InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FSB reports on nonbank resilience efforts
On November 1, the Financial Stability Board (FSB) released a report providing an update on its efforts to enhance the resilience of nonbank financial intermediation. According to FSB’s report, Enhancing the Resilience of Non-Bank Financial Intermediation, the non-bank financial intermediation (NBFI) sector has become more diverse and grown significantly to nearly half of global financial assets, compared to 42 percent in 2008. The report, among other things, provided an overview of the NBFI ecosystem and a framework for analyzing the availability of liquidity and the effective intermediation under stressed market conditions. The report noted that FSB’s “main focus of work to date” is intended “to assess and address vulnerabilities in specific areas that may have contributed to the build-up of liquidity imbalances and their amplification,” which includes, among other things: (i) enhancing money market fund resilience through policy work; (ii) assessing liquidity risk and its management in open-ended funds; (iii) examining the structure and drivers of liquidity during stress in government and corporate bond markets; (iv) examining “the frameworks and dynamics of margin calls in centrally cleared and non-centrally cleared derivatives and securities markets, and the liquidity management preparedness of market participants to meet margin calls”; and (v) assessing the fragilities in USD cross-border funding and their vulnerabilities in emerging market economies interactions. Based on these findings, the report noted that FSB’s future work will pursue a systemic approach to NBFI, which involves expanding the understanding of systemic risks in NBFI and ensuring that the current policy toolkit is adequate and effective from a system-wide perspective.
District Court approves CCPA class action settlement
On October 27, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement resolving claims against an Illinois-based insurance provider and its subsidiary (collectively, defendants) for allegedly failing to adequately protect plaintiffs’ personal and private information when defendants were the targets of security breach incidents where an unauthorized user’s access to the defendants’ network and computer systems resulted in unauthorized access of personal, private information (PII). According to the memorandum of law in support of the plaintiffs’ motion for preliminary approval, the plaintiffs sued after learning that the defendants were targeted by hackers in December 2020, which affected over 5.8 million customers, and again in March 2021, which affected more than 324,000 customers. This conduct, the plaintiffs contended, violated the California Consumer Privacy Act, the California Consumers Legal Remedies Act, California’s Unfair Competition Law, and various state common laws. While the defendants denied allegations of wrongdoing and liability, and asserted defenses to the individual and class claims, the parties reached a proposed settlement, in which class members (defined as “all natural persons residing in the United States who were sent notice letters notifying them that their PII was compromised in the Data Incidents announced by Defendants on or about March 16, 2021 and on or about May 25, 2021”) will be provided automatic access to 18 months of credit monitoring and financial account protection. Additionally, every class member can make a claim for up to $10,000 in reimbursement for out-of-pocket losses. The preliminarily approved settlement also provides for class counsel fees and expenses not to exceed roughly $2.5 million and class representative service awards of $1,500.
10th Circuit affirms TCPA statutory damages as uninsurable
On November 2, the U.S. Court of Appeals for the 10th Circuit affirmed a district court’s decision that under Colorado law, an insurance company (plaintiff) had no duty to indemnify and defend its insured against TCPA claims seeking statutory damages and injunctive relief. According to the appellate opinion, the states of California, Illinois, North Carolina, and Ohio sued a satellite television company for telemarketing violations of the TCPA (TCPA lawsuit). The TCPA lawsuit sought statutory damages of up to $1,500 per alleged violation and injunctive relief. The satellite company submitted a claim to its insurer for defense and indemnity of the TCPA claims pursuant to existing policies. The plaintiff filed a complaint seeking a declaratory judgment that it need not defend or indemnify the satellite company in the TCPA lawsuit. The district court, relying on ACE American Insurance Co. v. DISH Network (covered by InfoBytes here), determined that, under ACE, the claim for statutory damages in the telemarketing complaint sought a penalty and therefore was “uninsurable as a matter of Colorado public policy,” and that the policies did not cover the complaint’s claim for injunctive relief because, as in ACE, they did not cover the costs of preventing future violations. Additionally, the district court determined that “the allegations did not potentially fall within the Policies’ definitions of ‘Bodily Injury’ or ‘Property Damage.’” The 10th Circuit affirmed the district court’s rulings, concluding that no coverage existed.
Texas adopts numerous mortgage-related provisions
Recently, the Texas Finance Commission promulgated amendments to regulations governing residential mortgage licensees. Specifically, rules applicable to (i) licensed Mortgage Loan Companies under the Residential Mortgage Loan Company Licensing and Registration Act, Tex. Fin. Code Ann. § 156.001 et seq., and (ii) licensed Mortgage Bankers and Mortgage Loan Originators (MLOs) under the Mortgage Banker Registration and Residential Mortgage Loan Originator Act and the Texas Fair Enforcement for Mortgage License Act, Tex. Fin. Code Ann. § 157.001 et seq., included several substantive updates.
The amendments to rules governing Mortgage Loan Company licensees include:
- 7 TAC 80.300, which provides in part that a “primary contact person” instead of the qualifying individual will receive any notice of examination.
- 7 TAC 80.101, .102, .105-.107, which sets forth new sponsorship requirements for MLOs, clarifies renewal procedures, and implements a 10-day notice requirement for any material changes made to a licensee’s Form MU1.
- 7 TAC 80.203, .204, .206, which sets forth new requirements for advertising, records storage, office locations, branch offices, and administrative offices, including requirements for licensees engaging in remote work.
- 7 TAC 80.2, which updates references to definitions.
The amendments to rules governing Mortgage Banker and Mortgage Loan Originator licensees include:
- 7 TAC 81.300, which provides in part that a “primary contact person” instead of the qualifying individual will receive any notice of examination.
- 7 TAC 81.101-.111, which sets forth new sponsorship requirements for MLOs, clarifies renewal procedures, implements a 10-day notice requirement for any material changes made to a licensee’s Form MU4, details new background check procedures for MLOs, and provides new criteria for reviewing an MLO applicant’s criminal history.
- 7 TAC 81.203, .204, .206, which sets forth new requirements for advertising, records storage, office locations, branch offices, and administrative offices, including requirements for licensees engaging in remote work.
- 7 TAC 81.2, which updates references to definitions.
These amendments are effective on November 4, 2021. It is recommended Mortgage Company, Mortgage Banker, and MLO licensees in Texas review the amendments to these new rules.
CSBS urges early NMLS licensing renewal
On October 28, the Conference of State Bank Supervisors (CSBS) issued a reminder to individuals and businesses operating in the mortgage, money transmission, debt collection and consumer financial services industry that they should begin renewing their licenses in the Nationwide Multistate Licensing System (NMLS) on November 1 to avoid licensing delays. According to CSBS, early renewal is critical due to an increase in the number of licensees eligible for renewal. Renewal periods in most states run from November 1 to December 31, and licensees are encouraged to review state-specific renewal requirements early. State regulators may employ operational efficiencies to streamline the renewal process, CSBS stated, adding that it also plans to implement an online request process on November 1 for licensees to resolve and check in on NMLS access issues, including password reset/unlocking, changes in email addresses, and confirming renewal status. The online request process is available on the NMLS Call Center Information webpage, available here. As a reminder federally-registered mortgage loan originators and institutions are also required to renew their registrations through NMLS by December 31.
OFAC sanctions IRGC-connected entities
On October 29, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13224, as amended, as well as E.O. 13382, against members of a network of companies and individuals that supported Iran’s Islamic Revolutionary Guard Corps (IRGC) and its expeditionary unit, the IRGC Qods Force (IRGC-QF). The IRGC-QF used and proliferated lethal Unmanned Aerial Vehicles (UAVs) for use by Iran-supported terrorist groups, and to Ethiopia, where a crisis threatens to destabilize the region. Additionally, deadly UAVs were utilized in attacks on international shipping and on the U.S. OFAC also announced sanctions against the commander of the IRGC Aerospace Force (IRGC ASF) UAV Command who allegedly directs the planning, equipment, and training for IRGC ASF UAV operations. As a result of the sanctions, all property and interests in property belonging to the sanctioned individual subject to U.S. jurisdiction are blocked. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
OFAC sanctions Lebanese individuals
On October 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13441 against two Lebanese businessmen and a member of Parliament. According to OFAC, the sanctioned individuals contributed to the breakdown of good governance and the rule of law in Lebanon by profiting from the pervasive corruption and cronyism in Lebanon. As a result of the sanctions, all transactions by U.S. persons or in the U.S. that involve any property or interests in property of designated or otherwise blocked persons are generally prohibited. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
NYDFS issues proposed amendments to debt collection rules for third-parties
On October 29, NYDFS issued draft proposed amendments to 23 NYCRR 1, which regulates third-party debt collectors and debt buyers. Among on things, the proposed amendments:
- Define “communication” as “the conveying of information regarding a debt directly or indirectly to any person through any medium.”
- Amend the definition of a “debt collector” to include “as any creditor that, in collecting its own debts, uses any name other than its own that would suggest or indicate that someone other than such creditor is collecting or attempting to collect such debts.”
- Require collectors to clearly and conspicuously send written notification within five days after an initial communication with a consumer letting the consumer know specific information about the debt, including (i) the name of the creditor to which the debt was originally owed or alleged to be owed; (ii) account information associated with the debt; (iii) merchant/affinity/facility brand association; (iv) the name of the creditor to which the debt is currently owed; (v) the date of alleged default; (vi) the date the last payment (including any partial payment) was made; (vii) the statute of limitations, if applicable; (viii) an itemized accounting of the debt, including the amount currently due; and (ix) notice that the consumer “has the right to dispute the validity of the debt, in part or in whole, including instructions for how to dispute the validity of the debt.”
- State that disclosures may not be sent exclusively through an electronic communication, and that a formal pleading in a civil action shall not be treated as an initial communication.
- Prohibit collectors from communicating by telephone or other means of oral communication when attempting to collect on debts for which the statute of limitations has expired.
- Require collectors to provide consumer written substantiation of a debt within 30 days of receiving a written request via mail (consumers who consent to receiving electronic communications must still receive substantiation via mail).
- Limit collectors to three contact attempts via telephone in a seven-day period. Only one conversation with a consumer is permitted unless a consumer requests to be contacted.
- Permit collectors to communicate with consumers through electronic channels only if the consumer has voluntarily provided consent directly to the debt collector.
Comments on the proposal are due November 8.
New York expands CRA requirements to non-depository mortgage lenders
On November 1, the New York governor signed S5246A, which expands the New York Community Reinvestment Act (New York CRA) to cover non-depository lenders. Under the act, nonbank mortgage providers’ lending and investment in low- and moderate-income communities will be subject to NYDFS review. The anti-redlining law—which previously only measured banks’ activities in low- to moderate-income communities—is intended to “ensure everyone has fair and equal access to lending options in their pursuit of purchasing a home, especially in communities of color which continue to be impacted by the effects of the pandemic and have historically faced many more hurdles when seeking a mortgage,” Governor Kathy Hochul stated. The act follows a report issued by NYDFS in February, which examined redlining in the Buffalo metropolitan area and concluded that there is a “distinct lack of lending by mortgage lenders, particularly non-depository lenders” to majority-minority populations and to minority homebuyers in general. (Covered by InfoBytes here.) At the time, the report made numerous recommendations, including a recommendation to amend the New York CRA to cover nonbank mortgage lenders and a request that the OCC and the CFPB investigate federally regulated institutions serving the Buffalo area for violations of fair lending laws. The act takes effect in a year.
District Court denies defendant’s motion to dismiss Illinois BIPA class action
On October 28, the U.S. District Court for the Northern District of Illinois denied a Delaware-based technology management service defendant’s motion to dismiss a putative class action that alleged it stored and collected biometric data from employees of companies that utilized the defendant’s timekeeping services. The court also granted the plaintiff’s motion to remand two of her three claims to state court because the plaintiff had not alleged an injury in fact sufficient to establish Article III standing in federal court for those claims.
The plaintiff alleged that the defendant violated the Illinois’ Biometric Information Privacy Act (BIPA) by selling time and attendance solutions to Illinois employers, including biometric-enabled hardware such as fingerprint and facial recognition scanners that collected and stored employee biometrics data. The plaintiff alleged that the defendant violated Section 15(a) of BIPA by failing to publish a retention schedule for the biometric data, violated Section 15(b) of BIPA by obtaining the plaintiff’s biometric data without first providing written disclosures and obtaining written consent, and violated section 15(c) of BIPA, by participating in the dissemination of her biometric data among servers. According to the district court, the plaintiff lacked standing regarding the Section 15(a) claim because the harm resulting from the defendant’s failure to publish a retention policy was not sufficiently particularized and the plaintiff had not otherwise alleged a concrete injury resulting from the violation. The district court concluded that the plaintiff’s Section 15(c) claim also lacked standing because, though she alleged that the defendant profits off its biometric data collection practices by marketing its biometric time clocks that utilize the software as “superior options” and “gains a competitive advantage”, the “complaint doesn't allege an injury in fact stemming from [the defendant’s] profiting off of [the plaintiff’s] biometric data.”
With regard to the Section 15(b) claim, the district court rejected the defendant’s argument that the requirement to inform clients regarding its biometric data collection and receiving written consent did not apply, noting that the defendant is right that it “doesn’t penalize mere possession of biometric information.” However, that does not help the defendant “because the complaint alleges that defendant did more than possess [the plaintiff’s] biometric information: it says that [the defendant] collected and obtained it.” Additionally, the district court rejected the defendant’s argument that it is not liable as a third-party vendor who lacks the power to obtain the required written releases from its clients’ employees. The district court stated that “while it’s probably true that [the defendant] wasn’t in a position to impose a condition of employment on its clients’ employees, the statutory definition of a written waiver doesn’t excuse vendors like [the defendant] from securing their own waivers before obtaining a person’s data.”