InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions individuals and entities connected to Russia’s corruption in Moldova
On June 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against seven leading members of a Russian intelligence-linked group and an entity connected to one of these individuals, for their role in “the destabilization campaign and continued malign influence campaigns in Moldova.” OFAC previously sanctioned individuals and entities endeavoring in similar efforts to undermine Moldova’s democracy, (covered by InfoBytes here). OFAC also mentioned in the announcement that the EU sanctioned Russian and Moldovan individuals for the same crimes. The designated individuals for these sanctions, OFAC said, are part of a global information operation connected to the Russian Federation—targeting not only Moldova, but other Balkan countries, the EU, UK, and U.S.—that provokes anti-government demonstrations designed to instill fear that undermines faith in democratic principles. Notably, the actors designated were part of a plot to “capitalize on these protests in Chisinau and seize the Moldovan Government House,” OFAC stated. As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.
OFAC sanctions Iranian tech company and employees
On June 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 13846, against an Iran-based technology company, two senior employees, and an affiliate based in the UAE. According to OFAC, the sanctioned persons and entities partook in facilitating the Iranian regime’s censorship of the internet in Iran. The technology company is a key partner in Iran’s development of the National Information Network, which, OFAC states is, “a countrywide intranet that is being used to disconnect the Iranian people from the global internet.” As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Additionally, OFAC warned that “persons that engage in certain transactions with the individuals and entities designated today may themselves be exposed to sanctions or subject to an enforcement action.” Also, OFAC noted that unless an exception applies, any foreign financial institution that knowingly takes part in a significant transaction or provides significant financial services for any of the persons designated could also be subject to U.S. sanctions.
In conjunction with the sanctions, OFAC issued several Iran-related general licenses (see General License P).
Texas enacts Money Services Modernization Act
On May 29, the Texas governor signed SB 895 (the “Act”) to enact the Money Services Modernization Act, the money transmitter model law created by industry and state experts. The goal of the Act is to create a set of consistent and coordinated standards relating to the regulation of money service businesses. Among other things, the Act outlines networked supervision criteria to allow the commissioner to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors, the Money Transmitter Regulators Association, and other related affiliates and successors for all money services licenses that hold licenses in Texas and other states. To efficiently minimize regulatory burden, the commissioner may, among other things, coordinate and share information with other state and federal regulators, enter into information-sharing contracts or agreements, conduct joint examinations or investigations, and accept examination or investigation reports made by other states. Texas now joins several other states in adopting common licensing and regulatory standards to add efficiencies to the multi-state process (continuing InfoBytes coverage here).
Additionally, the commissioner has enforcement, examination, and supervision authority, may adopt implementing regulations, and may recover costs and fees associated with applications, examinations, investigations, and other related actions. The Act also includes additional consumer protection provisions. The Act includes in the definition of “money” or “monetary value” a stablecoin that “(i) is pegged to a sovereign currency; (ii) is fully backed by assets held in reserve; and (iii) grants a holder of the stablecoin the right to redeem the stablecoin for sovereign currency from the issuer.” Among the various exemptions, the Act provides for an exemption for an agent of the payee to collect and process a payment from a payor to the payee for goods or services, other than money transmission services. The amendments also outline numerous licensing application and renewal procedures including net worth, surety bond, and permissible investment requirements. The Act is effective September 1.
Minnesota further regulates payday loans
On May 24, Minnesota enacted SF 2744 (the “Act”) to amend several sections of the state statutes relating to payday loans. Among other things, Section 47.603 has been added to create barriers for payday lenders charging annual interest rates of more than 36 percent and to require payday lenders to assess the borrower’s ability to repay a payday loan or payday advance.
The provisions specify an ability to repay analysis, which requires a payday lender to first determine whether a borrower has the ability to make the loan payment at the end of the loan period. The Act further explains that a “payday lender’s ability to repay determination is reasonable if, based on the calculated debt-to-income ratio for the loan period, the borrower can make payments for all major financial obligations, make all payments under the loan, and meet basic living expenses during the period ending 30 days after repayment of the loan.” Additionally, amendments replace past provisions for charges in lieu of interest, with an umbrella policy for any consumer small loan with an annual percentage rate of up to 50 percent that bans lenders from adding any additional charges or payments in connection with the loan.
