InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
France fines facial recognition company additional €5.2 million for noncompliance
On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply with an October order. As previously covered by InfoBytes, last fall CNIL imposed a €20 million penalty against the company for allegedly violating the EU’s General Data Protection Regulation (GDPR) after investigations found that the company allegedly processed personal biometric data without a legal basis (a breach of article 6 of the GDPR), and failed to take into account an individual’s rights in an “effective and satisfactory way”—particularly with respect to requests for access to their data (a breach of articles 12, 15 and 17 of the GDPR). CNIL reported that the company had two months after receiving the October order to stop collecting and processing data on individuals located in France “without any legal basis, and to delete the data of these individuals, after responding to requests for access it received.” Because the company did not submit proof of compliance within this time frame, CNIL imposed an additional fine on top of the original penalty.
6th Circuit: Tennessee judicial foreclosure time-barred
On May 4, the U.S. Court of Appeals for the Sixth Circuit affirmed a lower court’s decision in a judicial foreclosure action, holding that a bank’s lawsuit was barred by Tennessee’s 10-year statute of limitations for actions to enforce liens on real property. The appellate court also refused to establish an equitable lien on the property in favor of the bank. According to the opinion, the home equity line of credit at issue in the case matured in 2007, requiring a final balloon payment, but the bank did not demand this payment, refinance the loan, or foreclose on the property. Instead, the bank continued to accept monthly interest payments totaling around $100,000 until 2017. The opinion reflected that the bank did not contend there to be a written instrument showing an extension of the loan or that such an extension was recorded. Rather, the bank raised several arguments, including that there was an oral modification to the loan and that it had the unilateral right to extend the loan based on “a future advances provision that could extend the maturity date for up to twenty years.” The bank further argued that the defendants’ monthly interest payments excused any writing requirement and evidenced an agreement to extend the loan’s maturity date. The appellate court disagreed, concluding that because the bank could not show, as a matter of law, that the loan’s maturity date was extended, its suit is untimely. The appellate court stated that the bank was aware that the loan “was in default as early as 2011 (well within the statute of limitations period) but took no action to foreclose or refinance.” The 6th Circuit further noted that if the bank had “simply memorialized an extension to the [l]oan’s maturity date in writing as required by Tenn. Code Ann. § 28-2-111(c), it would not be in this situation.”
District Court preliminarily approves $300 million auto insurance settlement
On May 1, the U.S. District Court for the Northern District of California preliminarily approved a $300 million class action settlement resolving claims that a national bank hid misconduct relating to its auto insurance practices. The lead plaintiff alleged that, between November 3, 2016 and August 3, 2017, the defendant made materially false or misleading statements in violation of the Securities Act, which artificially inflated the price of the defendant’s stock. Specifically, the plaintiff maintained that the defendant concealed that it allegedly force-placed unneeded collateral protection insurance (CPI) on many of its customers and failed to refund unearned guaranteed auto protection (GAP) premiums to other customers, which led to more than 20,000 customers having their cars repossessed. The plaintiff further alleged that the defendant was aware of these issues but failed to disclose them to investors or the public, and claimed that the facts did not emerge until they were published by the media in July of 2017. As a result, class members who purchased defendant’s stock during the relevant period allegedly suffered economic losses when the stock price declined as a result of two corrective disclosures that revealed the CPI and GAP issues to investors. A hearing later this year will determine the service fee award and attorneys’ fees and expenses (to be no more than 25 percent of the settlement amount). The defendant denies all claims of wrongdoing.
Maryland eliminates separate licensing requirement for branches
On May 8, the Maryland governor signed HB 686 to eliminate a requirement that collection agencies and certain non-depository financial institutions must maintain separate licenses for branch locations. The Act now allows such entities to conduct business at multiple licensed locations under a single license. The Act also amends and clarifies other provisions relating to application requirements, licensee information listed in the Nationwide Multi-State Licensing System and Registry, requirements when using trade names, examinations, Commissioner of Financial Regulation assessments, and surety bond requirements. The Act is effective July 1.
New York proposes “landmark” crypto legislation
On May 5, New York Attorney General Letitia James announced proposed legislation to increase oversight of the cryptocurrency industry. Calling the “landmark legislation” the “strongest and most comprehensive set of regulations on cryptocurrency in the nation,” James said the bill would increase transparency, eliminate conflicts of interest, and impose “commonsense” investor protection measures consistent with other financial services regulations. Among other things, the bill would strengthen NYDFS’ regulatory authority over digital assets and codify the Department’s ability to license digital asset brokers, marketplaces, investment advisors, and issuers prior to engaging in business in the state. NYDFS would also be given jurisdiction to enforce violations of law within the crypto industry, including by issuing subpoenas; imposing civil penalties of $10,000 per violation per individual or $100,000 per violation per firm; collecting restitution, damages, and penalties; and shutting down businesses found to be engaging in fraud and illegal activities.
