InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Texas issues a cease and desist order against a securities firm
On April 22, the Securities Commission of the State of Texas issued an Emergency Cease and Desist Order pursuant to the Texas Securities Act against respondents for allegedly offering investments in a digital gold vault that “purportedly secured physical gold and generates passive income using fintech and blockchain technology,” and are therefore subject to the Securities Act. The Securities Commission alleged that the investments were being “illegally, deceptively and fraudulently offered in Texas” and issued the Emergency Cease and Desist Order to “stop the scheme and protect the public from immediate and irreparable harm.” Respondents were ordered to immediately cease and desist from: (i) offering any security in Texas until the security is properly registered or exempt from registration; (ii) acting as securities dealers, agents, investment advisors, or investment advisor representatives in Texas until they are registered with the Securities Commissioner or exempt from registration; (ii) engaging in any fraud in connection with the offer for sale of any security in Texas; and (iv) offering securities in Texas through an offer containing a statement that is materially misleading or otherwise likely to deceive the public.
Tennessee amends caller ID law
On April 22, Tennessee enacted HB 2504 (the “Act”), which amends the Tennessee Consumer Protection Act of 1977 to specify that it is illegal for: (i) “[a] person, in connection with a telecommunications service or an interconnected VoIP service, to knowingly cause any caller identification service to transmit misleading or inaccurate caller identification information to a subscriber with the intent to defraud or cause harm to another person or to wrongfully obtain anything of value”; and (ii) “[a] person, on behalf of a debt collector or inbound telemarketer service, to knowingly cause any caller identification service to transmit misleading or inaccurate caller identification information, including caller identification information that does not match the area code of the person or the debt collector or inbound telemarketer service the person is calling on behalf of, or that is not a toll-free phone number, to a subscriber with the intent to induce the subscriber to answer.”
The Act is effective on July 1.
Student loan servicer to pay DFPI $27, 500 for untimely response to information request
On April 24, the California DFPI entered into a consent order with a federal student loan servicer (respondent) that allegedly failed to provide the DFPI with timely access to requested borrower data. In late April of 2022, the U.S. Department of Education announced a one-time revision of income-driven repayments to address past inaccuracies. To take advantage of this adjustment, the Department of Education required borrowers to submit a loan consolidation application by April 30, 2024. The DFPI requested information from respondent on student loan borrowers for the purpose of completing outreach to impacted borrowers ahead of the loan consolidation application deadline. Respondent provided this information 17 days after the deadline set by the DFPI.
To resolve DFPI’s allegations, respondent agreed to pay a penalty in the amount of $27,500.
FTC bans all non-competes for workers and new non-competes for senior executives
On April 23, the FTC released a final rule titled the “Non-Compete Clause Rule,” in a 570-page release, to “categorically ban” non-compete clauses in employment contracts with all workers after the effective date of the rule pursuant to the FTC’s UDAP authority, by rendering such clauses an unfair method of competition pursuant to Section 5 of the FTC Act. The final rule also renders most existing noncompete clauses unenforceable after the effective date of the final rule, with an exception for existing noncompete clauses for senior executives, which remain enforceable. The FTC explained that it viewed noncomplete clauses as “restrictive and exclusionary” with negative impacts on earnings, innovation, and market competition. The final rule defines “non-compete clause” as “a term or condition of employment that prohibits a worker from, penalizes a worker for, or functions to prevent a worker from (1) seeking or accepting work in the United States with a different person where such work would begin after the conclusion of the employment that includes the term or condition; or (2) operating a business in the United States after the conclusion of the employment that includes the term or condition.”
While the FTC decided against adopting a rescission requirement for non-competes in the final rule, it adopts notice requirements for all workers who are not senior executives requiring “the person who entered into the non-compete” to provide “clear and conspicuous notice to the worker by the effective date that the worker’s non-compete clause is no longer in effect and will not be, and cannot legally be, enforced against the worker.” The Commission noted that employers concerned about protecting confidential business information, may avail themselves of the protections of trade secret law and further noted that there are several states that have already substantially banned non-competes, and that within these states employers have found alternative methods to protect their investments.
The FTC’s final rule will go into effect 120 days after publication of the final rule in the Federal Register.