The amendments will apply to “consumer small loans” and “consumer short-term loans,” as defined by the Act, originated on or after January 1, 2024.
Florida enacts privacy legislation; requirements focus on digital industry
On June 6, the Florida governor approved SB 262 to create the Florida Digital Bill of Rights (FDBR) and establish a framework for controlling and processing consumer personal data in the state, applicable only to companies that meet certain criteria and bring in global gross annual revenues of more than $1 billion. Specifically, the FDBR applies to “controllers,” or any person that conducts business in Florida, collects personal data about consumers (or is an entity on behalf of which this information is collected), determines the purposes and means of processing consumers’ personal data (alone or jointly with other entities), meets the revenue minimum, and satisfies at least one of the following criteria: (i) derives at least 50 percent of global gross revenue from the sale of online advertisements (including targeted advertising); (ii) operates a consumer smart speaker and voice command component service; or (iii) operates an app store or a digital distribution platform offering a minimum of 250,000 unique software applications available for download. The FDBR outlines exemptions, including exemptions for financial institutions and data subject to the Gramm-Leach-Bliley Act, as well as certain covered entities governed by the Health Insurance Portability and Accountability Act.
- Consumer rights. Under the FDBR, Florida consumers will have the right to, among other things, (i) confirm whether their personal data is being processed and to access their data; (ii) correct inaccuracies; (iii) delete their data; (iv) obtain a copy of personal data processed by a controller; and (v) opt out of the processing of their data for targeted advertising, the sale of their data, or certain profiling. The FDBR also adds biometric data and geolocation information to the definition of personal information.
- Controllers’ responsibilities. Data controllers under the FDBR will be responsible for, among other things, (i) responding to consumers’ requests within 45 days unless extenuating circumstances arise and providing requested information free of charge, up to twice annually for each consumer; (ii) establishing an appeals process to allow consumer appeals within a reasonable time period after a controller’s refusal to take action on a consumer’s request; (iii) limiting the collection of data to what is required and reasonably necessary for a specified purpose; (iv) securing personal data and implementing appropriate data security protection practices; (v) not processing data in violation of state or federal anti-discrimination laws; (vi) obtaining consumer consent in order to process sensitive data (consent may be revoked at any time); (vii) ensuring contracts and agreements do not waive or limit consumers’ data rights; and (viii) providing clear privacy notices. The FDBR also sets forth obligations relating to contracts between a controller and a processor.
- No private cause of action but enforcement by the Florida Department of Legal Affairs. The FDBR explicitly prohibits a private cause of action. Instead, it grants the department exclusive authority to bring actions under the Florida Deceptive and Unfair Trade Practices Act and seek penalties of up to $50,000 per violation, which may be tripled for any violation involving a child under the age of 18 for which the online platform has actual knowledge. The department is also granted authority to adopt rules to implement the FDBR.
- Right to cure. Upon discovering a potential violation of the FDBR, the department must give the controller written notice. The controller then has 45 days to cure the alleged violation before the department can file suit.
Minor children are also afforded specific protections under the FDBR, including prohibiting online platforms that provide services or features to children from processing children’s personal information or from collecting, selling, sharing, or retaining any personal information that is not necessary to provide an online service, product, or feature. Additionally, the FDBR includes provisions addressing political ideology and government-led censorship.
The FDBR takes effect July 1, 2024.
Florida now joins nine other states in enacting comprehensive consumer privacy measures, following California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, Tennessee, and Montana.
More states targeting commercial financing disclosures
Several states are moving forward on legislation relating to commercial financing disclosures. While Georgia is the most recent state to require disclosures in connection with commercial financing transactions of $500,000 or less (covered by InfoBytes here), additional states, including Connecticut and Florida, are moving bills through the legislature that would also impose several requirements on commercial financing lenders and providers.
