Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 23, the Governor of Tennessee signed HB 1944, which amends lending provisions of the Tennessee Code Annotated to change the application of interest rates to the amount financed instead of the total amount of the loan with regard to certain loans made by Tennessee industrial loan and thrift companies. The following interest rate requirements under present Tennessee law now apply to the amount financed: (i) under $100, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 18 percent per annum; (ii) between $100 and $5,000, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 30 percent per annum; (iii) greater than $5,000, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 24 percent per annum; and (iv) for open-end credit plans, a maximum effective rate of 24 percent per annum applies to the principal or on the unpaid balance due after maturity. HB 1944 is effective immediately and applies to loans made on or after March 23.
On March 23, the Governor of Tennessee signed HB 1486, which prohibits credit reporting agencies from charging a fee to a consumer for the placement or removal of a security freeze if the need to place or remove the security freeze was caused by the credit reporting agency. Tennessee already prohibited charging a fee for a security freeze if the consumer is a victim of identity theft and presents a copy of a police report (or other official documentation) to the credit reporting agency at the time of the request. Under Section 47-18-2108 of the Tennessee Code Annotated, the state still allows charging a fee of up to seven dollars and fifty cents for all other placements of a security freeze and up to five dollars to permanently remove a security freeze. HB 1486 is effective immediately.
On March 20, the Governor of Idaho signed SB 1265, which amends existing law to prohibit credit reporting agencies from charging a fee to a consumer for the first placement of a security freeze and for the first temporary lift of a security freeze during a twelve-month period. The law allows for a fee of up to six dollars for the second placement or temporary lift within a twelve-month period. SB 1265 still allows for a fee of up to $10.00 for the reissuance of a personal identification number or password. The legislation is effective July 1.
On March 19, the Idaho governor signed HB 521, which updates a section of the Idaho Code pertaining to the “Idaho Motor Vehicle Service Contract Act” (the Act) to, among other things, “provide for state of Idaho regulation of motor vehicle service contracts.” HB 521 also modifies certain provisions surrounding motor vehicle service contracts by (i) clarifying the definition of a service contract; (ii) providing for service contract reimbursement policy requirements; (iii) setting forth rules associated with the sale of service contracts; (iv) specifying recordkeeping requirements; (v) providing for licensing; (vi) stipulating violation penalties; and (vii) noting that the legislation does not preclude a cause of action under the Idaho Consumer Protection Act. Furthermore, HB 521 notes that the “Idaho Insurance Guaranty Association Act shall not apply to any motor vehicle service contract, mechanical breakdown insurance or motor vehicle service contract liability insurance policy.” The Act is effective July 1.
On March 19, the Florida governor signed SB 386, which amends Florida’s consumer finance law to remove the requirement that installment payments must be made monthly, and updates the allowable charges for delinquencies. Specifically, SB 386 now allows equal, periodic installment loan payments to be made every two weeks, semimonthly, or monthly. This provision does not apply to lines of credit. Additionally, SB 386 provides that a delinquency charge for a payment in default may not exceed $15 for payments due monthly; $7.50 for payments due semimonthly; and $7.50 or $5.00 for payments due every two weeks, depending on the number of payments due within a calendar month. The law is effective July 1.
On March 19, the Florida governor signed legislation, SB 920, which authorizes the lending of an additional type of payday loan (referred to as, “deferred presentment installment transaction”). The legislation now allows loans under $1,000 that have a repayment term between 60 and 90 days with maximum fees of 8 percent of the outstanding transaction balance charged on a biweekly basis. Fees must be calculated using a simple interest calculation. Previously, Florida only authorized small-dollar loans under $500 that had repayment terms between seven and 30 days (referred to as, “deferred presentment transaction[s]”).
The expansion of the allowable small-dollar loans, appears to be in response to the CFPB’s final rule addressing payday loans, vehicle titles loans, and certain other extensions of credit (previously covered in a Buckley Sandler Special Alert), which covers most transactions with repayment terms of less than 45 days. While the CFPB’s rule became effective on January 16, compliance for most of the rule’s provisions is not required until August 2019. Moreover, in January, the CFPB announced its plan to reconsider the final rule (covered by InfoBytes here).