OIG releases CFPB and Fed list of open recommendations
On April 22, the OIG, which oversees the CFPB and the Fed, released two audit and evaluation reports that noted previously identified recommendations to improve or correct issues that remain open as of March 31, including some recommendations that have been open for more than six months. With respect to the CFPB, the OIG identified 18 recommendations that remain open; with respect to the Fed, the OIG identified 65 open recommendations. The open recommendations made to the CFPB stem from OIG reports on strengthening its offboarding process in 2018, auditing the Bureau’s information security program in 2018, 2022, and 2023, and technical testing results for the Bureau’s legal enclave in 2020. The open recommendations to the Fed stem from OIG reports relating to, among others (i) information security; (ii) cybersecurity; (iii) security control of the Fed’s public website; (iv) the Fed’s Financial Market Utility Supervision Program; and (v) enterprise risk management. Notably, a small subset of the recommendations that remain open are nonpublic.
CFPB publishes the mortgage servicer edition of its Supervisory Highlights
On April 24, the CFPB published its 33rd edition of its mortgage servicing Supervisory Highlights which covers select examinations and violations regarding mortgage servicing from April 1, 2023, through December 31, 2023. This edition of Supervisory Highlights focused on alleged violations of law identified in CFPB examinations including (i) charging illegal junk fees including impermissible property inspection and late fees; (ii) UDAAP violations; and (iii) violations of Regulation X loss mitigation requirements. The Bureau made clear in its press release that it plans to continue its focus on combatting junk fees within and beyond the mortgage servicing space.
The CFPB highlighted several violations of law resulting from mortgage servicers’ payment processing practices including the charging of property inspection fees in connection with certain Fannie Mae loans in violation of investor guidelines. To rectify this, servicers addressed system errors causing the fees in question, enhanced oversight, and were instructed to compensate affected borrowers. Other payment processing-related violations identified by the Bureau included failure to adequately describe fees in periodic statements by using the term “service fee” to describe 18 different fee-types, and failure to make timely disbursements from escrow accounts in violation of Regulation X.
The Bureau also identified unfair practices relating to the charging of late fees in excess of the amount authorized in the loan agreement or after consumers had entered into loss mitigation agreements, which should have prevented late fees. Servicers identified as having engaged in such violations were required to refund the fees to consumers and improve internal processes in response to the findings.
The CFPB also identified violations of law relating to loss mitigation and loan modifications. Examiners noted that some servicers failed to provide a written notice confirming the receipt of loss mitigation applications and informing consumers of whether the application was complete or incomplete. Further, some servicers failed to provide timely and complete notices of loss mitigation options. Additionally, some servicers, in violation of Regulation X, failed wo waive existing fees after borrowers had accepted Covid-19 hardship loan modifications.
Examiners also found that certain servicers committed deceptive practices by sending out delinquency notices incorrectly stating that consumers had missed payments and needed to apply for loss mitigation when those consumers were actually up to date on their payments, enrolled in trial modification plans, or had inactive loans (such as those already paid off or in the process of a short sale).
Finally, the Bureau identified violations of law relating to (i) live contact and early intervention requirements in connection with delinquency and (ii) failure to retain adequate records.
CFPB petitions 5th Circuit to keep credit card late fee case in D.C.
On April 18, the CFPB asked a three-judge panel of the U.S. Court of Appeals for the Fifth Circuit to reconsider its earlier decision to grant a petition for a writ of mandamus requiring the U.S. District Court for the Northern District of Texas to claw back its earlier transfer of industry’s challenge to the CFPB’s credit card late fee rule to Washington D.C. (covered by InfoBytes here). The CFPB urges the 5th Circuit to grant a panel rehearing, suggesting that the panel’s earlier decision rested on “flawed factual premises” and would be “unworkable for courts.”
According to the CFPB, the panel relied on the incorrect assumption that “credit card issuers needed to have printed and distributed disclosure materials about the late fees to customers by March 29” to comply with the final rule. The Bureau asserted this was a “manufactured” deadline. The CFPB also stressed that TILA does not require the Bureau to provide advance notice for a reduction in the maximum late fee. Further, the Bureau’s petition expanded into four misconstrued facts, such as that it was not true that the panel needed to grant the plaintiffs’ alleged claim for “urgent relief,” that the plaintiffs’ preliminary injunction motion needed to be decided quickly, that the plaintiffs were “entitled” to a quick resolution, and that the panel erred again in deciding that the final late fee rule did not require compliance until May 14 (thus leaving six more weeks for a decision).
Second, the CFPB argued that the panel’s new standard for assessing whether a preliminary injunction was denied would be “unworkable” for courts in practice and would improperly interfere with the district courts’ authority to manage their dockets when plaintiffs seek preliminary injunctive relief. The Fifth Circuit has asked the plaintiffs to respond to the petition for rehearing by April 29, 2024.
Separately, the Fifth Circuit has set a schedule for “expedited briefing” on the appeal of the district court’s “effective denial” of plaintiffs’ motion for a preliminary injunction. The briefing, however, will not conclude until May 17, 2024, days after the CFPB’s credit card late fees rule goes into effect. The Fifth Circuit has not yet ruled on plaintiffs’ pending motion for a stay pending appeal, raising the prospect that the credit card late fees will go into effect only to be enjoined soon thereafter.
Nebraska enacts a comprehensive data privacy law
On April 17 Nebraska enacted LB 1074 (the “Act”), establishing a comprehensive consumer data privacy law. The Act applies to a person that is not a small business (as determined under the federal Small Business Act) who conducts business in Nebraska or produces a product or service used by Nebraska consumers and who processes or sells personal data. The Act includes exemptions for certain classes of data, including data subject to the Gramm-Leach-Bliley Act, as well as for certain entities including state agencies, financial institutions and their affiliates, nonprofits, higher education institutions, and covered entities or business associates governed by the privacy, security, and breach notification rules issued by the Department of Health and Human Services.
The Act grants consumers the right to (i) request information about whether their data is being processed; (ii) access their data; (iii) correct inaccuracies; (iv) delete their data; (v) obtain a portable copy of their data; and (vi) opt out of certain uses of their data, such as targeted advertising, sale, or “profiling in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.” Controllers, defined as persons that determine the purpose and means of processing personal data, must respond to authenticated consumer requests within 45 days and may extend the period once by another 45 days if necessary. If a request is denied, consumers must be informed of the reasons and instructed on how to appeal to the Attorney General. Controllers must offer a free response to two requests per year from each consumer but may charge a fee or refuse to act if requests are unfounded or excessive. Controllers also must establish an appeals process for consumers whose requests are denied, and inform the consumer of the outcome of their appeal within 60 days.
Rights afforded to consumers under the Act cannot be waived or limited by contract or agreement. Further, under the Act, controllers must provide consumers with a clear privacy notice including information similar to that required under the Gramm-Leach-Bliley Act.
The Act is effective on January 1, 2025 and enforceable by the Attorney General and does not provide a private right of action.
Tennessee prevents lenders from discriminating against specific factors
On April 22, the Governor of Tennessee signed into law HB 2100 (the “Act”) which amended the state consumer protection codes to prevent financial institutions and insurers (collectively, institutions) from discriminating in the provision or denial of services based on certain enumerated factors. Specifically, institutions will not be allowed to discriminate based on, among others: (i) a person’s political opinions, speech, or affiliations; (ii) a person’s religious beliefs, exercise, or affiliations; (iii) any factor that is not a quantitative, impartial and risk-based standard; or (iv) a “social credit score” that is based on certain identified factors, including the lawful ownership of a firearm, engagement in fossil fuel-related business, support of the state or federal government’s efforts to combat illegal immigration, or a person’s failure to meet environmental, social governance, corporate board composition, social justice, or diversity, equity, and inclusion standards so long as the person is in compliance with applicable state or federal law. The Act provides that engaging in the prohibited forms of discrimination constitutes an unfair trade practice. The Act will go into effect on July 1.
FinCEN renews real estate GTOs
On April 17, FinCEN renewed its Geographic Targeting Orders (GTOs) which require title insurance companies to identify the real owners of shell companies involved in cash real estate purchases. This renewal is effective from April 19, through October 15, and applies to specified counties and cities across various states, including California, Florida, New York, and the District of Columbia. The GTOs aim to gather data on potential illicit activities in the housing market and support regulatory initiatives. The minimum property purchase price for reporting remains at $300,000, except in Baltimore, where it is $50,000. FinCEN is also processing feedback from a February proposed rulemaking on anti-money laundering measures for the residential real estate sector.
FinCEN FAQs regarding the GTOs are available here.