Awaiting the governor’s signature, Connecticut SB 1032 would require certain providers of commercial financing to make various disclosures, with violators being subject to civil penalties. The requirements are applicable to sales-based financing in amounts of $250,000 or less. A “provider” is defined by the bill as “a person who extends a specific offer of commercial financing to a recipient” and includes, unless otherwise exempt, a “commercial financing broker,” but does not include “a bank, out-of-state bank, bank holding company, Connecticut credit union, federal credit union, out-of-state credit union or any subsidiary or affiliate of the foregoing.” The bill establishes parameters for qualifying commercial transactions and outlines numerous additional exemptions. Providers may also be able to rely on a statement of intended purpose made by the “recipient” – which is defined as “a person, or the authorized representative of a person, who applies for commercial financing and is made a specific offer of commercial financing by a provider” – to determine whether the financing is commercial financing. Additionally, when extending a specific offer for sales-based financing, the provider must disclose the terms of the transaction as specified within the bill. As a condition of obtaining commercial financing, should the provider require a recipient to pay off the balance of existing commercial financing from the same provider, the provider would be required to include additional disclosures. The bill also discusses conditions and criteria for when using another state’s commercial financing disclosure requirements that meet or exceed Connecticut’s provisions may be permitted.
The bill further provides that a commercial financing contract entered into on or after July 1, 2024, may not contain any provisions waiving a recipient’s right to notice, judicial hearing, or prior court order in connection with the provider obtaining any prejudgment remedy. Additionally, a provider may not revoke, withdraw, or modify a specific offer until midnight of the third calendar day after the date of the offer. Finally, the banking commissioner also is authorized to adopt regulations to carry out the bill’s provisions. Notably and unique to Connecticut is a requirement that providers and brokers of commercial financing be registered with the state banking commissioner in addition to adhering to the prescribed disclosure requirements. No later than October 1, 2024, providers and brokers must abide by certain application requirements and pay registration fees. If enacted, Connecticut’s requirements would take effect July 1, 2024.
Similarly, Florida also moved legislation during the 2023 session related to commercial financing that would have created the Florida Commercial Financing Disclosure Law. Among other things, HB 1353 would have required covered providers to provide specified disclosures for commercial financing transactions in amounts of $500,000 or less and would have established unique broker requirements. Florida’s session ended May 5.
California imposes CLRA advertising requirements
Covered entities in California are reminded that Section 1770 of the Consumer Legal Remedies Act requires persons offering or providing a consumer financial service or product to include certain language when making solicitations. As previously covered by InfoBytes, AB 1904 was enacted last year to amend Section 1770 of the Civil Code relating to unfair methods of competition and unfair or deceptive acts. The amended code prohibits a covered person or a service provider from engaging in unlawful, unfair, deceptive, or abusive acts or practices regarding a consumer financial product or service, such as: (i) misrepresenting the source, sponsorship, approval, or certification; (ii) advertising goods or services with the intent not to sell them as advertised; and (iii) making false or misleading statements of fact concerning reasons for, the existence of, or amounts of, price reductions. The amendments authorize the California Department of Financial Protection and Innovation to bring a civil action for a violation of the law, and make unlawful the failure to include certain information, including a prescribed disclosure, in a solicitation by a covered person, or an entity acting on behalf of a covered person, to a consumer for a consumer financial product or service. Specifically, Cal. Civ. Code § 1770(a)(28) requires covered persons to include the following language in solicitations:
- “The name of the covered person, and, if applicable, the entity acting on behalf of the covered person, and relevant contact information, including a mailing address and telephone number.”
- “The following disclosure statement in at least 18-point bold type and in the language in which the solicitation is drafted: ‘THIS IS AN ADVERTISEMENT. YOU ARE NOT REQUIRED TO MAKE ANY PAYMENT OR TAKE ANY OTHER ACTION IN RESPONSE TO THIS OFFER.’”
The requirements took effect at the beginning of the year.