On March 21, the South Dakota governor signed SB 62, which requires companies that hold consumers’ personal information to (i) notify consumers within 60 days of a data breach; and (ii) notify the state Attorney General if more than 250 consumers are affected. Notice must be provided to consumers either by mail; electronic notice; or, in certain circumstances, substitute notice (e.g., a posting on the company’s website or notification to statewide media). The law gives the state Attorney General the authority to prosecute a failure to disclose a data breach as a deceptive act or practice under South Dakota’s consumer protection laws, which can result in penalties of up to $10,000 a day per violation. A disclosure is not required if notice is given to the state Attorney General and following an “appropriate investigation,” the company determines that the breach “will not likely result in harm to the affected person.” The law is effective July 1.
A similar measure was signed by the Oregon governor on March 16. Effective on or about June 10, Oregon’s SB 1551 mandates that a person or entity that “owns, licenses, or otherwise possesses personal information” that suffered a security breach must notify the affected consumers within 45 days and, if more than 250 consumers were affected, must also notify the state Attorney General. The person or entity must also undertake reasonable measures to “determine scope of breach of security and to restore reasonable integrity, security and confidentiality of personal information.” Additionally, the law sets out guidelines regarding credit monitoring services and security freezes:
- Credit Monitoring Services. Among other things, SB 1551 provides that if a person or entity offers free credit monitoring services to affected consumers, the entity may not require a credit or debit card number as a condition for the service. If additional identity theft services are offered for a fee, the person or entity must “separately, distinctly, clearly and conspicuously” disclose the charging of the fee.
- Security Freezes. SB 1551 prohibits a consumer reporting agency from charging a fee for placing, temporarily lifting, or removing a security freeze. Moreover, it prevents credit reporting agencies from charging fees for replacing a lost personal identification number or password. Recently, Michigan, Utah, Washington, and Virginia enacted similar prohibitions (previously covered by InfoBytes, here, here, and here).
On March 13, the Indiana governor signed HB 1397 and SB 377, which make a variety of changes to various Indiana banking, consumer, and financial services laws administered by the state’s Department of Financial Institutions (DFI). Among other things, HB 1397 amends Indiana’s Universal Commercial Credit Code (UCCC) to codify current DFI practice, which allows for additional charges in connection with a consumer credit sale or loan, including charges for a skip-a-payment service ($25 maximum), an expedited payment service ($10 maximum), and a guaranteed asset protection agreement. The legislation also adds electronic funds transfers to the list of return payments that may be assessed a $25 charge. For payday loans, the legislation clarifies that a borrower, during the third consecutive loan or any subsequent consecutive loan, may request an extended payment plan if the rescission period has expired and the borrower has not previously defaulted on the outstanding loan. Indiana’s SB 377 allows for the director of DFI to use certain technology solutions to oversee compliance with and enforce state laws associated with the regulation of payday loans.
Both pieces of legislation are effective July 1.
On March 15, the Mississippi governor signed House Bill 1338, which amends sections of the Mississippi Code by authorizing state chartered or domiciled banks that offer open-end credit to assess finance charges, credit service charges, and other fees and charges “at rates and amounts . . . that financial institutions domiciled in other states are permitted to impose and collect when extending credit to Mississippi customers. . . .” In doing so, the amendment strives to retain existing financial services within the state. The amendment takes effect July 1.
On March 19, the Michigan governor signed legislation, HB 5094, which amends the Michigan Security Freeze Act to prohibit consumer reporting agencies (CRAs) from charging a fee for “placing, temporarily lifting, or removing a security freeze” on a credit report. Previously, the state allowed for a fee of up to $10 to use the service, if the consumer had not previously filed a police report alleging identity theft. HB 5094 is effective immediately.
On March 15, the Utah governor signed legislation, HB 45, which amends the Utah Consumer Credit Protection Act to prohibit CRAs from charging a fee in connection with placing or removing a security freeze. Additionally, the bill also prohibits CRAs from charging a fee in connection with mobile applications through which a consumer would place or remove a security freeze. The legislation outlines the manner in which a consumer may request a security freeze and the requirements CRAs must follow in responding to the requests. Previously, Utah allowed for CRAs to charge a “reasonable fee” in connection with a security freeze service.
On March 13, the Washington governor signed Senate Bill 6018, which amends sections of the state’s Fair Credit Reporting Act addressing the removal of security freezes. Among other things, the amended act prohibits credit reporting agencies (CRAs) from charging a fee for placing, temporarily lifting, or removing a security freeze, or when assigning consumers unique personal identification numbers. Additionally, the offices of cybersecurity and privacy and data protection and the Attorney General’s office are instructed to work with stakeholders to evaluate the amendment’s impact on consumers and CRAs. A findings report must be submitted by December 1, 2020, and include data breach trends and recommendations by federal and state agencies. The amendment takes effect June 7.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference