Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 26, the Wisconsin governor signed SB 457, which, among other things, includes provisions granting temporary authority for certain mortgage loan originators (MLOs) to originate loans in the state while their license applications are pending. Specifically, SB 457 provides that in order to be eligible for temporary authority to operate, the individual must have been a registered MLO prior to becoming employed by a mortgage banker or mortgage broker, and must meet the following additional criteria: (i) no previous MLO application denials; (ii) no MLO license suspensions or revocations in any governmental jurisdiction; (iii) has not been “subject to, or served with, a cease and desist order in any governmental jurisdiction or by the director or the [CFPB]”; (iv) has not been convicted of a disqualifying crime; and (v) must be registered with the NMLS as a loan originator for a one-year period immediately preceding the date on which the applicant furnished the required information. For individuals who were licensed MLOs in another state, and are now employed by a mortgage banker or mortgage broker in Wisconsin, the individual is eligible for temporary authority to operate if the individual met criteria (i) through (iv) listed above and was licensed in another state during the 30 days prior to submitting the required application information in Wisconsin. Beginning November 28, SB 457 permits qualifying MLO applicants to engage in mortgage transactions while their applications are pending for licensure for up to 120 days, or upon the withdrawal, denial, or approval of the licensing application, whichever is sooner.
On November 22, the New York Senate’s Committee on Consumer Protection and Committee on Internet and Technology held a joint hearing titled, “Consumer Data and Privacy on Online Platforms,” which discussed the proposed New York Privacy Act, SB S5642 (the Act). The Act was introduced in May and seeks to regulate the storage, use, disclosure, and sale of consumer personal data by entities that conduct business in New York State or produce products or services that are intentionally targeted to residents of New York State. The Act contains different provisions than the California Consumer Privacy Act (CCPA), which is set to take effect on January 1, 2020 (visit here for InfoBytes coverage on the CCPA). Highlights of the Act include:
- Fiduciary Duty. Most notably, the Act requires that legal entities “shall act in the best interests of the consumer, without regard to the interests of the entity, controller or data broker, in a manner expected by a reasonable consumer under the circumstances.” Specifically, the Act states that personal data of consumers “shall not be used, processed or transferred to a third party, unless the consumer provides express and documented consent.” The Act imposes a duty of care on every legal entity, or affiliate of a legal entity, with respect to securing consumer personal data against privacy risk and requires prompt disclosure of any unauthorized access. Moreover, the Act requires that legal entities enter into a contract with third parties imposing the same duty of care for consumer personal data prior disclosing, selling, or sharing the data with that party.
- Consumer Rights. The Act requires covered entities to provide consumers notice of their rights under the Act and provide consumers with the opportunity to opt-in or opt-out of the “processing of their personal data” using a method where the consumer must clearly select and indicate their consent or denial. Upon request, and without undue delay, covered entities are required to correct inaccurate personal data or delete personal data.
- Transparency. The Act requires covered entities to make a “clear, meaningful privacy notice” that is “in a form that is reasonably accessible to consumers,” which should include: the categories of personal data to be collected; the purpose for which the data is used and disclosed to third parties; the rights of the consumer under the Act; the categories of data shared with third parties; and the names of third parties with whom the entity shares data. If the entity sells personal data or processes data for direct marketing purposes, it must disclose the processing, as well as the manner in which a consumer may object to the processing.
- Enforcement. The Act defines violations as an unfair or deceptive act in trade or commerce, as well as, an unfair method of competition. The Act allows for the attorney general to bring an action for violations and also prescribes a private right of action on any harmed individual. Covered entities are subject to injunction and liable for damages and civil penalties.
According to reports, state lawmakers at the November hearing indicated that federal requirements would be “the best scenario,” but in the absence of Congressional movement in the area, one state senator noted that the state legislators must “assure [their] constituents that [the state legislature is] doing everything possible to protect their privacy.” Witnesses expressed concern that the Act would be placing too many new requirements on businesses that differ from what other states have already enacted, and encouraged more consistent baseline standards for compliance instead of a patchwork approach. Some witnesses expressed specific concern with the opt-in requirement for the collection and use of consumer data, noting that waiting on consumers to opt-in, as opposed to just opting-out, makes compliance difficult to administer. Lastly, many witnesses were displeased about the broad private right of action in the Act, but consumer groups praised the provision, noting that the state attorney general does not have the resources to regulate and enforce against all the data collection and sharing in the state.
On November 25, the Governor of New York signed S2302, a measure which prohibits entities that are “licensed lenders” in New York, as well as consumer reporting agencies (CRAs), from including a consumer’s social network information in credit decisions. S2302 amends New York’s general business law and the banking law to prohibit licensed lenders and CRAs from considering “the credit worthiness, credit standing, or credit capacity of members of the consumer’s social network” or “the average credit worthiness, credit standing, or credit capacity of members of the consumer’s social network or any group score that is not the [consumer’s] own credit” information. Specifically, the amendment prohibits licensed lenders and CRAs from collecting, evaluating, reporting, or maintaining the information in a file. Additionally, the consumer’s internet viewing history also may not be factored into the licensed lender’s or agency’s “credit scoring formulas.”
On October 22, the New York governor directed NYDFS to investigate instances of alleged mortgage deed fraud and deceptive practices targeting homeowners in Brooklyn. In addition to the investigation, the governor also directed NYDFS to “dispatch the Department's Foreclosure Relief Unit to provide assistance to homeowners who believe they may have been a victim of deed fraud or unfair, deceptive, or abusive practices in regard to the sale or attempted purchase of their home.”