The bill would also strengthen investor protections by enacting and codifying “know-your-customer” protections, “[b]anning the use of the term ‘stablecoin’ to describe or market digital assets unless they are backed 1:1 with U.S. currency or high-quality liquid assets as defined in federal regulations,” and requiring crypto platforms to reimburse victims of fraud, similar to a bank’s responsibility under the EFTA. Other provisions would, among other things, (i) implement protections to stop conflicts of interest, including by preventing common ownership of crypto issuers, marketplaces, brokers, and investment advisers and preventing such persons from engaging in more than one of those activities; and (ii) require public reporting of financial statements to increase transparency and mandate that companies be required to undergo independent audits and publish audited financial statements, among other things.
The proposed bill will be submitted by the attorney general’s office to the New York Senate and Assembly for their consideration during the 2023 legislative session.
CFPB general counsel highlights risks in payments industry
On May 9, CFPB General Counsel and Senior Advisor to the Director, Seth Frotman, discussed the evolution of the payments system and its significant impact on consumer financial protection. Speaking before the Innovative Payments Association, Frotman commented that over the past few years, growth in the use of noncash payments (i.e. ACG, cards, and checks) accelerated faster from 2018 to 2021 than in any previous period, with the value of noncash payments since 2018 increasing nearly 10 percent per year, approaching almost $130 trillion in 2021. The value of ACH transfers and the number of card payments also increased tremendously, Frotman noted, pointing to a rapid decline in ATM cash withdrawals and the use of checks. He observed that the use of peer-to-peer (P2P) payment platforms and digital wallets is also growing quickly, with more traditional financial institutions redoubling their efforts to expand product offerings to capture market shares in this space. Additionally, several large tech firms, drawing on their significant customer bases and brand recognition, are looking to integrate payment services into their operating systems, with some offering payment products used by consumers daily, Frotman said.
Addressing concerns relating to data harvesting and privacy, Frotman said the Bureau is concerned that companies, including big tech companies, are using payment data to engage in behavioral targeting or individualized marketing, while some companies are sharing detailed payments information with data brokers or third parties as a way to monetize data. These behaviors, which he said only increase as payment systems continue to grow, raise the potential for harm, including limiting competition and consumer choice and stifling innovation. Frotman added that these issues are not limited to big tech. Banks, Frotman said, are also rolling out digital wallets as a way to access payment information, and Buy Now Pay later lenders are collecting consumer data “to increase the likelihood of incremental sales and maximize the lifetime value extracted from each current, past, or potential borrower.” Frotman reminded attendees that the Bureau has several critical tools at its disposal to address concerns about how data is bought, sold, used, and protected, and warned the payments industry to comply with applicable legal requirements.
Frotman also discussed challenges facing “gig” and other non-standard workers when trying to navigate consumer financial markets, particularly with respect to the intersection between how workers are being paid and the EFTA. According to Frotman, the Bureau is concerned about whether gig workers are being improperly required to receive payments through a particular financial institution or via a particular payment product or app. Frotman instructed employers to provide payment options that do not require workers to establish an account with a particular institution to ensure they do not run afoul of the EFTA’s “compulsory use” provision. Consumers who use a personal P2P app for work transactions are also entitled to EFTA protections with respect to fraud and error resolution, Frotman added. Frotman closed his remarks by touching briefly on liquidity and stability in the P2P payment system. He warned that consumers who use P2P payment products to store funds do not have the same level of protection as consumers who use traditional banking products.
Maryland amends student financing company registration
On May 8, the Maryland governor signed HB 913 to amend certain provisions relating to student financing company registration and reporting requirements. Among other things, the Act defines the term “student financing company” to mean “an entity engaged in the business of securing, making, or extending student financing products, or any purchaser, assignee, or holder of student financing products.” Student financing companies seeking to provide services in the state will be required to register with the Commissioner of Financial Regulation beginning March 15, 2024. Additionally, the Act provides that a student financing company seeking to renew its registration on an annual basis may be required to pay a fee at the time of renewal. The Act also authorizes the Commissioner to adopt registration procedures for student financing companies, including the use of the Nationwide Multi-State Licensing System and Registry, and may impose certain fees for using the registry. Additionally, the Act makes several technical clarifying provisions to the reporting requirements for student financing companies to be filed with the Commissioner annually on or before March 15. Furthermore, on or before June 15, 2024 (and each June 15 thereafter), information reported by the student financing companies will be available on a publicly accessible website to be developed and maintained by the Commissioner. The Act is effective October 1.
NYDFS proposes vetting guidance for licensed or chartered entities
On May 9, NYDFS Superintendent Adrienne A. Harris released proposed guidance for banking organizations and non-depository financial institutions chartered or licensed under the New York Banking Law concerning the Department’s character and fitness assessment expectations. The proposed guidance sets forth several criteria, including that covered institutions (i) update and modernize policies and procedures to ensure designated persons, including senior officers and governing board members, undergo a robust initial vetting process to make sure no new circumstances or conflicts of interests arise that may compromise the organization; (ii) take a risk-based and proportionate approach to ensure their vetting frameworks are tailored to meet their specific business needs, operations, and risks; (iii) promptly inform NYDFS if, through a character and fitness review, a determination is made that a previously vetted designated person is no longer fit to perform the current function, or if a designated person has been transferred to another position or group (or modifications are made to a designated person’s current functions); and (iv) vet each designated person at the time they become a designated person, regardless of whether the person currently is or previously was a designated person at a different covered institution, including in instances involving a merger or acquisition. The announcement noted that a covered institution’s compliance with the guidance will be reviewed as part of its regular examination framework. Comments on the proposed guidance are due June 30.
FTC obtains TROs to halt student loan debt relief schemes
On May 8, the FTC announced that the U.S. District Court for the Central District of California recently issued temporary restraining orders (TROs) against two student loan debt relief companies that allegedly tricked consumers into paying for nonexistent repayment and loan forgiveness programs. According to the complaints (see here and here), the defendants allegedly made deceptive claims in order to lure low-income consumers into paying hundreds to thousands of dollars in illegal upfront fees as part of a purported plan to pay down their student loans. The defendants allegedly made consumers believe that they were enrolled in a legitimate loan repayment program, that their loans would be forgiven in whole or in part, and that most or all of their payments would be applied to their loan balances. The FTC alleges that, in reality, the defendants pocketed the borrowers’ payments. The FTC also charged the defendants with falsely claiming to be or be affiliated with the Department of Education and stating that they were purchasing borrowers’ debt from federal student loan servicers in order to secure debt relief on their behalf. When consumers realized the debt relief program did not exist, the defendants allegedly often refused to provide refunds.
According to the FTC, these deceptive misrepresentations violated Section 5 of the FTC Act and the Telemarketing Sales Rule (TSR). The FTC also alleges that the companies violated the Gramm-Leach-Bliley Act (GLBA), by using deceptive tactics to obtain consumers’ financial information, and the TSR, by calling numbers listed on the National Do Not Call Registry and by failing to pay required Do Not Call Registry fees for access. In issuing the TROs (see here and here), which temporarily halt the two schemes and freeze the defendants’ assets, the court noted that, upon “[w]eighing the equities and considering the FTC’s likelihood of ultimate success on the merits,” there is good cause to believe that immediate and irreparable harm will occur as a result of the defendants’ ongoing violations of the FTC Act, the TSR, and the GLBA, unless the defendants are restrained and enjoined.
Indiana amends mortgage loan originator licensing requirements
On May 4, the Indiana governor signed SB 452 to amend Indiana code governing financial institutions. Among other things, the Act amends a provision to require the Department of Financial Institutions to adopt emergency rules no later than June 30, 2024, to authorize certain licensees (or certain exempt persons aside from a person that has voluntarily registered with the Department) “to sponsor one (1) or more mortgage loan originators, who are not employees of the sponsoring person, to perform mortgage loan originator activities” provided certain criteria is met. Requirements include that (i) each sponsored person performs mortgage loan originator activities exclusively for the sponsoring person (as provided in a written agreement); (ii) the sponsoring person assumes responsibility for and reasonably supervises the activities of each sponsored mortgage loan originator; (iii) the sponsoring person maintains a bond that covers all sponsored mortgage loan originators; and (iv) each sponsored mortgage loan originator possesses a current, valid insurance producer license as required under state law. The emergency rules must meet the requirements of the Secure and Fair Enforcement for Mortgage Licensing Act of 2008, HUD and CFPB interpretations of that Act, as well as a subsequent amendment provided by the Economic Growth, Regulatory Relief, and Consumer Protection Act.