InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Illinois AG, IDFPR settle with three payday lenders
On November 5, the Illinois attorney general and the Illinois Department of Financial and Professional Regulation (IDFPR) announced a settlement resolving allegations that three companies violated Illinois lending laws by generating payday loan leads without a license and arranging high-cost payday loans for out-of-state payday unlicensed lenders. The AG and IDFPR further alleged that the companies falsely represented their loan network as being “trustworthy,” although the loan terms and conditions did not comply with Illinois law, which violated the Illinois’ Consumer Fraud and Deceptive Business Practices Act. The AG sued the companies in 2014 after the companies refused to comply with a cease and desist order issued by IDFPR, which required them to become licensed. According to the announcement, under the terms of the settlement, the companies are prohibited from: (i) arranging or offering small-dollar loans, online or otherwise, without being licensed by IDFPR; (ii) advertising or offering any small consumer loan arrangements or lead generation services in Illinois, unless they are licensed by IDFPR; and (iii) providing services associated with arranging or offering small dollar loans to Illinois consumers without being licensed by IDFPR.
DFPI reminds CFL licensees of December 31 transition deadline
Recently, the California Department of Financial Protection and Innovation (DFPI) reminded companies licensed under the California Financing Law that they must transition onto the Nationwide Multistate Licensing System & Registry (NMLS) by December 31. Licensees not currently on the NMLS must establish an account in the system and transfer information to DFPI through NMLS on or before the deadline. Applicants and transitioning licensees are required to submit IRS and Secretary of State documentation identifying the employer identification number and the state where the company is registered as a business. DFPI further stated that the time for “DFPI to process the licensee’s NMLS transition does not [affect] the licensure status of the licensee, and may occur after the licensee’s December 31, 2021 deadline to submit the licensee’s information to the DFPI through NMLS.”
Utah amends mortgage practices and licensing rule provisions
Recently, the Utah Department of Commerce adopted amendments to the Utah Residential Mortgage Practices and Licensing Rules to eliminate unnecessary and redundant licensee expenses for criminal background checks and credit reports. Among other things, the amendments provide that if a licensee submits a fingerprint background report to the Nationwide Multistate Licensing System & Registry (NMLS) “that is current according to the NMLS and is dated within 90-days of the date of the application to renew, the Division shall use that fingerprint background report in satisfaction of the requirement of. . .subsection [R162-2c-204]. If there is no current fingerprint background report in the NMLS, the licensee shall submit a fingerprint background report to the NMLS with the licensee’s application to renew.” The same condition also applies to current credit reports dated within 30-days of the date the renewal application was submitted to the NMLS. The amendments also update certain license qualification provisions related to moral character and felony convictions, and eliminate provisions concerning employee incentive programs related to licensed entities. These provisions took effect October 26.
DFPI addresses several MTA licensing exemptions
Recently, the California Department of Financial Protection and Innovation (DFPI) released several new opinion letters covering aspects of the California Money Transmission Act (MTA) related to virtual currency and agent of payee rules. Highlights from the redacted letters include:
- Cryptocurrency and Agent of Payee Exemption. The redacted opinion letter reviewed whether MTA licensure is required for a company’s proposal to offer payment processing services that would enable merchants to receive payments in U.S. dollars from buyers of goods and services, automatically exchange these payments into dollar-denominated tokens on a blockchain network, and to store the tokens in a custodial digital wallet. DFPI currently does not require licensure for companies to receive U.S. dollars from a buyer for transfer to a merchant’s wallet as dollar tokens. DFPI explained that even if it did regulate this activity, the structure of the company’s payment processing services satisfies the requirements of the agent-of-payee exemption, wherein the company acts as the agent of the merchant pursuant to a preexisting written contract and the company’s receipt of payment satisfies the buyer’s obligation to the merchant for goods or services. DFPI further explained that while storing dollar tokens in a custodial digital wallet or making subsequent transfers out of a wallet do not currently require licensure under the MTA, DFPI may later determine the activities are subject to regulatory supervision.