As previously covered by InfoBytes, the governor recently signed a package of bills intended to increase consumer homeowner protections. Specifically, A 5615 amended state law related to distressed home loans to extend consumer protections for homes in default and foreclosure by, among other things, (i) providing homeowners additional time to cancel a covered contract with a purchaser; (ii) preventing distressed property consultants from inducing the consumer to transfer the deed to the consultant or anyone else; and (iii) allowing consumers to void contracts, deeds, or other agreements material to the consumer’s property where an individual was convicted of or pled guilty to making false statements in connection with that agreement.
On October 10, the California governor signed AB 539, known as the “Fair Access to Credit Act,” which amends the California Financing Law (CFL) to limit the rate of interest on certain installment loans. Specifically, for installment loans with a principal amount between $2,500 and $10,000, lenders are prohibited from charging an annual simple interest rate exceeding 36 percent plus the federal funds rate, excluding an administrative fee (not to exceed $50). Moreover, for loans between $2,500 and $10,000, the bill establishes a minimum 12-month loan term. Among other things, the bill also (i) requires lenders to report each borrower’s payment performance of these installment loans to at least one national credit reporting agency; (ii) requires lenders to offer an approved credit education program or seminar approved by the Commissioner of Business Oversight before disbursing the proceeds to the borrower; and (iii) prohibits lenders from charging or receiving any penalty for prepayment for loans made pursuant to the CFL that are not secured by real property. The bill is effective January 1, 2020.
Additionally, on October 10, the California attorney general released the highly anticipated proposed regulations implementing the CCPA. See the Buckley Special Alert for details of the proposed regulations.
On October 7, California’s governor signed SB 187, which amends the state’s Rosenthal Fair Debt Collection Practices Act and provides that consumer debt under the act now includes mortgage debt. SB 187 also removes the exception for an attorney or counselor at law from the definition of debt collector, and makes other nonsubstantive changes. The amendments take effect January 1, 2020.
On October 10, the California attorney general released the highly anticipated proposed regulations implementing the California Consumer Privacy Act (CCPA). The CCPA—which was enacted in June 2018 (covered by a Buckley Special Alert), amended in September 2018, amended again in October 2019 (pending Governor Gavin Newsom’s signature), and is currently set to take effect on January 1, 2020 (Infobytes coverage on the amendments available here and here)—directed the California attorney general to issue regulations to further the law’s purpose. The proposed regulations address a variety of topics related to the law, including:
- The handling of consumer requests made under the CCPA, such as requests to know, requests to delete, and requests to opt-out;
- Service provider classification and obligations;
- The process for verifying consumer requests;
- Training and recordkeeping requirements; and
- Special requirements related to minors.
The California attorney general will hold four public hearings between December 2 and December 5 on the proposed regulations. Written comments are due by December 6.
Notably, the Notice of Proposed Rulemaking states that “the adoption of these regulations may have a significant, statewide adverse economic impact directly affecting business, including the ability of California businesses to compete with businesses in other states” and requests that the public consider, among other things, different compliance requirements depending on a business’s resources or potential exemptions from the regulatory requirements for businesses when submitting comments on the proposal.
Buckley will follow up with a more detailed summary of the proposed regulations soon.
On October 2, the California governor signed AB 857 to authorize the creation of “public banks” in the state to support local economies, community development, and address infrastructure and housing needs for localities. Under AB 857, public banks are defined as “a corporation, organized as either a nonprofit mutual benefit corporation or a nonprofit public benefit corporation for the purpose of engaging in the commercial banking business or industrial banking business, that is wholly owned by a local agency, as specified, local agencies, or a joint powers authority.”
Among other things, cities who submit applications to the California Department of Business Oversight (DBO) to obtain a certificate of authorization will be required to provide a viability study, as well comply with “[a]ll provisions of law applicable to nonprofit corporations” and obtain deposit insurance through the FDIC. AB 857 also requires “a local agency that is not a charter city to obtain voter approval of a motion to submit an application to the [DBO].” The number of new public bank licenses the DBO is authorized to approve is limited to two per calendar year, with no more than 10 public banks operating at any time. In addition, public banks may only offer products to retail customers through partnerships with existing financial institutions, and are barred from competing with local financial institutions. AB 857 expires seven years after regulations under this law are promulgated.
On October 2, the California governor signed SB 208, the “Consumer Call Protection Act of 2019,” which requires telecommunications service providers (TSPs) to implement specified technological protocols to verify and authenticate caller identification for calls carried over an internet protocol network. Specifically, the bill requires TSPs to implement “Secure Telephone Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols or alternative technology that provides comparable or superior capability by January 1, 2021. The bill also authorizes the California Public Utilities Commission and the Attorney General to enforce certain parts of 47 U.S.C. 227, making it unlawful for any person within the U.S. to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.
As previously covered by InfoBytes, in June 2019, the FCC adopted a Notice of Proposed Rulemaking (NPRM) requiring voice providers to implement the “SHAKEN/STIR” caller ID authentication framework. The FCC argued that once “SHAKEN/STIR” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.”
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at an American Bar Association webinar
- Kari K. Hall and Christopher M. Walczyszyn to speak on the "Understanding updates to Regulation CC to ensure effective check processing" at a National Association of Federal Credit Unions webinar
- Daniel P. Stipano to discuss "ACAMS Moneylaundering.com Year-End Compliance Review and 2020 Outlook" at an ACAMS webinar
- APPROVED Webcast: Periodic reporting made easier
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference