be prohibited. According to the Circular Letter, the recently enacted law came in response to a “hardening” insurance market that has resulted in increased premiums and reduced coverage options for affordable housing developments. Under the law, insurers cannot base decisions such as issuing, renewing, or increasing premiums for policies on whether a property was an affordable housing development or if tenants received government assistance. The guidance noted that “excess line insurers, and the New York Property Insurance Underwriting Association (NYPIUA) must comply with Insurance Law § 3462 and can no longer request information about government-subsidized housing units or tenants paying rent with housing assistance or use this information for underwriting purposes,” and were required to update their insurance applications and underwriting guidelines accordingly. If insurance rates were previously based on these factors, insurers must revise their rates and submit them to NYDFS.
Rhode Island amends and adds provisions to financial institutions code
On June 25, the Governor of Rhode Island signed into law H 7282 (the “Act”) amending certain provisions of the state’s Title 19 on Financial Institutions and adding new consumer protections. Among other things, the amendments to the Act (i) updated the term “Federal Office of Thrift Supervision” to “Federal Reserve System,” (ii) clarified that the term “Tangible net worth” meant “the aggregate assets of a licensee excluding all intangible assets, less liabilities” in accordance with GAAP, and (iii) increased the minimum capital requirements for currency transmission licensees. The Act further restricted student loan servicers from withholding student transcripts from delinquent borrowers, removed a provision allowing deposit of securities in lieu of bonds, and added provisions on permissible investments for licensees, including cash, certificates of deposit, obligations of the United States, letters of credit with stipulations, or surety bonds.
Ohio allows dual capacity in real estate transactions
Recently, the Ohio Division of Financial Institutions released a letter to repeal prior guidance banning mortgage professionals from acting as both a mortgage professional and a real estate agent in the same transaction. This “dual capacity” was originally banned in the Divisions Mortgage Brokers & Lenders Letter 2006-1 to prevent conflicts of interest that might arise when a single person would both complete a sale and obtain financing for that sale. After the repeal, the Ohio Division of Financial Institutions required licensed mortgage loan originators to disclose when they or an associate will act as a realtor in connection with a property’s sale and to inform and obtain a signature from the buyer. Signatures can be obtained on the Dual Capacity Disclosure Form.
Court grants $12 million final judgment but denies prejudgment interest in RICO class action
On June 18, the U.S. District Court for the Southern District of California entered an order granting plaintiffs’ motion for entry of final judgment against a large for-profit educational institution that has since gone bankrupt. According to the 2020 complaint, plaintiffs were left with debt for what they claimed to be a worthless education. After the school’s bankruptcy in 2016, plaintiffs alleged that they continue to be victimized by defendants’ student loan operation. Plaintiffs filed the motion following a jury trial where defendants were found liable under the Racketeer Influenced and Corrupt Organizations Act (RICO). The jury awarded plaintiffs $4 million in compensatory damages, which was trebled to $12 million under the RICO statute.
In addition to the judgment, plaintiffs applied for an additional $4 million in prejudgment interest. In denying the application for prejudgment interest, the court declined to award the discretionary interest based on allegations that defendants “repeatedly attempted to pick off the class representatives for the very purpose of eliminating this action, or at the very least, delaying it.” The court recognized that defendants’ tactics may have delayed the litigation but did not find them to be unreasonable or unfair to a degree that would warrant prejudgment interest, noting that the plaintiffs’ own post-trial motions contributed to the delay in judgment.
The court entered final judgment against the defendants in the amount of $12 million, with attorneys’ fees and costs to be determined later.