- Asset-Backed Tokens and Other Cryptocurrency. The redacted opinion letter asked DFPI whether an MTA license is required to (i) provide technical services to enable owners of metal to create digital assets representing interests in that metal; (ii) facilitate trading in these digital assets; or (iii) provide digital wallets to customers. The company intends to create a platform to facilitate the creation, sale, and trading of metal asset-backed tokens, whereby a customer purchases metal asset-backed tokens (ABTs) or currency tokens using fiat currency stored in an FBO account. Customers will not be allowed to transmit fiat currency to each other except to facilitate the purchase of ABTs or currency tokens, to receive proceeds from ABTs, or to pay platform fees. DFPI explained that while issuing stored value is generally considered money transmission, “[p]roviding technical services to assist in the creation of a [m]etal ABT and [i]ndustrial [t]okens and issuing a digital wallet holding the [m]etal ABT does not require licensure.” DFPI noted that the company is not itself issuing the ABT or industrial tokens. DFPI further concluded that the company does not need an MTA license to issue a digital wallet holding metal ATBs because the digital wallet is not stored value nor can the wallet’s contents be redeemed for money or monetary value or be used as payment for goods or services. DFPI separately indicated that a license is not currently required to facilitate the sale of ABTs, nor the issuance and sale of currency tokens. However, DFPI warned the company that the opinion only pertains to MTA, and that the company should be aware that metal ABTs and industrial tokens “could be considered a commodity and California Corporations Code section 29520 generally prohibits the sale of a commodity, unless an exception applies.”
- Cryptocurrency-to-Precious Metals Dealer. The redacted opinion letter reviewed whether an online cryptocurrency-to-precious metals dealer, which accepts a variety of different cryptocurrencies in exchange for precious metals and also purchases precious metals from customers using different cryptocurrencies, requires MTA licensure. The company referenced a 2016 decision where DFPI determined that a company operating a software technology platform to facilitate the purchase and sale of gold was not engaged in money transmission, that gold and other precious metals were not payment instruments, that the transactions did not represent selling or issuing stored value, and that “the activity did not constitute receiving money for transmission because the sale or repurchase of gold was a bargained-for-exchange and did not involve transmission to a third party.” The company argued that purchasing and selling precious metals with cryptocurrency is similar and should not trigger MTA’s licensing requirement. DFPI agreed that the company’s business activities do not meet the definition of money transmission because precious metals are not payment instruments, and as such, purchasing and selling precious metals for cryptocurrency does not represent the sale or issuance of a payment instrument. Additionally, DFPI concluded that the company is not selling or issuing stored value, nor do the transactions “involve the receipt of money or monetary value for transmission within or outside the U.S.”
- Virtual Currency Wallet. The redacted opinion letter asked whether an MTA license is required to operate a platform that will provide customers with an account to store and transfer virtual currencies. The company will also provide customers access to an exchange where they can facilitate the purchase or sale of virtual currencies in exchange for other virtual currencies. Fiat currency will not be used on the platform. DFPI stated that it does not currently require companies to obtain an MTA license to operate a platform that provides customers with an account to store and transfer virtual currencies. DFPI further stated that a license is not required to operate a platform that gives customers access to an exchange to purchase or sell virtual currencies in exchange for other virtual currencies.
- Purchase of Cryptocurrency. The redacted opinion letter examined whether a company that offers clients a direct opportunity to buy cryptocurrency in exchange for fiat currency requires MTA licensure. The company explained, among other things, that there is no transmission of cryptocurrency to third parties and that it does not offer money transmission services. DFPI concluded that because the company’s activities are limited to directly selling cryptocurrency to clients, it “does not require an MTA license because it does not involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.”
DFPI reminded the companies that its determinations are limited to the presented facts and circumstances and that any change could lead to different conclusions. Moreover, the letters do not relieve the companies from any FinCEN or federal regulatory obligations.
9th Circuit: Israeli company is not entitled to foreign sovereign immunity over malware claims
On November 8, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s order denying a private Israeli company’s motion to dismiss claims based on foreign sovereign immunity. The Israeli company (defendant) designs and licenses surveillance technology to governments and government agencies for national security and law enforcement purposes. According to the opinion, the defendant markets and licenses a product that allows law enforcement and intelligence agencies to covertly intercept messages, take screenshots, or extract information such as a mobile device’s contacts or history. The plaintiffs (a messaging company and global social media company) sued the defendant claiming it sent malware through the messaging company’s server system to approximately 1,400 mobile devices to gather users’ information in violation of state and federal law, including the Computer Fraud and Abuse Act and the California Comprehensive Computer Data Access and Fraud Act. The defendant moved to dismiss, claiming foreign sovereign immunity protected it from the suit. The defendant further contended that even if the plaintiffs’ allegations were true, it was “acting as an agent of a foreign state, entitling it to ‘conduct-based immunity’—a common-law doctrine that protects foreign officials acting in their official capacity.” The district court disagreed, ruling that common-law foreign official immunity does not protect the defendant in this case because the defendant “failed to show that exercising jurisdiction over [the defendant] would serve to enforce a rule of law against a foreign state.”
Although the 9th Circuit agreed with the district court that the defendant, as a private company, is not entitled to immunity, the panel affirmed on separate grounds. The 9th Circuit based its determination instead on the fact that “the Foreign Sovereign Immunity Act (FSIA or Act) occupies the field of foreign sovereign immunity as applied to entities and categorically forecloses extending immunity to any entity that falls outside the FSIA’s broad definition of ‘foreign state.’” Among other things, the 9th Circuit rejected the defendant’s claim that because governments use its technology it is entitled to the immunity extended to sovereigns. “Whatever [the defendant’s] government customers do with its technology and services does not render [the defendant] an ‘agency or instrumentality of a foreign state,’ as Congress has defined that term,” the appellate court wrote. In contrast to the district court, the 9th Circuit rejected the defendant’s argument that it could claim foreign sovereign immunity under common-law immunity doctrines that apply to foreign officials (i.e., natural persons), finding that “Congress [had] displaced common-law sovereign immunity doctrine as it relates to entities.”
District Court preliminarily approves TCPA class action settlement
On November 8, the U.S. District Court for the Eastern District of New York granted preliminary approval for a $38.5 million settlement in a class action against a national gas service company and other gas companies (collectively, defendants) for allegedly violating the TCPA by soliciting calls to cellular telephones. The plaintiff’s memorandum of law requested preliminary approval of the class action settlement. The proposed settlement sought to establish a settlement class of all U.S. residents who “from March 9, 2011 until October 29, 2021, received a telephone call on a cellular telephone using a prerecorded message or artificial voice” regarding several topics including: (i) the payment or status of bills; (ii) an “important matter” regarding current or past bills and other related issues; and (iii) a disconnect notice concerning a current or past utility account. Under the terms of the preliminarily approved settlement, the defendants will provide monetary relief to claiming class members in an estimated amount between $50 and $150. The settlement would additionally require the companies to implement new training programs and procedures to prevent any future TCPA violations. The settlement permits counsel for the proposed class to seek up to 33 percent of the settlement fund to cover attorney fees and expenses.
District Court grants $5 million settlement for alleged data breach
On November 5, the U.S. District Court for the Northern District of California granted preliminary approval of a class action settlement resolving claims against a grocery store chain after a data breach allegedly compromised personal information in its software. According to the plaintiffs’ notice of motion and motion for preliminary approval of class action settlement, a software vendor notified its clients, including the grocery store, that its software had been breached. As a result of the breach, hackers accessed personally identifiable information (PII) of approximately 3.82 million of the grocery store’s pharmacy customers and employees. Under the preliminary settlement, claimants may choose to receive either (i) a cash payment, with an estimated value between $18 and $91 for non-California residents and between $36 and $182 for California residents; (ii) two years of credit monitoring and insurance services; or (iii) reimbursement of any documented losses of up to $5,000. The proposed settlement also contains “robust injunctive relief,” including requirements that the grocery store chain (i) confirm that class members’ sensitive PII is secured; (ii) monitor the dark web for five years for fraudulent activity related to class members' PII; and (iii) enhance its third-party vendor risk management program. The district court also noted that any class member can appear at the fairness hearing to object to any aspect of the settlement, and that class members have 75 days after being notified of the deal to file their written objections or opt out of the settlement. The proposed settlement would not resolve any claims against the software vendor. Additionally, the court issued an order denying a motion to intervene by a group of objectors finding that they failed to “identify a protectable interest that will be impaired if they are unable to intervene.”