Colorado limits out-of-state bank charges on consumer credit
On June 6, the Colorado governor signed HB 23-1229 (the “Act”) to amend the state’s Uniform Consumer Credit Code (UCCC). Specifically, Colorado has invoked its right under the Depository Institutions Deregulation and Monetary Control Act (DIDMCA) to opt out of a provision that allows state-chartered banks to preempt state interest rates applicable to consumer credit transactions. Sections 521-523 of DIDMCA currently allow state-chartered banks to charge the interest allowed by the state where they are located, regardless of where the borrower is located and regardless of conflicting out-of-state law. Section 525, however, provides states with the authority to opt out of these sections.
Modifications to the UCCC impact requirements for alternative charges for loans not exceeding $1,000, and include the following changes:
- Reduces the permissible acquisition charge on the original loan or any refinanced loan from 10 to eight percent of the amount financed;
- Reduces permissible monthly installment account handling charges based on categories of the amount financed;
- Increases the minimum loan term from 90 days to six months;
- Removes the ability for a lender to charge a delinquency charge on a loan;
- Amends provisions relating to the conditions upon which an acquisition charge must be refunded to a consumer; and
- Limits the number of times a lender can refinance a consumer loan to once a year.
The amendments take effect July 1, 2024, and only apply to consumer credit transactions made after that date.
Maryland says shared appreciation agreements are mortgage loans
The Maryland governor recently signed HB 1150 (the “Act”), which subjects certain shared appreciation agreements (SAAs) to the Maryland Mortgage Lender Law. Under the Act, the term “loan” now “includes an advance made in accordance with the terms of a shared appreciation agreement.” An SAA is defined by the Act to mean “a writing evidencing a transaction or any option, future, or any other derivative between a person and a consumer where the consumer receives money or any other item of value in exchange for an interest or future interest in a dwelling or residential real estate, or a future obligation to repay a sum on the occurrence of [certain] events,” such as an ownership transfer, a repayment maturity date, a consumer’s death, or other events. The Act specifies that a loan is subject to the state’s mortgage lender law if the loan is an SAA and “allows a borrower to repay advances and have any repaid amounts subsequently readvanced to the borrower.”
Interim guidance released by the Maryland Commissioner of Financial Regulation further clarifies that SAAs are mortgage loans, and that those who offer SAAs to consumers in the state are required to obtain a Maryland mortgage lender licensing unless exempt. Under the Act, the commissioner will issue regulations addressing enforcement and compliance, including SAA disclosure requirements. The Act takes effect July 1. However, for SAA applications taken on or after July 1 (and until regulations are promulgated and effective), the commissioner will not cite a licensee for disclosure requirement violations, provided the licensee makes a good faith effort to give the applicant specified information within ten days of receiving an application. Licensees will be required to provide the information again at least 72 hours before settlement if the actual terms of the SAA differ from those provided in the initial disclosure.
Agencies propose ROV guidance
On June 8, the CFPB joined the Federal Reserve Board, FDIC, NCUA, and the OCC to request comments on proposed interagency guidance relating to reconsiderations of value (ROV) for residential real estate valuations. The proposed guidance advises financial institutions on policies that would afford consumers an opportunity to introduce evidence that was not previously considered in the original appraisal. The proposal references the occurrence of “deficiencies” in real estate valuations, which can be due to errors or omissions, valuation methods, assumptions, or other factors. According to the proposed guidance, these kind of valuation deficiencies can “prevent individuals, families, and neighborhoods from building wealth through homeownership by potentially preventing homeowners from accessing accumulated equity, preventing prospective buyers from purchasing homes, making it harder for homeowners to sell or refinance their homes, and increasing the risk of default.” Also noted is the risk non-credible valuations pose to financial institutions, which may lead to loan losses, violations of law, fines, civil money penalties, damages, and civil litigation.
The proposed guidance (i) provides direction on how ROVs overlap with appraisal independence requirements and compliance with relative laws and regulations; (ii) identifies how financial institutions can implement and improve existing ROV policies while remaining compliant with regulations, preserving appraiser independence, and being responsive to consumers; (iii) explains how deficiencies can pose risk to financial institutions and describes how ROV policies should be factored into risk management functions; and (iv) provides examples of ROV policies, procedures, control systems, and complaint processes to address deficient valuations.
Comments on the proposed guidance are due within 60 days of publication in the Federal Register.