Agencies adopt standardized approach for counterparty credit risk Call Report
On November 9, the FDIC, Federal Reserve Board, and the OCC announced the publication of final regulatory reporting changes in the Federal Register applicable to three versions of the Call Report (FFIEC 031, FFIEC 041, and FFIEC 051). In July, the agencies proposed to revise and extend the Call Report for three years, and requested public comments on proposed changes to clarify instructions for reporting of deferred tax assets (DTAs) and to add a new item related to the standardized approach for counterparty credit risk (SA–CCR). (See FIL-53-2021.) Following the comment period, the agencies are proceeding with the proposed SA-CCR-related reporting change to the Call Report, which will take effect with the December 31, 2021 report date, subject to approval by the Office of Management and Budget. However, proposed instruction revisions related to DTAs are not final as the agencies continue to consider comments received on the proposed rule on tax allocation agreements. (See FIL-29-2021.) Supervised financial institutions are encouraged to review the proposed regulatory change. Redline copies of the Call Report and related draft reporting instructions are available on the FFIEC’s webpage here.
Fed cites need to increase oversight of nonbank mortgage companies
On November 8, Federal Reserve Board Governor, Michelle W. Bowman, spoke at the “Women in Housing and Finance Public Policy Luncheon” regarding U.S. housing and the mortgage market. Bowman observed that home prices have increased in the past year and a half, stating that “[i]n September, about 90 percent of American cities had experienced rising home prices over the past three months, and the home price increases were substantial in most of these cities,” which “raise[s] the concern that housing is overvalued and that home prices may decline.” She discussed several factors leading to the demand for housing as including (i) low interest rates; (ii) accumulated savings; and (iii) increased income growth. Additionally, she pointed out that mortgage refinancing has surged due to the decrease in long-term interest rates, and that nonbank servicers utilized the proceeds from the “refinacings to fund the advances associated with forbearance.” However, Bowman added that higher home prices and rising rents contributed to inflationary pressures in the economy. Bowman stated that the “multifamily rental market is at historic levels of tightness, with over 95 percent occupancy in major markets,” and she anticipates that these housing supply issues are unlikely to reverse materially in the short term, suggesting that there will be higher levels of inflation caused by housing. With respect to forbearance, Bowman said, “1.2 million borrowers were still in forbearance, down from a peak of 4.7 million in June 2020” on mortgage payments. Bowman stated that, “[f]orbearance, foreclosure moratorium, and fiscal support have kept distressed borrowers in their homes.” Bowman warned that transitioning borrowers from mortgage forbearance to modification may be a “heavy lift” for some servicers. Bowman disclosed that the Fed will be monitoring what happens as borrowers reach the end of the forbearance on mortgage payments and estimates that 850,000 of those in forbearance will reach the end of their forbearance period in January 2022, and “the temporary limitations on foreclosures put in place by the Consumer Financial Protection Bureau will expire at the end of the year.” Bowman recommended that state and federal regulators collaborate to collect data, identify risks, and strengthen oversight of nonbank mortgage companies.
OCC urges bank boards to promote climate risk management
On November 8, acting Comptroller of the Currency Michael J. Hsu discussed climate change risk at the OCC headquarters, highlighting areas for large bank boards of directors to consider when promoting and accelerating improvements in climate risk management practices. According to Hsu, bank boards play a “pivotal role” in actions against climate change, which poses significant risks to the financial system. Hsu compared credit risk management and climate risk management, stating that “strong credit risk management capabilities can provide the assurance and confidence needed for a bank to make risky credit decisions prudently, strong climate risk management capabilities can enable the same prudent risk taking with regards to climate-related business opportunities.” Additionally, Hsu noted that, by the end of this year, the OCC will issue a high-level framework guidance for large banks regarding climate risk management. Hsu also outlined several areas for board members to consider, including evaluating an institution’s overall exposure to climate change, estimating the exposure to a carbon tax, and assessing an institution’s most acute vulnerabilities to climate change events. Hsu stated that “now is the time” to identify and understand vulnerabilities impacting continuity and disaster recovery planning.